Search form

Upcoming Webinars

Eradicate service outages and performance issues from your network with OpManager
April 23, 2024
Master Class: Optimizing CX through 4 Pillars of Internet Resilience
May 01, 2024

On-Demand Webinars

Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack
May 2023 Product Launch: Learn about Catchpoint's New Capabilities

All Webinars...

Analyst Reports

Modern Enterprises Must Boost Observability with Internet Performance Monitoring
GigaOm CxO Decision Brief: Internet Resilience, May 2023
2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
The 2024 Observability Landscape — a survey of observability decision-makers
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
The SRE Report 2024
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer
Key Considerations When Choosing the Right Application Performance Monitoring Tool for Your Business
Apache Cassandra Monitoring: Challenges and Solutions
2024 State of IT Operations Report: Journey to Agility
Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Going Beyond Plain Virtualization Monitoring
Preventing Outages in 2023: What We Learned from Recent Failures
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure
Best Ways to Map Impact of Application Performance Issues on Business Goals
Hybrid Cloud Monitoring: Fundamental Driver of Efficiency in Hybrid Clouds
Quick Tips: Network and Application Infrastructure Checklist for the “Work From Home” Admin
Application Management Solutions for Enterprises

All White Papers...

How a Tap or SPAN Choice Affects APM
January 31, 2019

Keith Bromley
Ixia

Share this

Tap and SPAN. It's the same thing, right? That answer would be wrong. Some network engineers may not know the difference, but there are definitely clear and distinct differences between these two types of devices. Understanding these differences will help you elevate your game when it comes to network performance monitoring (NPM) and application performance monitoring (APM).

Here are four main factors that matter when it comes to a Tap or SPAN choice:

■ There is a difference in data type and quality from each device

■ The location of monitoring data capture matters

■ Time to resolution for troubleshooting activities is a factor

■ There are hidden administration costs for SPAN ports

1. The Difference Between TAP and SPAN

First, what is the difference between a test access port (Tap) and a switched port analyzer (SPAN) port?

A Tap is a purpose-built device that passively makes a copy of network data but does not alter the data. Once you install it, you are done. No programming is required. SPAN ports, also called mirror ports, are part of Layer 2 and Layer 3 network switches. They are active devices and will require you to program them to copy the data desired.

A key difference is that network switches (and their SPAN ports) introduce mechanisms on ingress ports to eliminate corrupt packets and to also eliminate packets that are below a minimum size. While this may sound beneficial, the problem with this approach is that monitoring devices for troubleshooting normally require the capture of all data within the egress segment. Key clues can be contained in this data, like are there malformed packets and when did the data start to get corrupted. No monitoring data means longer problem resolution times.

In addition, switches and SPAN ports can drop Layer 1 and select Layer 2 data as well, depending on traffic priority level. The SPAN port is not the primary function of a routing switch. So, if CPU and memory is needed for other tasks, then you may lose your monitoring data altogether for certain periods of time. This leaves you with no data to analyze for troubleshooting purposes.

By contrast, a Tap passes on ALL of the data on a link. This includes capturing everything needed to properly troubleshoot common physical layer problems, including bad frames that can be caused by a faulty NIC.

2. Location

Second, where you access monitoring data matters. It's like real estate, one of the most important factors is location, location, location. One of the great things about a Tap is that it is versatile. You can deploy them anywhere across your network. This gives you the ability to Tap ingress, egress, remote links, problem links, etc. with almost no restrictions.

By contrast, a SPAN port is tied specifically to a network switch and that switch's physical location. Since most switches are located in the network core, you typically have issues getting the right monitoring data from the edge of the network or from geographically distributed offices (unless each office is large enough to have a switch).

3. Time to Resolution

The third area of concern is time to resolution. Once installed, Taps and a network packet eliminate the need for many Change Board Review processes because you do not need to touch the live network. You just filter and analyze the readily available monitoring data to get the troubleshooting, performance, security-related, and compliance data you need. This can result in an up to 80% reduction in mean time to repair (MTTR).

On the other hand, SPAN ports require you to configure the switch (or switches) each and every time you want to change the switch data that needs to be copied. Since the SPAN port is part of the switch, which is an active part of the network, most SPAN port programming changes will require approvals. There will typically be subsequent delays in getting that approval to touch the network for most enterprises. In addition, there are usually further time delays because the implementation of any programming changes will have to wait until the next available maintenance window. This can add days or weeks to your troubleshooting process.

4. Administration Costs

Administration costs are the fourth concern. Since most Cisco switches have two (or more) SPAN ports per device, it is often assumed that the cost of these ports is free. However, this does not consider the programming and maintenance costs of those ports. Every programming change can take an hour, or more, of time. This length of time depends upon many factors: the size of the programming change you want to make, whether you have notes about what the current filter code means (i.e. if a filter was written a couple years ago and the author has left the company, it may time some time to figure out what the existing programming code actually does (as it might have even been written incorrectly), and then finally the time required to validate that the new SPAN port programming is working correctly. This programming and validation time is a hidden cost that can grow to be several hundred or even thousands of dollars per year.

In contrast, Taps are "set and forget," as mentioned earlier. You spend a couple hundred dollars up front to buy a Tap and then you are done as they are a one-time intrusion to the network. Once installed, the Tap will start to copy all of the data and forward that data to whatever tool (DLP, IDS, protocol analyzer, etc.) or network packet broker that you want.

Based upon the factors, many network engineers find that Taps are the best choice when it comes to ease of data capture, versatility of location for data capture, and programming costs.

Keith Bromley is Senior Manager, Solutions Marketing at Ixia Solutions Group, a Keysight Technologies business
Share this

Related Links

www.ixiacom.com

Hot Topics

APM
NPM/NetOps