Tapping: It's not just for phones anymore

From the March, 2013 Issue of Cabling Installation & Maintenance Magazine

Integrated tapping technology allows administrators to monitor data center traffic without disrupting the production environment.

By David Kozischek and Michaela Iery, Corning Cable Systems

While the idea of "tapping" has obvious surveillance implications, making it desirable for analyzing potential security threats (denial of service attacks, hackers and more), many network administrators use port tapping to monitor the performance of their network and identify bottlenecks or other performance issues.

What is port tapping?

Port tapping is a method of monitoring traffic being transmitted and received along a link in a network; this monitored traffic is then analyzed. This can be done actively via electronic devices that replicate (also called "mirroring") the link's data and send it to a monitoring device. Or it can be done passively with a device that simply passes through all data and sends it simultaneously to both its intended recipient and to a monitoring device. In both instances, the monitoring device filters the data and sends it to various software tools for analysis, where it is then sent to application-layer software for use by network administrators.

The question often comes up, what does tap stand for? The answer is, nothing. The word is used in the surveillance sense (a "tap" on a phone line), meaning to connect into and monitor communications that are being transmitted.

Active and passive tapping

Active tapping, sometimes called mirroring or SPAN (switch port analysis), uses active electronics to duplicate a link's traffic and send it to a monitoring device. An active port tap requires that one of the switch ports be used solely for tapping, thereby reducing the number of ports that can be used for live network data.

With passive tapping, the link's traffic is not replicated by the switch in any way. Rather, the optical signal's power is divided and the data stream is sent simultaneously to both live traffic and monitoring electronics.

Passive tapping is considered "pass through," in that the link's traffic is not replicated by the switch in any way. Instead, the optical signal's power is divided, and the data stream sent simultaneously to both live traffic and monitoring electronics.

Passive tapping has the following five primary advantages over mirror tapping.

1) Passive taps deliver full duplex (transmit and receive) port monitoring at scalable data rates and do not require oversubscription. Mirror tapping requires a 2:1 oversubscription, as it fully replicates (duplicates) each port's data.

2) A passive tap is invisible to the network, passing all data through versus replicating it, and therefore creates no change to the timing of frame/packet interactions or extra burden on the production network, as mirror tapping does.

3) Mirror tapping requires an engineer to configure the switch to recognize a port as a tapping port. If this configuration is not disabled during a network refresh, a mirror port can be cabled to serve as a network port. This can create a "bridging loop," resulting in network performance issues. No such concerns exist with passive tapping.

4) Passive tapping truly lives up to its name in that it is completely passive—a physical connection that passes data through without switch configurations or programming.

5) Passive taps pass on all traffic in the link for monitoring; mirror ports may not receive corrupt data or improperly sized packets, eliminating a full picture of how the network is performing.

Illustrated here are three design options for the placement of monitoring electronics, each with its own benefits as described within the article.

A closer look

So what is a tap, exactly? Also called a "coupler" or "splitter," the tap is a passive device that takes a single input of optical light and divides it into two or more outputs. This splitting of the light can be accomplished in several ways, including fusing two or more fibers together (fused biconic taper being the most common method), or by the use of micro lenses, beam splitters or other reflective or guiding devices.

One characteristic of a passive tap is what is known as a split ratio—the percent of the output power that goes to the live traffic receiver compared to the percent that goes to the monitoring device. The most common split ratio configurations are 70/30 (70 percent going to the live traffic receiver and 30 percent going to the monitoring device), and 50/50. The existence of different split ratios allows flexibility for cable lengths and data rates, as well as the sensitivities of the electronics. This is largely an issue for multimode networks, as singlemode does not have distance or data-rate limitations.

Advantages of integration

An integrated tap is a module with a fiber-optic coupler inside that divides the optical signal into two outputs, one for live-link traffic and one for monitoring. The live traffic continues through the system link while the monitor traffic is sent to an active monitoring device.

The use of non-integrated passive tap devices demands an additional segment in the total channel link; the patch panel/module must connect to the tap device and then connect from that device to the switching and monitoring electronics. When monitored ports require changes, the link has to be temporarily disabled—including the live traffic—in order to make new physical connections between the ports to be monitored and the passive tap device.

With an integrated tap module, the module serves as both the "patch panel" and the passive tap device. The ports that are monitored can be changed without ever disrupting the flow of live traffic.

An integrated solution essentially creates a "zero-U" solution for network monitoring, as the monitor ports use the same footprint as the live traffic and require no additional space. With other passive tap devices, the monitor port takes up less space in the front of the rack that could be used for a live traffic port. In fact, the usual rule of thumb for other passive tapping devices is to add another 1U of rack space for every 8 to 16 ports that are tapped.

