Apart from removing network blind spots, providing a complete and consistent fail-safe source of all network traffic for security, performance, and analytics monitoring, reliably duplicating and forwarding all network traffic to Network Packet Brokers (NPBs) and tools, providing media conversion to extend the life span of network tools, and doing all of this without affecting the original network traffic 😊
The fundamental component of any successful visibility solution is the 100% reliable, accurate source of network traffic delivered by network TAPs for performance and security monitoring.
Network TAPs are connected in-line to fiber or copper network links, copy all network traffic, and forward the duplicated traffic to other network visibility products such as NPBs and/or security, performance, and analytics tools. TAPs are typically passive (with a few exceptions), fail-safe devices that duplicate all traffic crossing a network link without affecting the original traffic, even in case of a TAP failure or network link over-subscription.
In most cases, TAPs forward network traffic to an NPB, which filters and optimizes the traffic before sending it to the relevant tools for analysis and action. The success of this process depends on the accuracy and reliability of the network traffic source.
An alternative network traffic source sometimes deployed is SPAN (Switch Port Analyzer) or mirror ports. A SPAN is a software function of a network switch or router that duplicates traffic and sends it to a SPAN port for forwarding to an NPB or tool. SPAN ports are less reliable than TAPs and are typically used when deploying TAPs is impractical. Sometimes, SPAN ports are deployed alongside TAPs where TAPs cannot be installed, with their reduced reliability being a better alternative than no traffic source at all.
The reliability of SPAN network traffic is compromised because SPAN ports can drop packets, creating blind spots when oversubscribed or when the switch/router processor is heavily loaded. SPAN ports may also drop errored or malformed packets and alter the timing of forwarded traffic.
All of these factors mean that, in the best-case scenarios, SPAN traffic does not completely and accurately reflect the original network traffic. In the worst case, it can be missing vital information crucial for detecting security or security issues—something that does not happen with TAPs, which is why they are typically the preferred solution.
So, apart from removing network blind spots to allow reliable and effective security and performance monitoring, providing fail-safe access to all network traffic, requiring zero configuration, being completely secure, delivering an exact duplicate of network traffic, injecting no added latency or altered timing, including all traffic errors and good data packets, being unaffected by over-subscription, connecting to both fiber and copper links, and supporting speeds from 10Mbps to 400Gbps—what has a network TAP ever done for us!!!