Skip to content
  • Comparing the use of Taps and Span Ports

What is a Tap?

Test Access Ports or Taps are primarily used to optimize ITs ability to easily and passively monitor a network link. They are normally placed between any two network devices, including switches, routers, and firewalls to provide network and security personnel a connection for monitoring devices. Protocol analyzers, RMON probes and intrusion detection and prevention systems can now be easily connected to and removed from the network when needed. By using a Tap, you also eliminate the need to schedule downtime to run cabling directly to the monitoring device from network devices, thus saving time and eliminating possible cabling issues.

Ixia Net Optics Network Tap TechnologyAny monitoring device connected to a Tap receives the same traffic as if it were in-line, including all errors. This is achieved as the Tap duplicates all traffic on the link and forwards this to the monitoring port/s. Taps do not introduce delay, or alter the content or structure of the data. They also fail open so that traffic continues to flow between network devices in the event a monitoring device is removed or power to the device is lost.

Taps VS Span Ports

In contrast, the use of Span ports to monitor the network requires an engineer to configure the switch or switches. Switches also introduce mechanisms on ingress ports to eliminate corrupt packets or packets that are below a minimum size. The problem with this is that the monitoring device normally captures data within the egress segment.

In addition, switches may drop layer 1 and select layer 2 errors depending on what has been deemed as high priority. On the other hand, a Tap passes all data on a link, capturing everything needed to properly troubleshoot common physical layer problems, including bad frames that can be caused by a faulty NIC.

Real-time Accessibility

Taps are designed to pass through full duplex traffic at line rate non-blocking speeds. In contrast, the software architecture of low-end switches may introduce delay while packets are copied to the Span ports. As well, data being aggregated from 10/100 Mb ports to a gigabit port may also introduce signal delay.

Furthermore, accessing full-duplex traffic may also be constrained by using a Span port. For example, to capture the traffic from a 100 Mb link, a Span port would need 200 Mb of capacity. This simple oversight can cause problems, so a gigabit link is often required as a dedicated Span port.

It is also a common practice for network engineers to span VLANs across gigabit ports. In addition to the need for additional ports that may be available in one switch, it is often difficult to “combine” or match packets to a particular originating link. So while spanning a VLAN can be a great way to get an overall feel for network issues, pinpointing the source of actual problems may be difficult.

Some switches may have a problem processing normal network traffic depending on loads. Add the fact that the switch will also need to make decisions on what traffic to copy to a Span port and you may introduce performance issues for all traffic. Taps provide permanent and passive, zero delay alternatives.

Advantage Taps

Lastly, the use of Taps optimizes both network and personnel resources. Monitoring devices can be easily deployed when and where needed, and engineers do not need to re-cable a network link to monitor traffic or re-configure switches. The example in figure 1 illustrates a typical Tap deployment for one monitoring device. In contrast, a Tap that includes two monitoring ports eliminates the need for both the network and security teams to share the one Span port that may have been configured to capture traffic for monitoring devices. A regeneration Tap can simultaneously capture data from one link for four monitoring devices and aggregation Taps can simultaneously capture from multiple links to one monitoring device.

Thanks to Net Optics for the article.

Join our Newsletter

Categories

Related Posts

Bypass Switches: Ensuring Network Uptime and Security in High-Stakes Environments

Bypass Switches: Ensuring Network Uptime and Security in High-Stakes Environments

Modern Bypass Switches also offer granular control and flexible configurations, allowing administrators to choose whether the device should fail open…
Traceable Time as a Service - The Evolution of Precision Time

Traceable Time as a Service - The Evolution of Precision Time

Time is more than just a measure of seconds. It underpins the financial markets, telecommunications, cybersecurity, and every sector that…
Back in time packet capture and forensics with VIAVI Obeserver as a key component in a Zero Trust Network implementation

Back in time packet capture and forensics with VIAVI Obeserver as a key component in a Zero Trust Network implementation

Explore how packet capture and forensic analysis empower Zero Trust security implementations, ensuring network visibility and compliance.
TCXO, OCXO and Rubidium -- understanding oscillators and the role they play in precision time keeping

TCXO, OCXO and Rubidium -- understanding oscillators and the role they play in precision time keeping

Explore the differences between TCXO, OCXO, and Rubidium oscillators in precision timekeeping for telecommunications and industrial applications.
Mission-Critical Timing: The Transition from Spectracom to Safran

Mission-Critical Timing: The Transition from Spectracom to Safran

When it comes to critical operations whether in defense, public safety, telecommunications, or infrastructure, accurate, reliable time synchronization is non-negotiable.…