1 / 80

TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical

TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARK FEST ‘10 Stanford University June 14-17, 2010. Overview. What are TAP’s? Why TAP? Modes Options Technology Portable Analysis Configuration. Analyze Capture Access. What are TAP’s?.

virginiamiller
Download Presentation

TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TAP’s Demystified June 16th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST‘10 Stanford University June 14-17, 2010

  2. Overview • What are TAP’s? • Why TAP? • Modes • Options • Technology • Portable Analysis • Configuration

  3. Analyze • Capture • Access

  4. What are TAP’s?

  5. What are TAP’s? Traffic Access Point An inline network device that provides access to data as it traverses a network media.

  6. What are TAP’s?

  7. What are TAP’s? • Deployed Inline • TAP’s Process All Frames on the Media

  8. What are TAP’s? • Gaining Popularity • TAP’s can be Active or Passive Devices

  9. What are TAP’s?

  10. What are TAP’s?

  11. Why TAP?

  12. Why TAP? • VoIP Monitoring • Protocol Analysis • Server & Workstation Monitoring • Compliance & Data Leakage Detection • Intrusion Detection & Prevention • The security group is hogging all the SPAN ports and they never let me sniff any data…

  13. Why TAP? There are lots of reasons… • Multiple groups will need access to data • More groups will require copies of data • What happened to my HUB?! • SPAN ports are slim pickings

  14. Modes

  15. TAP Modes Breakout (Directional Outputs)

  16. TAP Modes Aggregating (Combined Outputs)

  17. TAP Modes Regenerating (Duplication/Replication of Data)

  18. TAP Modes Aggregating Regenerating (TAP and SPAN) ew

  19. TAP Modes Aggregating/Filtering Backplane

  20. TAP Modes Advanced Backplane Operations

  21. Options

  22. TAP Options • Link Failure\Integrity\State Propagation

  23. TAP Options • Fail-to-Safe, Fail-to-Wire, Fail Closed

  24. TAP Options • Link Lock, Passive Copper (10/100 only)

  25. TAP Options • PoE Passive/Pass Through, Not Always PoE+

  26. Technology

  27. TAP Technology Passive TAP • Benefits • TAP once and done • Live devices link directly with each other • Allows simple monitoring applications • Passes L2 errors • Link maintained on power state change • Things to Consider • Some degradation of live signal • Proper deployment

  28. TAP Technology Active TAP • Benefits • Allows complex monitoring applications • Allows traffic to be injected into live links • No degradation of live signal • Things to Consider • May discard link errors (Switch vs FPGA) • Link is lost on power state change • Live network devices link with TAP

  29. TAP Technology Passive Components • Copper 10/100M Links • Manipulate traces and PHY connections • Live devices physically connected • Power state change is non-impactful • Fiber 100M, 1G, 10G+ Links • Optical splitters/couplers • Isolates production and monitor data-paths • Can provide 100% passive monitoring

  30. TAP Technology Optical Fiber Splitter/Coupler

  31. TAP Technology

  32. TAP Technology Active Components • Copper 10/100/1G Links • Fast acting copper relays • Fiber 1G, 10G+ Links • Optical bypass switches

  33. TAP Technology Active Components • Fast Acting Copper Relays / Optical Switches • Non-Latching • Do NOT require power to fail closed • Less complex • Latching • DO require power and a trigger to activate • More flexible

  34. TAP Technology Optical Fiber Bypass Switch

  35. TAP Technology Optical Fiber Bypass Switch

  36. TAP Technology Core Components • Switch Chip Based Designs • Familiar architecture and compatibility • Built in functionality • Designed for specific tasks • Counts malformed frames and errors • May not pass error frames

  37. TAP Technology Core Components • Field-Programmable Gate Array (FPGA) • An integrated circuit designed to be configured after manufacturing • Extreme flexibility allows complex applications • Passes malformed frames and errors • Oversized and custom frame types • Byte offset matching and slicing

  38. TAP Technology Core Components • Fiber Transceiver • Two pieces of directional optics • Transmitter – Only capable of sending • Receiver – Only capable of capture • Form factors – SFF, SFP, SFP+

  39. TAP Technology Core Components • PHY (Physical Layer) • PCS, PMA, PMD • Connects RJ45/transceiver to Switch (or FPGA) • Handles link negotiation and line protocols • Broadcom, Marvell, Intel, VIA

  40. TAP Technology

  41. Deployment

  42. Deploying TAP’s

  43. Deploying TAP’s Things to Consider • Not all patch cables are created equal • OM1 (Orange), OM2 (Grey), OM3 (Teal) • Fiber cables may be crossover • 10/100 network cabling (MDI, MDIX) • Consider overall cable lengths

  44. Portable Analysis

  45. Portable Analysis Laptop Challenges • Where’s the Fiber port?! • Performance of receive and capture is limited • 1G capture appliances are not very portable • 1 Gbps is still a LOT of data

  46. Portable Analysis Solutions • TAP’s for Media Conversion • Modify the Capture Buffer Size • Filter on TAP Hardware

  47. Portable Analysis: Media Conversion Copper to Copper Copper to Fiber Fiber to Copper Fiber to Fiber

  48. Portable Analysis: Bump the Capture Buffer

  49. Portable Analysis: Filter on TAP

  50. Filtering

More Related