Datacom Systems network taps matrix switches link aggregation and network access solutions
Home | Site Map | Product List | Contact Us

Access Your Network with network taps, matrix switches, and link aggregation tools


FAQs



Network Taps


Q. What is a Passive Tap?

A. A Passive tap is a network tap that will cause absolutely no change in the state of the link if the tap loses power. In the event of power loss, network traffic will flow uninterrupted as long as the network itself has power. In some cases, passive taps are also non-powered taps like fiber taps and T1 taps.

Q. What is an Active Tap?

A. An Active tap uses a Relay Based Fail-over system for power fault tolerance. When an Active tap loses power the relays will fall into a closed position, reestablishing the link that was previously passing through a powered tapping circuit. This relay movement 600 micro second interruption of the connection . The delay will cause re-negotiation of the link to occur and spanning tree to recalculate.To overcome this, the autonegotiation should be hard set to the desired speed and spanning tree for those ports set to Port Fast or Fast Learn. When set up in this manner, if one of our active taps lose power, it will typically cause only minimal impact on your network.

Q. If I deploy my monitoring device using a network tap, will my monitoring device be visible on the network?

A. That depends on the model of tap that you use. If you are using one of our passive taps, such as the SS-100 the answer is no. Only our network taps that have the TCP reset function built-in will have their device visible on the network.

Q. Are the power supplies on the taps hot swappable?

A. All of our network taps are designed with redundant, load balancing power supplies. Due to this design our taps will operate normally with only one power supply attached allowing for the failing power supply to be replaced or "Hot Swapped".

Q. If the tap is not set to autonegotiate in the firmware, is there still a delay on power off and back on?

A. Our Active Taps use a relay-based fail over system. If the tap loses power or regains power the relay snaps into a position that will allow data to travel through the tap. The relay takes approximately 600 microseconds to either open or close. This is true regardless of how the port speed is set. The benefit of setting the tap to not autonegotiate is that your end point devices will establish link with each other more quickly once the relay is in place. It is also possible that Spanning Tree will recalculate upon the reconnection of the link. This delay can be minimized by setting "Portfast" or "Fastlearn" on the end point devices.

View our Network Tap products



Link Aggregation Taps


Q. What is a Link Aggregation Tap?

A. A Link Aggregation Tap is a network tap that can receive both sides of a full duplex data transmission, combine those two independent streams of data and send the "aggregated" copy of the entire transmission to a connected monitoring device. Datacom Systems brand name for its link aggregation taps is the SINGLEstream™.

Q: Why not just use a regular full duplex tap?

A: Traditional full duplex taps provide a dual output – one for each side of the conversation. This requires use of “dual receive” devices, which have two separate monitor cards and combine the data streams after receiving it. Protocol analyzers, probes, and intrusion detection systems (IDS) of this variety are more expensive and are less common in today’s networks. Because the SINGLEstream™ tap combines the bi-directional traffic from a full duplex conversation into a single data stream, it allows existing devices with half duplex single receive monitor cards to be used in-line on full duplex links.

Q: Why do link aggregation taps have more than one output (monitor port)?

A: In many network environments it is desirable (if not necessary) to have an IDS device monitoring a full duplex link on a 24x7 basis. The additional monitor ports allow a protocol analyzer or other network management tools to access the same link on a permanent or as needed basis. The identical dual outputs make this possible and eliminate contention for access to the data. Extra monitor ports also allow redundant devices to be connected to the same link as a failsafe measure to prevent the loss of data in case one of the connected devices has problems or needs to be updated. Extra monitor ports are also available on our regeneration taps. However, traditional regeneration taps do not aggregate full duplex traffic.

Q: What if my network or existing monitoring tools are not the same media type?

A: No problem. The SINGLEstream™ Link Aggregation Tap comes in a variety of media combinations (SX, LX, and BT) to allow you to connect monitoring tools and networks of varying media type. You can use the network devices you already have or purchase less expensive copper tools to monitor fiber networks. You can also monitor longer distances of LX fiber with SX or BT tools. Datacom Systems also offers Media Converters and Media Conversion Taps to solve just about any connectivity problem you might have. For expert advice, contact a Sales Engineer or Support Staff

Q: Can I use an Ethernet switch with a SPAN or mirror port to accomplish the same thing?

