Expert Opinion

Article

Are you ‘tapping’ into your network to see what is actually going on?

Digital transformation is driving greater access services, productivity growth and enhanced public services. As governments roll out more citizen services, the challenge is to stay ahead of rapid changes, and narrow the gap between technology and policy. At the same time, rising transmission rates and the increasing adoption of cloud computing is adding pressure to protect against potential security breaches and optimise network uptime. 

Ensuring robust cybersecurity and maintaining uptime for mission-critical services such as health, social security, police and defence, all list as government agencies’ top network concerns. Disrupted services or data breaches could be catastrophic, particularly with the highly sensitive data entrusted to government bodies, including citizens’ health records and personal data. As a result, government agencies and data centre teams need to continually monitor for potential security threats such as denial-of-service attacks, and to identify bottlenecks or other potential performance issues quickly. System lag and switch overutilisation could crash critical applications in the data centre and storage area network (SAN). 

Connect to future-ready cybersecurity

Maintaining network uptime is especially critical with the increasing adoption of cloud computing. Security professionals list cloud infrastructure among the most challenging to defend against attacks. Cloud adoption introduces new vulnerabilities as applications are hosted outside the internal data centre, affecting the capacity of network administrators to track network performance. 

Network monitoring implemented optimally should offer error detection and access to performance and utilisation data, and ensure the accuracy of changes to produce only desired results. This means that a baseline of application performance can be set before migrating or consolidating data centre components, monitoring performance throughout the move, thereby optimising the new system for maximum utilisation, availability and performance. 

Currently some of the world’s leading financial institutions, large commercial SANs, and innovative consumer companies utilise the benefits of this preventive approach to realise a return on investments in months rather than years.

 Connect to full network visibility

There are two technologies currently used in network monitoring systems: SPAN (switched port analyser), also known as port mirroring, and tap (traffic access point).

1)    A SPAN port copies traffic from any traffic port to a single unused port. SPAN ports also prohibit bidirectional traffic on that port to protect against backflow of traffic into the network. The SPAN port then directs packets from its switch or router to the test device for analysis.

2)    A tap is a passive component that allows non-intrusive access to data flowing across the network and enables monitoring of network links. A tap uses passive optical splitting to transmit inline traffic to an attached monitoring device without data stream interference. 

In order to determine which technology is right for different networks, let’s compare these two solutions.   

Spanning has been referred to as a passive technology, but a SPAN port is not truly passive because it has a measurable effect on network traffic. Spanning changes the timing of the frame interaction and will drop frames if the speed of the SPAN port becomes overloaded. The spanning algorithm used by the device is not its primary focus; switching or routing is the primary focus, therefore spanning will be suspended if replicating a frame becomes an issue. The switch will always treat the SPAN data with a lower priority than normal traffic. 

Additionally, SPAN ports drop all packets that are corrupt or below the minimum size, and they do this without notifying the user. The switch may also drop Layer 1 and some Layer 2 errors based on priority level. This means that the network monitoring device may not receive all the data required to conduct an accurate analysis of system performance. A SPAN port cannot fully replicate any duplex link.

Switched port analyzer - SPAN - is also known as port mirroring. A SPAN port copies traffic from any port to a single unused port, and prohibits bidirectional traffic to protect against traffic backflow into the network. The SPAN port directs packets from its switch or router to the test device for analysis.
Switched port analyzer - SPAN - is also known as port mirroring. A SPAN port copies traffic from any port to a single unused port, and prohibits bidirectional traffic to protect against traffic backflow into the network. The SPAN port directs packets from its switch or router to the test device for analysis.

As bandwidth requirements increase, a different technology is required to see all network traffic including errors, regardless of packet size, in real time. A tap enables you to do exactly that. Taps are truly passive and provide visibility into every packet of data without adding any additional load onto the network. Taps use optical splitters to transform the “one-in-one-out” patch panel connection to a “one-in-two-out” connection. Because the device is simply splitting the signal instead of replicating it, a portion of the signal can be taken offline, or out of band, to do analysis of the I/O traffic without affecting live applications. 

It is important to note that a SPAN port must be configured by a network engineer, taking them away from more critical tasks. Additionally, if the SPAN port is not disabled during a network refresh, it is possible for that port to be cabled to serve as a network port, creating a “bridging loop,” which will result in network performance issues. Because a tap is truly passive, it does not need to be configured nor require any of the valuable processing capabilities of your switches or programming time of your network engineers. 

Connect to integrated performance management

When comparing prospective network monitoring technologies, cost is also something to consider. Besides the additional expense of using a network engineer to configure a SPAN port, the cost of monitoring a SPAN port increases with higher data rates. A 10G switch port is more expensive than a 1G switch port, whereas a tap port at 1G costs the same as a tap port at 10G or even 40G. For these reasons, optical tapping is becoming a more popular solution for higher data rates. 

Spanning can be successfully used as an access technology for low-bandwidth, application-layer events like conversation analysis, application flows, and VoIP reports, but it is not a good solution for traffic security compliance monitoring or lawful intercept due to the lack of absolute fidelity. When running a high-data-rate system and seeking optimum infrastructure performance while conducting traffic security compliance monitoring or lawful intercept, it is a must to monitor at the physical level, conduct analysis at the protocol level, and collect all traffic in real time. Taps can do all that.

