Deciding which Network TAP to purchase for total network visibility
Network TAPs (Test Access Points) are the absolute best way to gain access to network traffic, whether that be for network visibility solutions, network monitoring infrastructure, or network security auditing. It is common at a certain point in an organization's growth for it to be recognized that mirror ports and SPAN (Switch Port ANalyzer) ports, due to their many limitations, are no longer sufficient to provide traffic to monitoring and or security tools. When it comes time to begin building a TAP infrastructure there are several details to consider. Some are simple and obvious, and others may be subtler and more nuanced. This article is intended to be a primer on the main points to consider when searching for Network TAPs for your environment. The information contained herein applies primarily to Cubro Network Visibility TAPs as these are the products I have the most first-hand knowledge of.
Media Type and Connector Type
The first consideration for which TAP is best suited to the environment is a fairly obvious one: Which media type do you intend to tap? Really, this is the difference between an electrical connection or a fiber-optic connection. On the electrical side, we generally are talking about UTP (or perhaps STP cabling; it makes no difference for our purposes), although the use of DAC (Direct Attach Cabling) is relatively common as well. Fiber-optic cabling can be broken down into Single-Mode and Multi-Mode fiber and Multi-Mode fiber presents two possible core diameters to choose from.
Each of these media types will, in turn, necessitate a connector type on the TAP as well; fiber, again, having the most options. First, let's address electrical connections and specifically UTP as it is the most common electrical media that a TAP will be used with. The category of UTP cabling doesn't really impact the decision of which TAP we will choose but would, of course, impact supported speeds and cable length. The speed of the link is a differentiating factor though. Although it is not terribly common to encounter 10/100 links anymore it is important to point out that it is possible to have a completely passive electrical TAP (that requires power only for the monitor ports) at this speed. If you have 10/100 links in your environment the questions are whether it is more important to have a passive TAP that will not support 1G speeds or whether the option of upgrading the links without needing to replace the TAPs takes precedence.
10/100/1000 links are quite straightforward; you only have one choice. It is not possible to build a completely passive TAP for gigabit Ethernet over UTP; until now the industry approach has been to use relays to provide a fail-safe solution. This approach has not been problem-free though and instances, where a link does not come back up or renegotiating a link after a failure takes an excessively long time, are not rare. When I said you only had one choice earlier that is only partially true; in response to the number of issues with relay-based TAPs Cubro has designed a new type of 10/100/1000 TAP to drastically reduce these issues; adding a new, more reliable option to the mix.
A positive aspect of optical TAPs is that they are, with few exceptions, completely passive and fail-safe. Short of physical damage, there is almost nothing that can cause a perfectly functioning optical TAP to bring down a live network link. A second positive aspect of optical TAPs is that they operate independently of link speed. Some vendors will test TAPs to certain speed standards and sort them into different SKUs, depending on their relative performance (Cubro does not take this approach; see "Quality" below), but nothing inherently limits an optical TAP to a certain speed apart from manufacturing tolerances.
As stated above, there are more options for fiber TAPs and more factors to account for when selecting the most appropriate one. The first, and most easily answered is whether the link is Single-Mode or Multi-Mode. With respect to Multi-Mode fiber it is important to know whether the fiber has a core diameter of 62.5µ or 50µ. Multi-Mode TAPs are available with core diameters in both sizes and you will want to pair the TAP to the core size of the fiber in the link to avoid the unpredictable light loss at the fiber couplers. 50µ is far more common these days than 62.5µ which was only used with OM1 fiber installs. OM1 fiber was the predominant fiber of the 80s and 90s however, so it can't be said to be uncommon itself. A blue or lime green cable jacket is a dead giveaway of 50µ fiber but a word of caution: both OM1 and OM2 use an orange jacket while the former is 62.5µ and the latter is 50µ; be sure to check the cable markings carefully.
The second question, also easily answered, is the connector type needed. LC and MTP/MPO are by far the most common fiber connections these days and are, accordingly, the options that most TAP vendors focus on. When selecting the connector type there are instances where you can achieve very high port density with minimal rack space by employing MTP/MPO TAPs, along with patch panels and breakout cables, to TAP several LC links. Consider the following: Cubro's Optoslim form factor for optical TAPs employs a 1/3RU chassis which allows three units to be mounted in a 1RU space. This allows us to fit an industry-leading number of ports into a 1RU space while maintaining both customizability and very durable construction. The Optoslim TAPs are available with LC connectors supporting up to 8 links offering a potential of 24 LC links in a 1RU space. By contrast, an Optoslim TAP with MTP/MPO connectors can support up to 4 links of MTP cabling; up to 12 in a 1RU space. An MTP link supports four independent full-duplex fiber connections. By employing patch panels to wire our LC patch cables into the MTP TAPs we can support an incredible 48 links in a 1RU space, doubling the efficiency of our rack space!