A: In theory this is possible but there are a number of shortcomings to using such an approach. Network switches are designed to perform a variety of functions on the network. SPAN and mirror port activities take the lowest priority – sending copies of busy link traffic out a SPAN port can easily oversubscribe the port, resulting in lost packets. Additionally, network switches are managed devices requiring maintenance and an IP presence on the network. The SINGLEstream™ Link Aggregation Tap is "plug and play." This tap requires no configuration and because it is transparent to the network and fault-tolerant, it is more reliable and more secure.

Q: Is this a fault tolerant device?

A: While all versions of the SINGLEstream™ Link Aggregation Tap are fault-tolerant. The SS-100 and SS-101 models feature “Never Breaks the Link” technology, which means connectivity on the network link will never be interrupted, even if power is lost to the tap. Because power is required for the monitoring device to receive data from the tap ports, all models of the SINGLEstream™ Link Aggregation Tap come standard with a dual redundant power supply to ensure maximum uptime for network analysis and monitoring tools. Some models feature the ability to send active response packets (e.g. TCP resets). These models have bi-directional ports and are an active part of the link. Therefore, if power is lost to the tap, there is a 600 ms delay.

Q: Where would I use a link aggregation tap in my network?

A: Although ideal for Ethernet links where the total utilization is under 50%, the SINGLEstream™ Link Aggregation Tap may be used on any full duplex Ethernet link. The most likely locations on the network to deploy a link aggregation tap will be those in which probes or IDS devices need 24x7 visibility. These include the links between switches and critical servers, full duplex connections between routers and firewalls, and links between firewalls and a demilitarized zone (DMZ).

Q: Can I connect the output of a link aggregation tap to a matrix switch?

A: Yes – the output of a link aggregation tap may be connected to a matrix switch in exactly the manner as a SPAN port or shared media hub is connected.

Q: How does a link aggregation tap handle Layer 1 and Layer 2 traffic, and how does it affect security and network analysis?

A: The SINGLEstream™ Link Aggregation Tap is completely non-intrusive and lets all data pass through the network untouched. However, it only sends data from Layers 3-7 to the devices connected on the tap ports. Security devices are usually unconcerned with Layer 1 and Layer 2 traffic or unable to process it. As such, most all security devices discard Layer 1 and Layer 2 data anyway. Even protocol analyzers and network probes primarily concentrate on Layers 3-7 and might also be unable to process Layer 1 and Layer 2 data unless equipped with special software and hardware. In the areas of the network where the SINGLEstream™ Link Aggregation Tap will most likely be used, Layer 1 and Layer 2 traffic are even less of a concern. Any customer who is used to traditional network monitoring or analysis using SPAN ports is already used to working exclusively with Layers 3-7. However, unlike SPAN Ports, the SINGLEstream™ Link Aggregation Tap is able to forward VLAN tagging information.

View our Link Aggregation Tap products

 

Dual Link Aggregation Taps


Q: Where would I use a SINGLEstream™ Dual Link Aggregation Tap in my network?

A: The SINGLEstream™ Dual Link Aggregation Tap is designed to connect to two full duplex Ethernet segments where total utilization of full duplex traffic on both segments does not exceed 100%. Because the SINGLEstream™ Dual Link Aggregation Tap connects your network monitoring devices to two network segments at the same time, it is ideally deployed where customers need to monitor two segments that are “channeled” together, such as EtherChannel. It is also effective when used in scenarios where two identical network segments are set up for redundancy - if one segment fails or needs to be shut down, the other one takes over, continuing uninterrupted monitoring of the network. Finally, asymmetric routing paths (used by routers) and load balancing (used by servers) are implemented to maximize bandwidth and performance. The SINGLEstream™ Dual Link Aggregation Tap can aggregate all the data from asymmetrically routed and load-balanced traffic on two network segments and allow monitoring tools with single receive interfaces to view all the data copied from both links.

 

Multi-Link Aggregators


Q: What is a VERSAstream™ Multi-Link Aggregator?