With an integrated solution, one rack unit can house 72 ports of live traffic at the front of the rack and monitor all 72 ports in the same footprint by having the monitored ports exit the rear of the module. This improved rack density means higher revenue generation per rack unit in data centers or storage area networks.

Three design options for the placement of monitoring electronics each provides a set of benefits, which we will describe here.

Locating the monitoring electronics near the switch to monitor all ports. The advantage of this design is that it can be integrated into the current cabling infrastructure (assuming the total channel link length is capable), swapping out a standard module with a tap module—either to begin passive tapping or to replace the current passive tap device with a higher-density, integrated module.

Creating a crossconnect to selectively monitor ports. The advantage of this design is that it replicates the ports in the structured cabling area to create a crossconnect area. This provides the advantage of additional design and network management flexibility. In addition, the use of harnesses from the tap module to the electronics enables them to be located farther away without cable pathway congestion, easily consolidating all of the monitoring equipment and allowing each piece of monitoring equipment to be fully utilized. And now, the monitoring electronics can be segregated from the switches, eliminating the risk of a patching error in the monitoring cabinet and potential downtime of the live network.

These illustrations depict two means of splitting optical light. The most common method, shown on top, is the fused biconic taper, in which two or more fibers are fused together. Another method, shown below, uses micro lenses, beam splitters or other reflective or guiding devices.

Locating monitoring equipment in a remote location. The advantage of this option is that it allows the monitoring electronics to be completely separated from the live network electronics, limiting network access to network administrators and monitoring access to data security/compliance administrators.

Monitoring network traffic is critical for many data center operators. The ability to monitor traffic without disrupting the production environment reduces downtime and increases productivity. New integrated structured cabling solutions allow more choices in types of deployments, offering flexibility and ease of deployment. ::

David Kozischek is enterprise market manager and Michaela Iery is global product commercialization manager with Corning Cable Systems (www.corning.com/cablesystems).

More CIM Articles
View CIM Archived Issues

RELATED COMPANIES

j-fiber GmbH

We support LAN and data center network demands for flexibility, cost-efficiency and bandwidth wit...

Hewlett Packard

Develops IT infrastructure solutions related to racks, rack consoles and management, power protec...

Alacrity Services Inc

Data center operations specialists. Providers of physical data center services, including; vert...

HellermannTyton

Manufactures copper and fiber network cabling solutions and cable management products which help ...

CI&M VIDEO

EDITORIAL GUIDES

Connectivity in High-Speed Twisted-Pair Networks

For twisted-pair copper-based networks to fully support t...
Sponsored by

WHITE PAPERS

Fiber Storage – Are you doing it wrong?

October 17, 2014 This white paper discusses the results of using faulty, ineffective means and products that are inappropriate for aerial fiber optic storage and pr...

Laying the groundwork for a new level of Power over Ethernet

September 24, 2014 Enterprise networks continue to expand, growing more versatile and complex. Devices once considered peripherals—wireless access points (WAPs), secu...
Sponsored by

OTDR Event Analysis

July 22, 2014 Data center, enterprise, and FTTx fiber networks present a number of challenges when it comes to locating and measuring events and impairments. The...
Sponsored by
AFL

WEBCASTS

Fiber-Optic Cable and Connectivity Trends and Best Practices

A fiber-optic cabling system is an enabling technology for today’s as well as tomorrow’s most-advanced communications systems. A fiber infrastructure allows network owners to combine high speed and long distance in network environments such as dat...
December 18, 2014

Capabilities of and Applications for Twisted-Pair Copper Cabling Systems

Twisted-pair copper cabling is practically ubiquitous in networks around the world, thanks in large part to its stellar history of supporting voice and data communications within enterprise environments. With such a massive installed base of twist...
December 4, 2014

Cabling, Power and Thermal-Management Technologies in the Data Center

A data center truly is an ecosystem of interrelated and interdependent technologies, the performance of each one affecting the others in some way. Professionals administering these data centers are tasked with the challenge of maintaining balance ...
November 13, 2014

SPEED FEED

Speed Feed links you to a year’s worth of Cabling Installation & Maintenance articles in one easy-to-browse list.

CONNECT WITH US

Join our group
Follow Us & Get Updates
Industry Alerts & Reactions
  Add Us For Daily News
Email The Editor

SOCIAL ACTIVITY

© 2014. PennWell Corporation. All Rights Reserved. PRIVACY POLICY | TERMS AND CONDITIONS | SITE MAP