For many networking teams, the great network visibility debate revolves around taps vs. SPAN ports. However, as network monitoring demands continue to increase, the drawbacks of SPAN ports, also known as mirror ports, are becoming clearer. Compared to network taps, SPAN ports have significant disadvantages. They may be oversubscribed, a situation where the amount of traffic throughput will exceed the SPAN port data rate, resulting in packet loss.
Another disadvantage is that SPAN ports are a shared resource between multiple departments in Network management and Security. Their different configuration needs may result in each department receiving only partial coverage of the network as the SPAN port is repurposed for different department demands. Also pervasive reliance on SPAN ports and port mirrors may result in major traffic duplication at the input of the network performance monitoring and troubleshooting tool. This will degrade the tools performance, and may result in erroneous results.
When you have to monitor multiple links for security, network monitoring, and performance analysis, the most cost-effective solution is to deploy passive optical taps.
Now, the conversation is less about choosing between taps and SPANs and more about which specific network taps are right for your monitoring needs.
Passive optical taps essentially act as splitters (couplers) that create perfect copies of a signal between two networking components, sending data packets both to the intended recipient and to one or more monitoring/security tools.
These types of taps are highly reliable as they don’t require a power source and introduce no disruption to traffic flows. Because passive taps ‘split’ light source, we need to place the splitter (coupler) on the transmit input of the fiber cable (Tx). As a result, monitored traffic is split into separate ports, and each Tx side needs to connect to its dedicated port on the tool/appliance side.
Because passive optical taps are actually splitting (coupler) the light signal/power, they come in different variants that specify the split ratio between the signal continuing to the network and the signal going to the tool.
So what split ratio should you choose? This very much depends on the distance to the network ports and to the appliance ports, and the Tx power and Rx sensitivity. In one word - Light Loss Budget
Light Loss Budget: These calculations help determine whether fiber optic links will work in the proposed cable design. Also, following installation, differences in calculated loss and test results will identify points of failure in the cable plant. Implementing passive network taps will impact light budgets, which means you have to assess vendor standards to place optical taps at appropriate access points in data links.
This is just a high-level overview of the considerations for deploying passive fiber optic taps.
Investing in a modular passive optical tap can give you the flexibility to deploy different types of passive optical taps to ensure complete copies of your network traffic reach security and monitoring tools with zero risk of packet loss.
Niagara Networks offers a wide range of passive optical taps to meet any network visibility demand.
At Niagara we support the following passive optical tap modules:
The passive optical tap is your reliable tap point of network data traffic, however, in-it-of-itself, a passive optical tap can only be directly connected to one tool. In order to maximize the efficiency of your passive optical tap investment, the best practice is to connect the passive optical tap output to a network packet broker. The network packet broker can then replicate, aggregate (and more), the traffic from the passive optical tap to multiple network tools.
In recent years, passive optical taps have become an increasingly popular means of establishing a pervasive network visibility layer alongside network packet brokers and bypass switches. But the real key to success is coming up with the perfect deployment plan.
If you want to learn more about deploying passive optical taps and the Niagara Networks portfolio of solutions, contact us today for an overview.