A: A multi-link aggregator is a network device that can combine data from multiple Ethernet network segments into one stream of data. The VERSAstream is Datacom Systems line of multi-link aggregators. With a multi-link aggregator, a single connected network device, such as an intrusion detection system, protocol analyzer, or network probe can receive the aggregated data with just one network interface card (NIC). Deploying a multi-link aggregator allows network and security personnel to monitor several network links simultaneously with as little as one monitoring tool. In many environments there are multiple areas of interest at the access layer or network edge that have either lower utilization or use lower speed data sources. The VERSAstream™ allows these data sources to be aggregated together and monitored by a single high speed or high capacity tool instead of multiple lower speed legacy tools. This reduces the overall number of tools needed and dramatically reduces the rack space required, while also lowering ongoing support and maintenance costs for monitoring tool software and hardware.

Q: Why not just use a network switch to aggregate your data?

A: A managed network switch that is capable of spanning VLANs can possibly be used to aggregate traffic. If all that is required from the switch is to aggregate traffic, this might possibly be a useful, albeit more costly solution. Only until recently, switches were not capable of reassembling asymmetrically routed packet streams, so an environment with asymmetric routing, load balancing, redundant or failover requirements would not have been an ideal candidate for a switch to be used for aggregation. You must pay special attention to your switch model to determine if that switch can provide aggregation. Even if a switch can be used to aggregate traffic, if it is also used to switch other network traffic, it will most likely lose packets due to oversubscription of the SPAN ports. Finally, a switch requires complicated setup and management to function as an aggregator. The VERSAstream™ Multi-Link Aggregator is a "plug-and-play" solution that requires little or no setup or administration. Access to the switch's IOS or knowledge of the IOS is not necessary. It outperforms aggregation switches, and it allows for multiple copies of the aggregated data to be viewed, making it a much more effective, reliable, useful, and less costly solution to aggregate your network traffic.

Q: Why does the VERSAstream™ Multi-Link Aggregator have more than one monitor port?

A: In many network environments it is desirable (if not necessary) to have an IDS device monitoring a full duplex link on a 24x7 basis. The additional monitor ports allow a protocol analyzer or other network management tools to access the same link on a permanent or as needed basis. The identical dual outputs make this possible and eliminate contention for access to the data. Extra monitor ports also allow redundant devices to be connected to the same link as a failsafe measure to prevent the loss of data in case one of the connected devices has problems or needs to be updated. The VERSAstream™ line of products also provides several regeneration solutions with the ability to regenerate the aggregated data of up to eight (8) SPAN ports for output to several different network devices. We refer to these devices as SPAN Port Regenerators.

Q: Where would I use a multi-link aggregator in my network?

A: Our multi-link aggregator can be deployed in a 10/100/1000 or Gigabit environment. In enterprise networks, 10/100/1000 environments are typically the network edge (between internal routers and switches). Gigabit environments are typically distribution and core (between external switches, routers, firewalls). The VERSAstream™ Multi-Link Aggregator is available in a wide variety of media combinations and can accept inputs from 10, 100, and 1000 Mbps devices, so it can be inserted into virtually any copper or fiber Ethernet environment, depending on the model. The VERSAstream™ will allow multiple devices to monitor the same links, so anywhere contention is an issue will benefit from this product, typically security environments or mixed environments using network analyzers and intrusion detection systems. The application drawing detailing “multi-point network analysis” is an excellent depiction of how a multi-link aggregator can be implemented in a network.

Q: What link speeds does the VERSAstream™ Multi-Link Aggregator support?

A: The VERSAstream™ multi-link aggregator will accept any combination of 10,100, and 1000 Mbps input into the network ports on models with copper inputs and Gigabit on models with fiber inputs. The outputs, or monitor ports, are 1000 Mbps in most cases. This allows an attached Gigabit device to receive aggregated data from 10, 100, and 1000 Mbps network segments.

Q: What if my network or existing monitoring tools are not the same media type?

A: No problem. The VERSAstream™ Multi-Link Aggregator comes in a variety of media combinations (SX, LX, and BT) to allow you to connect monitoring tools and networks of varying media type. You can use the network devices you already have or purchase less expensive copper tools to monitor fiber networks. You can also monitor longer distances of LX fiber with SX or BT tools. Datacom Systems also offers Media Converters and Media Conversion Taps to solve just about any connectivity problem you might have. For expert advice, contact a Sales Engineer or Support Staff

Q: How can I keep from losing packets due to exceeding 100% utilization?

