To Span or Tap

To SPAN or TAP?

By definition, all monitoring solutions, whether they be packet sniffing, latency monitoring or IDS need guaranteed delivery of packets, with their timing intact, and usually bi-directionally.

Spanning.

Spanning has often been referred to as “Passive”, however, this is far from the truth.

Spanning allows N ports to be mirrored to a single port. It has only one advantage as it requires no extra equipment within the network, however, it does have several disadvantages.

  1. Each switch only generates traffic to a unidirectional port. Merging source ports to a single SPAN port could cause traffic to exceed data rate of the output port.
  2. The store & forward functionality of the switch means that timing data is lost.
  3. Switch manufacturers put most of their efforts into guaranteeing that traffic is passed between ports reliably, if there is a conflict between passing traffic and mirroring traffic, then mirroring will lose out – this can be in either the form of lost packets, or delayed forwarding, further degrading the timing.
  4. It is feasible, although unlikely, that in a resource conflict situation, the switch could degrade regular network traffic.
  5. SPANning is not easily manageable, and, therefore, not easily scalable.

 

TAPS.

Optical Taps.

There are two types of Optical Tap, Active and Passive.

Active Taps.

Active Taps regenerate the signal, so that full optical power is retained for both that pass through data and the monitored ports. This is important only in specialized environments, such as long haul links, or where the signal needs to be further manipulated, such as with switching taps or aggregation taps.

Passive Taps.

Passive Optical TAPs provide a simple and powerful way to monitor optical networks. Passive Optical TAPs require no power and have no electrical components (Figure 2), making it impossible for them to be a point of failure when deployed in a production network. Passive Optical TAPs are highly reliable and require no maintenance.

Light, the signal carrier for optical networks, has different properties from electricity, the signal carrier for copper networks. Light travels in only one direction. This property allows Passive Optical TAPs to monitor by “splitting” t he input signal’s light energy. Splitting the light in the TAP provides a monitoring point without the possibility of corrupting the original signal because light split in the TAP port has no effect on the input signal.

Passive Optical TAPs provide access to data flowing across a network, without creating either a location to corrupt data or a prospective point of failure. Management and scalability are easy and cost effective.

Key Considerations for deploying Passive Optical Taps.

Two key points illustrate what happens to the signal when it passes through TAPs on an optical network link.

  1. TAPs divert a small portion of the light in the fiber from the network receiving device to the monitoring equipment, which results in a slight dB loss in the optical signal strength on the network side. It is important to ensure that sufficient optical power is available for proper network operation with the TAP inserted on the link and that sufficient optical power is available on the tapped port to represent the accurate copy of the link traffic and for proper operation of the monitoring equipment.
  2. Some degradation of the quality of the optical signal is inevitable in monitoring, which results in a small increase in jitter of the signal, along with a decrease in the “eye” margin. TAPs must minimize jitter and decrease in the “eye” margin. This is vital, particularly at high link speeds such as 10Gb/s.

Copper Taps.

 

Copper taps are by definition active, so could constitute a single point of failure, but are built to be highly reliable.

They and do not have the disadvantages of SPAN ports.

  1. There is no Store and Forward, but packets are forwarded bitwise, so latency and timing is not affected
  2. There is no CPU intervention, packets are split on a one to one ratio to the network and monitoring port, so no packet drop is possible.
  3. Each port works on a bidirectional link, so cabling is easy.
  4. Management and scalability are easy and cost effective.