A non-integrated tap module is  deployed as a standalone device outside the structured cabling networks.  Traditionally with non-integrated taps, when an administrator needs to change  monitored ports, the link must be disabled temporarily.

While tapping is a better solution for many of today’s networks, not all taps are created equal. A tap can be either integrated or non-integrated into your structured cabling and can use either fused biconical taper (FBT) splitters or thin-film splitters. Taps also can be presented with different connector types, some more useful than others. 

Integrated taps perform the same function as a normal structured cabling network, but also send a portion of the light to the monitoring electronics. Conversely, non-integrated taps are deployed as standalone devices outside the structured cabling network. With traditional non-integrated taps, whenever there is a need to change monitored ports, the link has to be temporarily disabled to make new connections between monitored ports and passive tap devices. An integrated tap module allows moves, adds, and changes (MACs) to monitored ports without disrupting the live network, and can annually save up to eight hours in downtime.

An integrated tap module allows administrators to perform moves, adds, and changes to monitored ports without disrupting the live network. This can save as much as eight hours in downtime annually.

Additionally, while non-integrated taps expose both network and monitoring ports, integrated taps only expose the network ports. With integrated taps, the monitoring ports are connected on the backplane of the system, simplifying the cabling infrastructure. This also enhances operational efficiency and, without accessible monitoring ports, provides for a more secure environment. 

By incorporating the functions of a tap within a standard module, an integrated tap module can save valuable rack space that can be used instead for revenue-generating equipment. With an integrated tap module, it is possible to cable and tap up to 72 ports per rack unit (1RU) – maintaining the same density as a non-tapped link. A non-integrated tap solution requires rack space for the cabling itself, and also needs extra rack units to tap the 72 cabled ports. 

Connect to flexible network monitoring infrastructure  

Performance is a key consideration in data centre networks. Integrating taps into the structured cabling eliminates two connections from the live link, as compared to a non-integrated solution. This, along with the use of high-performance thin-film multimode splitter technology, provides reduced link attenuation, which translates into extended Ethernet and Fibre Channel distances. 

Loss is not the only thing that can affect Ethernet and Fibre Channel distances. Some tap modules in the market today still use FBT splitters, which can cause increased bit error rates (BER) based on where they are placed in the system due to the transmission penalties they introduce. Thin-film splitters do not introduce any BER penalties, so it is possible to install them anywhere in the system without BER effects.

In a non-integrated tap module, ports for both network connections and monitoring connections are exposed. In integrated taps, only the network ports are exposed; the monitoring ports are connected on the system backplane.

Finally, integrated tap modules enable tapping into all links on day one, with the option to only monitor the required links. As network monitoring requirements grow or change, simply add the required cabling between the installed tap modules and the network monitoring equipment. Because there is no need to change any cabling infrastructure, there will be no disruption of the network. Additionally, since integrated tap modules occupy the same space as traditional MTP/LC modules, adding monitoring to an existing network is as simple as swapping out a traditional module for a tap module. 

Taps are presented in multiple connector types, but having a tap port presented as an MTP connector in the rear of the module provides maximum flexibility when designing a structured cabling network. The MTP connector footprint allows separation of live production network ports and tap ports into different cabinet locations if desired. Using this capability to centralise the active monitoring equipment, rather than installing across multiple cabinet locations throughout the data centre, provides cost savings by optimising the use of active monitoring equipment and reducing the risk of patching errors.

Corning’s EDGE solution uses a 12-fiber MTP connector for connectivity, with trunks, modules, and harnesses available in 12-fiber-count increments. The EDGE8 solution uses an 8-fiber MTP for connectivity with trunks, modules, and harnesses available in 8-fiber-count increments.

Examples of a fully integrated, fully passive optical tap solution that uses high-performance thin-film splitters are the EDGE™ and EDGE8™ data centre solutions. Both solutions include a full suite of structured cabling components to support a tapped network. EDGE offers a 12-fiber MTP connector, with trunks, modules and harnesses in 12-fiber-count increments. EDGE8, the Base-8 solution, uses 8-fiber MTP connectivity with trunks, modules and harnesses offered in 8-fiber-count increments. EDGE8 also enables optimised transition to higher data rates, since future transceivers are projected to use either 2-fiber duplex or 8-fiber parallel optics. 

Connect to full network visibility and control

Corning’s award-winning EDGE™ and EDGE8™ data centre solutions offer network administrators a built-in path to monitoring that reduces downtime, link loss, rack space, and costs. The port tap module is “zero-U” and enables passive optical tapping that is fully integrated into the structured cabling footprint of data centres and SAN – unique advantages for network administrators and structured cabling teams concerned about how to integrate performance management into network design. A passive optical tap module offers network administrators full visibility of network performance across the physical, virtual and cloud layers. 

To ensure the nation’s well-being, it is essential that network infrastructure delivers secure and reliable service at all times. When providing mission-critical military communications or enabling security and surveillance systems, failure isn’t an option. Integrate enhanced cybersecurity and performance management into network designs, today.

Visit site to retreive White Paper:
Download
FB Twitter LinkedIn YouTube