Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical PowerPoint Presentation
Download Presentation
TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical

TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical

141 Views Download Presentation
Download Presentation

TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. TAP’s Demystified June 16th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST‘10 Stanford University June 14-17, 2010

  2. Overview • What are TAP’s? • Why TAP? • Modes • Options • Technology • Portable Analysis • Configuration

  3. Analyze • Capture • Access

  4. What are TAP’s?

  5. What are TAP’s? Traffic Access Point An inline network device that provides access to data as it traverses a network media.

  6. What are TAP’s?

  7. What are TAP’s? • Deployed Inline • TAP’s Process All Frames on the Media

  8. What are TAP’s? • Gaining Popularity • TAP’s can be Active or Passive Devices

  9. What are TAP’s?

  10. What are TAP’s?

  11. Why TAP?

  12. Why TAP? • VoIP Monitoring • Protocol Analysis • Server & Workstation Monitoring • Compliance & Data Leakage Detection • Intrusion Detection & Prevention • The security group is hogging all the SPAN ports and they never let me sniff any data…

  13. Why TAP? There are lots of reasons… • Multiple groups will need access to data • More groups will require copies of data • What happened to my HUB?! • SPAN ports are slim pickings

  14. Modes

  15. TAP Modes Breakout (Directional Outputs)

  16. TAP Modes Aggregating (Combined Outputs)

  17. TAP Modes Regenerating (Duplication/Replication of Data)

  18. TAP Modes Aggregating Regenerating (TAP and SPAN) ew

  19. TAP Modes Aggregating/Filtering Backplane

  20. TAP Modes Advanced Backplane Operations

  21. Options

  22. TAP Options • Link Failure\Integrity\State Propagation

  23. TAP Options • Fail-to-Safe, Fail-to-Wire, Fail Closed

  24. TAP Options • Link Lock, Passive Copper (10/100 only)

  25. TAP Options • PoE Passive/Pass Through, Not Always PoE+

  26. Technology

  27. TAP Technology Passive TAP • Benefits • TAP once and done • Live devices link directly with each other • Allows simple monitoring applications • Passes L2 errors • Link maintained on power state change • Things to Consider • Some degradation of live signal • Proper deployment

  28. TAP Technology Active TAP • Benefits • Allows complex monitoring applications • Allows traffic to be injected into live links • No degradation of live signal • Things to Consider • May discard link errors (Switch vs FPGA) • Link is lost on power state change • Live network devices link with TAP

  29. TAP Technology Passive Components • Copper 10/100M Links • Manipulate traces and PHY connections • Live devices physically connected • Power state change is non-impactful • Fiber 100M, 1G, 10G+ Links • Optical splitters/couplers • Isolates production and monitor data-paths • Can provide 100% passive monitoring

  30. TAP Technology Optical Fiber Splitter/Coupler

  31. TAP Technology

  32. TAP Technology Active Components • Copper 10/100/1G Links • Fast acting copper relays • Fiber 1G, 10G+ Links • Optical bypass switches

  33. TAP Technology Active Components • Fast Acting Copper Relays / Optical Switches • Non-Latching • Do NOT require power to fail closed • Less complex • Latching • DO require power and a trigger to activate • More flexible

  34. TAP Technology Optical Fiber Bypass Switch

  35. TAP Technology Optical Fiber Bypass Switch

  36. TAP Technology Core Components • Switch Chip Based Designs • Familiar architecture and compatibility • Built in functionality • Designed for specific tasks • Counts malformed frames and errors • May not pass error frames

  37. TAP Technology Core Components • Field-Programmable Gate Array (FPGA) • An integrated circuit designed to be configured after manufacturing • Extreme flexibility allows complex applications • Passes malformed frames and errors • Oversized and custom frame types • Byte offset matching and slicing

  38. TAP Technology Core Components • Fiber Transceiver • Two pieces of directional optics • Transmitter – Only capable of sending • Receiver – Only capable of capture • Form factors – SFF, SFP, SFP+

  39. TAP Technology Core Components • PHY (Physical Layer) • PCS, PMA, PMD • Connects RJ45/transceiver to Switch (or FPGA) • Handles link negotiation and line protocols • Broadcom, Marvell, Intel, VIA

  40. TAP Technology

  41. Deployment

  42. Deploying TAP’s

  43. Deploying TAP’s Things to Consider • Not all patch cables are created equal • OM1 (Orange), OM2 (Grey), OM3 (Teal) • Fiber cables may be crossover • 10/100 network cabling (MDI, MDIX) • Consider overall cable lengths

  44. Portable Analysis

  45. Portable Analysis Laptop Challenges • Where’s the Fiber port?! • Performance of receive and capture is limited • 1G capture appliances are not very portable • 1 Gbps is still a LOT of data

  46. Portable Analysis Solutions • TAP’s for Media Conversion • Modify the Capture Buffer Size • Filter on TAP Hardware

  47. Portable Analysis: Media Conversion Copper to Copper Copper to Fiber Fiber to Copper Fiber to Fiber

  48. Portable Analysis: Bump the Capture Buffer

  49. Portable Analysis: Filter on TAP

  50. Filtering