Are you ‘tapping’ into your network to see what is actually going on?

Are you ‘tapping’ into your network to see what is actually going on?

Digital transformation is
driving greater access services, productivity growth and enhanced public
services. As governments roll out more citizen services, the challenge is to
stay ahead of rapid changes, and narrow the gap between technology and policy.
At the same time, rising transmission rates and the increasing adoption of
cloud computing is adding pressure to protect against potential security breaches
and optimise network uptime. 

Ensuring robust cybersecurity and maintaining uptime for
mission-critical services such as health, social security, police and defence, all
list as government agencies’ top network concerns. Disrupted services or data breaches
could be catastrophic, particularly with the highly sensitive data entrusted to
government bodies, including citizens’ health records and personal data. As a
result, government agencies and data centre teams need to continually monitor for
potential security threats such as denial-of-service
attacks, and to identify bottlenecks or other potential performance issues
quickly. System lag and switch overutilisation could crash critical
applications in the data centre and storage area network (SAN). 

to future-ready cybersecurity

Maintaining network uptime is especially
critical with the increasing adoption of cloud computing. Security
professionals list cloud infrastructure among the most
to defend against attacks. Cloud adoption
introduces new vulnerabilities as applications are hosted outside the internal
data centre, affecting the capacity of network administrators to track network performance. 

Network monitoring implemented optimally should offer error
detection and access to performance and utilisation data, and ensure the
accuracy of changes to produce only desired results. This means that a baseline
of application performance can be set before migrating or consolidating data centre
components, monitoring performance throughout the move, thereby optimising the
new system for maximum utilisation, availability and performance. 

Currently some of the world’s leading financial institutions,
large commercial SANs, and innovative consumer companies utilise the benefits
of this preventive approach to realise a return on investments in months rather
than years.

 Connect to full network visibility

There are two technologies currently used in network monitoring systems:
SPAN (switched port analyser), also known as port mirroring, and tap (traffic
access point).

A SPAN port copies traffic from any traffic port to a single
unused port. SPAN ports also prohibit bidirectional traffic on that port to
protect against backflow of traffic into the network. The SPAN port then
directs packets from its switch or router to the test device for analysis.

A tap is a passive component that allows non-intrusive access to
data flowing across the network and enables monitoring of network links. A tap
uses passive optical splitting to transmit inline traffic to an attached
monitoring device without data stream interference. 

In order to determine which technology is right for different networks,
let’s compare these two solutions.   

Spanning has been referred to as a passive technology, but a SPAN
port is not truly passive because it has a measurable effect on network
traffic. Spanning changes the timing of the frame interaction and will drop
frames if the speed of the SPAN port becomes overloaded. The spanning algorithm
used by the device is not its primary focus; switching or routing is the
primary focus, therefore spanning will be suspended if replicating a frame
becomes an issue. The switch will always treat the SPAN data with a lower
priority than normal traffic. 

Additionally, SPAN ports drop all packets that are corrupt or
below the minimum size, and they do this without notifying the user. The switch
may also drop Layer 1 and some Layer 2 errors based on priority level. This
means that the network monitoring device may not receive all the data required
to conduct an accurate analysis of system performance. A SPAN port cannot fully
replicate any duplex link.

Switched port analyzer – SPAN – is also known as
port mirroring. A SPAN port copies traffic from any port to a single unused
port, and prohibits bidirectional traffic to protect against traffic backflow
into the network. The SPAN port directs packets from its switch or router to
the test device for analysis.
Switched port analyzer – SPAN – is also known as
port mirroring. A SPAN port copies traffic from any port to a single unused
port, and prohibits bidirectional traffic to protect against traffic backflow
into the network. The SPAN port directs packets from its switch or router to
the test device for analysis.

As bandwidth requirements increase, a different technology is
required to see all network traffic including errors, regardless of packet
size, in real time. A tap enables you to do exactly that. Taps are truly
passive and provide visibility into every packet of data without adding any
additional load onto the network. Taps use optical splitters to transform the “one-in-one-out”
patch panel connection to a “one-in-two-out” connection. Because the device is
simply splitting the signal instead of replicating it, a portion of the signal can
be taken offline, or out of band, to do analysis of the I/O traffic without
affecting live applications. 

It is important to note that a SPAN port must be configured by a
network engineer, taking them away from more critical tasks. Additionally, if
the SPAN port is not disabled during a network refresh, it is possible for that
port to be cabled to serve as a network port, creating a “bridging loop,” which
will result in network performance issues. Because a tap is truly passive, it
does not need to be configured nor require any of the valuable processing
capabilities of your switches or programming time of your network engineers. 

to integrated performance management

When comparing prospective network monitoring technologies, cost
is also something to consider. Besides the additional expense of using a
network engineer to configure a SPAN port, the cost of monitoring a SPAN port
increases with higher data rates. A 10G switch port is more expensive than a 1G
switch port, whereas a tap port at 1G costs the same as a tap port at 10G or
even 40G. For these reasons, optical tapping is becoming a more popular
solution for higher data rates. 

Spanning can be successfully used as an access technology for
low-bandwidth, application-layer events like conversation analysis, application
flows, and VoIP reports, but it is not a good solution for traffic security
compliance monitoring or lawful intercept due to the lack of absolute fidelity.
When running a high-data-rate system and seeking optimum infrastructure
performance while conducting traffic security compliance monitoring or lawful
intercept, it is a must to monitor at the physical level, conduct analysis at
the protocol level, and collect all traffic in real time. Taps can do all that.