A: The VERSAstream™ Multi-Link Aggregator can accept and aggregate up to 1000Mbps of data. In a 10/100 environment, only 10 or 100 Mbps is coming into each port, so the VERSAstream™ will never exceed 100% utilization (e.g. 8 ports x 100Mbps = 800Mbps). In a Gigabit Ethernet or 10/100/1000 environment, it is possible to exceed 100% utilization if more than 1000Mbps of input is received at one time. To prevent exceeding 100% utilization, the sum of all the ports should never exceed 1000 Mbps, which can be achieved by connecting fewer devices to the VERSAstream™, pre-filtering the data, or by reducing the traffic load of the attached network segments. The VERSAstream™ also includes a 1 MB shared buffer memory to account for very brief spikes of utilization over one Gigabit.

Q: What tools will work with the VERSAstream™ Multi-Link Aggregator?

A: Depending on the media type any Gigabit tool can be connected to the VERSAstream™ Multi-Link Aggregator. For example, a total of four tools, two copper Gigabit and two fiber Gigabit, can be connected to the VS-1046. The VERSAstream™ Multi-Link Aggregator is platform independent and will leverage analyzers, IDS, IPS, probes, etc. from any hardware vendor.

Q: Is the VERSAstream™ Multi-Link Aggregator a SPAN or In-Line device?

A: The VERSAstream™ Multi-Link Aggregator acts as a SPAN device. It aggregates network traffic from layers 2-7. Like most any IDS device or analyzer, it can be used in SPAN environments (by connecting it to the SPAN ports of a network switch) or In-Line environments (by connecting it to a network tap or link aggregation tap). However, unlike SPAN ports, the VERSAstream™ does forward VLAN tagging information.

Q: How can VERSAstream™ Multi-Link Aggregator allow network management and security personnel to view data from a packet as it travels across the network?

A: Through appropriate placement of a VERSAstream™ Multi-Link Aggregator (by connecting it to network taps and SPAN ports throughout the network), traffic from various points in the network can be aggregated into a single stream of data, so that a network analyzer or intrusion detection system can see what happens to data as it travels through the network. The implementation and setup to make this work; however, must all be done through the use of filters and other settings in the analyzer or IDS software. The VERSAstream™ multi-link aggregator simply sends the data to the connected device.

 

Matrix Switches


Q. Can I daisy-chain matrix switches?

A. Yes. The maximum number of matrix switches in a daisy chain is four, with a maximum of 64 definable segments (four matrix switches with sixteen segments each). The maximum number of matrix switches that can be daisy-chained together is based on recommendations of network analyzer vendors.

Q. How does a Datacom Systems matrix switch impact the network if there is a power outage?

A. Maintaining your network integrity is one of the primary design tenants of every Datacom Systems matrix switch, and extensive field testing and experience has confirmed no adverse effects to networks after a power loss. When power is restored, the switch will return to the last position selected prior to the interruption.

Q. Do Datacom Systems matrix switches function as active devices on the network?

A. No. Our matrix switches are designed to remain transparent to network activity. They do not have IP addresses. Matrix switches with the built-in Switch Control Server or Ethernet control ports can be assigned an IP address if desired for IP network access to the device, but they may also be used with the traditional serial control method where the COM port of a protocol analyzer or PC provides control connectivity to the switch.

Q. I have an RS/V WAN Switch. How does it connect to different physical interfaces?

A. Datacom Systems original WAN Matrix Switch has DB15 female network ports, so the DB15 male connectors are always used on the "tail" of the "Y" cable. The "link" connections on the remaining leg of the "Y" cable are environment specific. Note: this matrix switch is no longer being sold; however, it is still being supported. Most WAN environments are currently T1/E1 or DS3/E3 or in the process of upgrading. Contact an Account Executive or Sales Engineer for more information about T1/E1 and DS3/E3 matrix switches. Note: as of 12/31/2006, T1/E1 and DS3/E3 switches are sill being supported but are no being sold.

Q. How can I control my Datacom Systems matrix switch?

A. Each matrix switch ships with our custom switch control software called MANAgents included in the box. If the software is configured correctly it will allow you to control your matrix switch from any Windows based machine that has the console loaded. You can download the software and instructions for installing and configuring MANAgents here. In addition to this most network analyzer manufacturers have built the control for our switches directly into their API. You can download the most current API Update here.