The third consideration is which split ratio to choose and to do this effectively requires understanding and knowing the light budget(s) of your optical links. This is unquestionably the most complex aspect of selecting an optical TAP, but it doesn't have to be daunting. The split ratio of a TAP denotes how much of the light of an optical link will be taken away from the live link and redirected to the monitor ports of the TAP. When we are talking about a 50/50 split ratio TAP, half of the light that exists on the link will be split off and sent to the monitor ports and, therefore, only half remains to be sent to the receiver on the live link. In an 80/20 split, only 20 per cent of the light is sent to the monitor ports and, you guessed it, 80 per cent remains en route to the receiver.
To determine how, exactly, this impacts the link we wish to tap we first must determine the light budget of the link. Each transceiver has a launch power (sending power) and a receive sensitivity. For a given pair of transceivers on a link, the difference between the launch power of the sender and the sensitivity of the receiver gives us the acceptable maximum power loss between the two transceivers that will still allow for a properly functioning link. The type of fiber used and the wavelength in use, in conjunction with the length of cable, the number of couplers, and the number of splices will all add up to some amount of power loss that we will need to deduct from the light budget between the two transceivers. Whatever figure remains is the allowable budget that we have for inserting a TAP into the link.
Corning has an excellent online light budget calculator that can be found here: http://www.corning.com/worldwide/en/products/communication-networks/resources/system-design-calculators/link-loss-budget-calculator.html
There are generally accepted values for TAPs and split ratios that provide a good starting place to determine which TAP is acceptable for a given budget. A 50/50 TAP is usually expected to have about 4.5dB of loss at the live link and at the monitor ports. When this value is deducted from our remaining light budget we can determine whether A) we do not exceed the maximum allowable loss that would prevent the live link from functioning and B) if we will have enough power at the monitor ports for some given length of cable and the transceiver receiving the monitor traffic. All Cubro TAPs are extensively tested before leaving the factory, included a detailed measurement of insertion loss for every port. These values are included on a print out with their respective TAP, so you will know the exact insertion loss of each port on the device.
That is hardly an exhaustive overview of calculating a light budget but conveys the general idea. Failure to appropriately take your light budget into consideration can make a perfectly constructed TAP appear to be faulty and lead to a frustrating and time-consuming troubleshooting process.
Converter TAPs are TAPs where the monitor ports are replaced with SFP or SFP+ cages and are available in both optical and electrical connections on the live link. These are useful when it is necessary to output the traffic from a fiber link to a device or tool that only has copper inputs or vice-versa. These TAPs require power for the SFP monitor ports in all cases (e.g., while an optical converter TAP will be passive at the live link side power, will be needed for the monitor ports to be active) otherwise they function the same way as the other aforementioned TAPs.
Aggregation TAPs are useful when you simply want to aggregate several live links together and output them to a single device or tool but don't require the extra port density or filtering capabilities of a device like a Network Packet Broker. Aggregation TAPs are typically electrical TAPs. In the case of Cubro's Aggregation TAPs they also function as a converter TAP for copper-based links and, in the event of a failure, will fail-open to preserve the live link.
One of the last but certainly not least important aspects of selecting the right TAP is not a matter of standards or specifications but rather of precision manufacturing and quality of the product. For a TAP to function optimally and have a long lifespan it needs to be constructed of the highest quality materials and rigorously tested before it ever reaches the customer.
At Cubro Network Visibility every TAP is built with exacting attention to detail and every single unit is inspected and tested upon completion. Each link of our fiber TAPs is examined and photographed using a precision microscope to ensure that no defects or contaminants are left on the fiber connector; this is critical for performance at higher bandwidths such as 100 Gbps. Speaking of bandwidth, every link of the optical TAP is also tested to handle speeds from 10 Mbps up to 100 Gbps. Currently, we are working on building a 400 Gbps testing solution as well. Plus as protection from any spy code, all code is verified by advance a secret hash comparison!
This level of precision and quality assurance is at the heart of Cubro Network Visibility because building the best products we possibly can lead to high customer satisfaction and reliable network visibility products.