TAPs and Packet Brockers 101

Category: News
Published: 16th September 2024

< Back to Media
Man sat down next to data centre wiring

What Are TAPs?

A Test Access Point (TAP) is hardware which is placed on a network to access and monitor network traffic. A network TAP splits traffic in both directions meaning that they can safely create an exact copy of both sides of a conversation on a network and send them to separate monitoring ports. TAPs are mainly passive devices, meaning that traffic can flow through the network without interference.

What Are Network Packet Brokers?

Network Packet Brokers (NPBs) act as intermediaries between TAPs, SPAN ports, and tools used in data centres. Their features include filtering, aggregating, and load balancing. NPBs ensure that monitoring, performance, and security tools receive the exact data they need by streamlining and directing the relevant network traffic. This optimises data flow, making it easier for tools to efficiently analyse and respond to network conditions. With network monitoring, it is important to capture all the relevant traffic. In today’s complex networks, employing a packet broker is the best way to obtain the ‘ultimate source of truth’.

Aggregation is the process of combining multiple network feeds from TAPs into a single, larger stream of traffic. This aggregated traffic is then filtered to allow only the relevant data to pass through, while unnecessary data is discarded. This process makes the data more manageable and useful for analysis and reporting, enabling the identification of key insights and trends.

Packet brokers are useful when you’re interested in a specific section of the network. They filter the traffic from a TAP and send it to many and/or specific links/monitoring probes. They allow you to filter traffic so that only certain data is processed, allowing you to optimise your data ingest.

How do TAPs work?

TAPs serve as a bridge between the network and the tools used for analysis. They capture raw data by safely copying it directly from the network.

How do packet brokers work?

Packet brokers process the copied data from a TAP and manipulate it as needed, to deliver the refined data to the appropriate tools. This system effectively “grooms” network traffic, transforming it from raw data into a format that is optimised for the tools it supports. By aggregating, filtering, and directing the data, these platforms create a translation system that ensures tools receive only the information they need, improving overall efficiency and accuracy. The insights gained from this processed data can then be used by monitoring tools to generate reports, drive new insights, and inform future decision-making.

When are TAPs and Packet Brokers used?

24/7 security and network monitoring enabled by a reliable feed of just the required data being sent to security and monitoring probes

Compliance with frameworks such as PCI DSS and GDPR, by hashing out card details and Personally Identifiable Information before data reaches your tools

Troubleshooting and diagnostics of performance degrading issues by sending just the required traffic to your monitoring probes

Network forensics providing copies of every single packet enabling anomaly reconstruction with full fidelity

Load balancing to share the security filtering load across multiple security tools for enhanced resilience

Reducing operational costs by enabling the use of lower speed security and monitoring tools on higher speed networks

Advantages of TAPs and Packet Brokers:

  • Ease of Use: User-friendly and can seamlessly provide data to out-of-band tools. They can also be placed in any link that needs to be monitored, and moved across a network, meaning they can be flexibly deployed- either remotely or on a campus.
  • Reliability: They offer a more dependable alternative to other methods of network monitoring e.g., SPAN ports, which can fail to capture data accurately during high traffic periods.
  • Comprehensive Monitoring: They feed real-time data into aggregation systems, offering immediate insights and visibility across the network.
  • Cost effective: Installing TAPs and packet brokers means that expensive tooling can be utilised across a wider environment.
  • Consolidation and efficiency: You can access specific data at a specific point on a network, simplifying your method of accessing data, and streamlining into one source. This increases efficiency across a network and means that you gain insights into only the desired information.
  • Unintrusive: Fibre TAPs are completely passive; this means they don’t interfere with network traffic, nor do they break or fail in times of heavy traffic load. Their ‘invisibility’ means that during the unfortunate event that a specific link is hacked, you still have 100% visibility to the security tools.

 

At Red Helix, we provide, support, and manage network packer broker estates for major network owners that let them scale their monitoring and security capability as their networks continue to evolve. Due to our independence, we can recommend and supply the packet brokers best suited to your requirements from who we believe to be best network packet broker vendors on the market. Contact us today to discuss your needs.