Q. How do I control a Datacom Systems matrix switch if my analyzer or monitoring tool is not Windows-based or lacks a COM port?

A. Datacom Systems has designed a device called the Switch Control Server for this exact scenario. The Switch Control Server is a "mini PC" housed in a rack mountable chassis (Approx. 4”x6”) that consists of an IP addressable 10/100 RJ45 transport connection and 2 COM (Serial) ports. The Switch Control Server is platform independent and can be accessed directly from the network. The Switch Control Server is shipped pre-installed with RemoteAgent™ client-side utility of the MANAgents™ client-server switch control software package.

View our Matrix Switch products and Switch Control Server

 

Cables



Q. Are Datacom Systems cables available in custom lengths?

A. Yes. All of our Control and Common Cables are available in custom lengths on request for a nominal charge. Contact a Sales Engineer or Account Executive for recommendations regarding connectivity and maximum cable length.

Q. What is the maximum length my control cable can be?

A. The distance of the control cable is limited by the distance the network analyzer or monitoring device can be from the matrix switch. There are two connections between the switch and the analyzer - the Control cable, which connects to the COM port for Serial Control purposes, and the Common cable, which provides a data connection to the monitor card for the topology being analyzed. The total cabling distance is determined by calculating the total length of all cables (the primary cables, daisy chain cables and any additional cables between the matrix switch Network ports and the data access points such as SPAN ports). When all relevant cable lengths are added together the sum must be equal to or less than the maximum allowable distance for the topology in use (e.g. the Common cables, Daisy cables and cables from matrix switch to SPAN port must not exceed 100 meters when 10/100 Ethernet on copper is deployed).

Q. What cables are needed to attach a Datacom Systems matrix switch to a network analyzer?

A. Typically, in the case where a matrix switch is designed for use with one network analyzer, one Control Cable and one Common Cable are needed. In the case where a matrix switch is designed for use with two or more network analyzers, enhanced "Y" style Control Cables are needed for every two control ports, and a Common Cable needed is needed for every common port. You will receive all the cables you need to attach your matrix switch to your network devices. If you have an existing matrix switch and need cables, contact an Account Representative or Sales Engineer for help.

Q. What cables are needed to attach a Datacom Systems matrix switch to the network?

A. Connections to the female ports on a Datacom Systems matrix switch are made with the patch cables appropriate for the specific network environment (e.g., Ethernet 10/100BaseT, Ethernet 1000BaseT Cat 5e, multimode fiber, single-mode fiber, etc.)



General Information



Q: What is a TCP reset and why is it used?

A: A bi-directional port can send out or pass TCP resets into live network links. A TCP reset allows an active network intrusion detection system to terminate an undesired network session. TCP resets are commonly used if and when denial of service attacks take place or any unwanted traffic ties up the link. Our network taps and link aggregation taps come in a variety of models that offer TCP reset functionality. Also, some network analyzers feature an "Active Discovery" mode that allows the analyzer to poll devices on the tapped segment and automatically build a network map or Visio of the local subnet. This feature will function only with taps that have "TCP reset" enabled.

Q: Why isn't there a truly passive tap offered that allows traffic injection or "TCP Reset" to function?

A: In order to introduce traffic injection into the network, there must be an actual bidirectional physical connection between the tap's monitor ports and the link itself. For this reason neither passive copper taps or fiber taps can be used with TCP Resets.

Q: What is auto-negotiation and speed auto-sensing and how is it used?

A: With speed auto-sensing and auto-negotiation, a tap port can automatically detect the speed of the link (10/100/1000), whether it is half or full duplex, and negotiate link with the connected device. Some environments use it as a matter of convenience. Some do not. Although convenient, it can cause troubleshooting and throughput problems if not implemented correctly. Additionally, not all applications or devices handle auto-negotiation correctly. Depending upon the model, most of our network taps and link aggregation taps can be hard set to transmit at 100 or 1000 Mbps Full Duplex or it can auto-detect and auto-negotiate.

Q. What is PERMAlink™?

A. PERMAlink™ is a patented design that separates the electronics of our products from the passive tapping portions of the chassis. This allows the electronics to be changed out in the event of a failure or upgrade without interrupting the links.