A non-integrated tap module is
 deployed as a standalone device outside the structured cabling networks.
 Traditionally with non-integrated taps, when an administrator needs to change
 monitored ports, the link must be disabled temporarily.

While tapping is a better solution for many of today’s networks,
not all taps are created equal. A tap can be either integrated or
non-integrated into your structured cabling and can use either fused biconical
taper (FBT) splitters or thin-film splitters. Taps also can be presented with
different connector types, some more useful than others. 

Integrated taps perform the same function as a normal structured
cabling network, but also send a portion of the light to the monitoring
electronics. Conversely, non-integrated taps are deployed as standalone devices
outside the structured cabling network. With traditional non-integrated taps,
whenever there is a need to change monitored ports, the link has to be
temporarily disabled to make new connections between monitored ports and
passive tap devices. An integrated tap module allows moves, adds, and changes (MACs)
to monitored ports without disrupting the live network, and can annually save up
to eight hours in downtime.

An integrated tap module allows
administrators to perform moves, adds, and changes to monitored ports without
disrupting the live network. This can save as much as eight hours in downtime

Additionally, while non-integrated taps expose both network and
monitoring ports, integrated taps only expose the network ports. With
integrated taps, the monitoring ports are connected on the backplane of the
system, simplifying the cabling infrastructure. This also enhances operational
efficiency and, without accessible monitoring ports, provides for a more secure

By incorporating the functions of a tap within a standard module,
an integrated tap module can save valuable rack space that can be used instead for
revenue-generating equipment. With an integrated tap module, it is possible to
cable and tap up to 72 ports per rack unit (1RU) – maintaining the same density
as a non-tapped link. A non-integrated tap solution requires rack space for the
cabling itself, and also needs extra rack units to tap the 72 cabled ports. 

Connect to flexible network monitoring infrastructure  

Performance is a key consideration in data centre networks.
Integrating taps into the structured cabling eliminates two connections from
the live link, as compared to a non-integrated solution. This, along with the
use of high-performance thin-film multimode splitter technology, provides
reduced link attenuation, which translates into extended Ethernet and Fibre
Channel distances. 

Loss is not the only thing that can affect Ethernet and Fibre
Channel distances. Some tap modules in the market today still use FBT
splitters, which can cause increased bit error rates (BER) based on where they
are placed in the system due to the transmission penalties they introduce.
Thin-film splitters do not introduce any BER penalties, so it is possible to
install them anywhere in the system without BER effects.

In a non-integrated tap module, ports for both
network connections and monitoring connections are exposed. In integrated taps,
only the network ports are exposed; the monitoring ports are connected on the
system backplane.

Finally, integrated tap modules enable tapping into all links on day
one, with the option to only monitor the required links. As network monitoring
requirements grow or change, simply add the required cabling between the
installed tap modules and the network monitoring equipment. Because there is no
need to change any cabling infrastructure, there will be no disruption of the
network. Additionally, since integrated tap modules occupy the same space as
traditional MTP/LC modules, adding monitoring to an existing network is as
simple as swapping out a traditional module for a tap module. 

Taps are presented in multiple connector types, but having a tap
port presented as an MTP connector in the rear of the module provides maximum
flexibility when designing a structured cabling network. The MTP connector
footprint allows separation of live production network ports and tap ports into
different cabinet locations if desired. Using this capability to centralise the
active monitoring equipment, rather than installing across multiple cabinet
locations throughout the data centre, provides cost savings by optimising the
use of active monitoring equipment and reducing the risk of patching errors.

Corning’s EDGE solution uses a 12-fiber MTP
connector for connectivity, with trunks, modules, and harnesses available in
12-fiber-count increments. The EDGE8 solution uses an 8-fiber MTP for
connectivity with trunks, modules, and harnesses available in 8-fiber-count

Examples of a fully integrated, fully passive optical tap solution
that uses high-performance thin-film splitters are the EDGE™ and EDGE8™ data centre solutions.
Both solutions include a full suite of structured cabling components to support
a tapped network. EDGE offers a 12-fiber MTP
connector, with trunks, modules and harnesses in 12-fiber-count increments. EDGE8,
the Base-8 solution,
uses 8-fiber MTP connectivity with trunks, modules and harnesses offered in
8-fiber-count increments. EDGE8 also enables optimised transition to higher data rates, since
future transceivers are projected to use either 2-fiber duplex or 8-fiber
parallel optics. 

Connect to full network visibility and control

award-winning EDGE™ and
EDGE8™ data centre solutions offer
network administrators a built-in path to monitoring that
reduces downtime, link loss, rack space, and costs
. The port tap
module is “zero-U” and enables passive optical tapping that is fully integrated
into the structured cabling footprint of data centres and SAN – unique advantages for
network administrators and structured cabling teams concerned about how to
integrate performance management into network design. A passive optical tap module offers network administrators
full visibility of network performance across the physical, virtual and cloud

ensure the nation’s well-being, it is essential that network infrastructure
delivers secure and reliable service at all times. When providing
mission-critical military communications or enabling security and surveillance
systems, failure isn’t an option. Integrate
enhanced cybersecurity and performance management into network designs, today.