Top Five Myths about Copper Ethernet TAPs
Copper Ethernet TAPs have become a standard tool for network visibility in today’s networking world. Are there some myths or misconceptions about what these useful devices can or cannot do? Absolutely yes! Let’s review a few myths and dispel them…
Myth #1: TAPs aren’t necessary because SPAN ports do the same thing.
The Truth:
SPAN ports are easily oversubscribed, can negatively impact the performance of a heavily congested network switch, and don’t forward Layer 1 and 2 errors such as CRCs, runts, and fragments. Click this link for a detailed discussion: Is There a Benefit to Using Network TAPS Instead of SPAN Ports?
Myth #2: TAPs are an intrusive device that can cause issues with network links.
The Truth:
Fiber TAPs are passive physical layer devices and have zero performance impact on the network. Fiber TAPs use non-powered optical splitting technology to borrow a percentage of the light on the link. Apart from the insertion loss (signal strength reduction) there is no effect on the network (Note: fiber TAPs that aggregate and replicate data copies use power for that process but the tapping itself is always done in the non-powered optical realm.)
Copper TAPs for 10/100/1000 Ethernet are power fault tolerant and have a passive bypass feature.
There are passive copper 10/100 Ethernet TAPs utilizing magnetic induction to borrow signal copies; they do not affect the state of the link if the TAP loses power. Datacom even offers a dual use model that supports passive tapping for 10/100 links and power fault tolerant tapping for copper Gigabit links.
Note: : Datacom Systems TAPs are equipped with redundant load sharing power supplies that each have an MTBF rating of 60,000+ hours.
Myth #3: Large memory buffers are essential to avoiding packet loss in an aggregation TAP.
The Truth: When aggregation TAPs first became popular there was a “buffer war” in which competing manufacturers offered larger and larger buffer options – up to as much as 64 MB in a single TAP. Datacom always relied on the amount of buffer that was native to the chip used inside the TAP. With our products it was 2 MB shared between both sides of the Ethernet pair. Its purpose is to accommodate microburst – which it does effectively. None of these other manufacturers still offer the large buffer option nor do they still mention the amount of TAP buffer in their products. Why? Because it was always the wrong way to approach the issue. Separate off-chip buffers accept data when the chip hits excess utilization, then the packets in the buffer are released after utilization drops back below 100%. This results in out of order packets being delivered to the tool. The correct solution has always been to configure the TAP for non-aggregated output when using it in links that routinely spike over 50% utilization (eliminates the risk of oversubscription in the TAP) and send the data to tools with dual receive NICs or to packet brokers with a robust backplane.
Myth #4: It’s too expensive to tap every link in my network – there are thousands of links.
The truth: SPAN ports, despite their shortcomings, are still an ideal way to look at low utilization areas of the network. Ideally, TAPs are placed in critical ingress/egress links at the edge of the network – such as firewall to router or switch to router links. They are also useful for crucial links to mission critical servers and trunk links at the network core. In most environments, tools such as Netflow and IPFIX can also be used to glean useful big picture information that can’t be collected as effectively with a smaller number of TAPs.
Myth #5: It’s too costly to buy the required tools if every tap requires a monitoring tool.
The truth: There’s an easy solution! Use a multi-link TAP (for 10/100/1000 links) – one that allows as many as 8 separate links to be tapped, but supports multiple 10G capable SFP+ monitor ports. The data from multiple links can be aggregated and handed off to a high capacity high throughput 10G tool. Working with fiber links instead of copper? Still not a problem. Use a modular fiber tap system (taps up to 24 fiber links in a 1RU chassis) and hand off the TAP monitor ports to a high density network packet broker for distribution to the tools. The VERSAstream VS-M8S2Q supports up to 16 ports at 10G – with the user selecting how many ports are inputs from TAP{s and how many are aggregated outputs to tools.
