5 Common Symptoms of Improperly Configured Network TAPs
July 15, 2019

Alastair Hartrup
Network Critical

Share this

Every internet connected network needs a visibility platform for traffic monitoring, information security and infrastructure security. To accomplish this, most enterprise networks utilize from four to seven specialized tools on network links in order to monitor, capture and analyze traffic. Connecting tools to live links with TAPs allow network managers to safely see, analyze and protect traffic without compromising network reliability.

However, like most networking equipment it's critical that installation and configuration are done properly. TAPs can often be deceivingly simple to deploy, which can result in some common mistakes that can have a big impact on the network. Here are 5 tips to properly deploying your network TAP technology:

1. Filter Assignments

Many intelligent TAPs have traffic filtering features that allow certain traffic to be eliminated from the traffic stream assigned to a given tool. Most TAPs use hierarchical filtering which means that filter rules follow a linear descending progression. For example, if http traffic is eliminated in rule #1, it can't later be included in rule #2 or beyond. This makes it imperative that meticulous advanced planning be done to understand which tools need which data. Then the planner must prioritize the tools in the correct order to get the right information to the right tool.

In larger networks, this can be a very complex task, sending filtered streams of information to certain upstream tools without jeopardizing the totality of traffic required by other downstream tools. If certain data is eliminated prior to arriving at the tool that's expecting it, the analysis will be flawed, which may cause alarms or worse, removal of a link from service until the filter rules are corrected.

Fortunately, there are a few TAPs that use innovative independent filter rules and do the math in the background. With independent filters, downstream tools are not dependent on upstream rules. This increases information accuracy and dramatically speeds deployment. Building flexible, independent rules and applying them independently to individual tools cuts planning time from hours to minutes, and eliminates potential service affecting configuration errors.

2. Port Mapping Errors

Many TAPs can have 16 or more ports. So, even when network links and tools are physically plugged in to the correct ports, internal maps of incoming traffic, outgoing traffic and through traffic, must be properly configured. Many TAPs use a programming syntax called Command Line Interface (CLI) to configure the unit. Each port must be directed to act as input for network traffic or output to tools using a set of specialized commands. Errors occur when network ports are internally mapped to incorrect tools sending the wrong information and therefore providing erroneous results.

Some TAPs, however, use an advanced Graphical User Interface (GUI) making the configuration task simpler and faster. By taking the programming language out of configuration, port mapping can be as simple as dragging a cursor and clicking on the correct ports. GUI interfaces are simple to use, save time and, often, provide mis-configuration alarms when configuration rules are broken. Using a TAP with an advanced GUI can improve accuracy and eliminate configuration mapping errors.

3. Connecting Network Links to Tool Ports

TAP ports are often designated for specific functions and designed as such. Ports that are designed to connect to network links provide fail-safe technology. If power is lost to the TAP, fail-safe will keep the live network link active and passing data. This network protection technology is designed onto network port cards, including fast relays for copper links and optical splitters for fiber links. However, ports that are designed specifically to connect tools and not interface with live links do not have fail-safe relays or splitters. If those tool ports are used as network access ports and power is lost to the unit, the network link will fail.

It is possible to avoid this mistake by looking for TAPs that provide the flexibility to use any port for either network or tool access. These TAPs include fail-safe relays on all ports, so it doesn't matter which port is used for network or tool access.

4. Mismatched Optical Fiber Connections

Multi-mode and single mode optical fibers are different sizes and have different transmission characteristics. In designing optical networks, it's important not to mix these two media. Single mode fiber is generally used for higher bandwidth (>10Gbps) and longer distances. Multi-mode for shorter distances and lower bandwidth (

There are Intelligent TAPs that can provide media conversion if optical link and tool interfaces are not compatible. For example, a long distance, single mode link may be connected to a TAP port and mapped to a monitoring tool that has a multi-mode interface. The media conversion will happen in the TAP as long as speeds are compatible.

5. Over Subscribing Ports

TAP ports are designed to pass traffic within a specific bandwidth range. There are copper and optical fiber ports designed for 1Gbps speeds and below. Other ports use Small Form-factor Plug-in (SFP) cages that allow for a variety of single mode and multi-mode fiber interfaces at higher speeds of 10Gbps and higher. Monitoring tools use similar ports to connect to links through TAPs. When connecting tools to links through TAPs it's important to understand the processing capacity of the tool and the speed of the link to be sure they're compatible. Over subscribing a TAP port or a tool port will cause inaccurate analysis results because packets will be randomly dropped to meet port limitations.

Paying attention to these five potential trouble spots will contribute to a fast and reliable TAP deployment. Shopping for intelligent taps that provide configuration mapping, filter alarms, media conversion and simple GUIs will make the job faster and reduce potential network issues down the road.

Alastair Hartrup is CEO of Network Critical
Share this

The Latest

March 31, 2020

Organizations face major infrastructure and security challenges in supporting multi-cloud and edge deployments, according to new global survey conducted by Propeller Insights for Volterra ...

March 30, 2020

Developers spend roughly 17.3 hours each week debugging, refactoring and modifying bad code — valuable time that could be spent writing more code, shipping better products and innovating. The bottom line? Nearly $300B (US) in lost developer productivity every year ...

March 26, 2020

While remote work policies have been gaining steam for the better part of the past decade across the enterprise space — driven in large part by more agile and scalable, cloud-delivered business solutions — recent events have pushed adoption into overdrive ...

March 25, 2020

Time-critical, unplanned work caused by IT disruptions continues to plague enterprises around the world, leading to lost revenue, significant employee morale problems and missed opportunities to innovate, according to the State of Unplanned Work Report 2020, conducted by Dimensional Research for PagerDuty ...

March 24, 2020

In today's iterative world, development teams care a lot more about how apps are running. There's a demand for fixing actionable items. Developers want to know exactly what's broken, what to fix right now, and what can wait. They want to know, "Do we build or fix?" This trade-off between building new features versus fixing bugs is one of the key factors behind the adoption of Application Stability management tools ...