SPAN ports and TAPs
In the past, network operators have addressed the challenge of how to access network core traffic for monitoring purposes through the use of switch port analyzer (SPAN) ports and/or optical TAPs. Both of these data access methods have their advantages and disadvantages, but the underlying common issue for both approaches is that there remains too little access to satisfy the needs of the growing number of monitoring tools.
Figure 1 shows a typical data access configuration employing a mix of SPAN ports and optical TAPs. In this scenario, several different flavors of monitoring equipment are receiving data from either the router or a TAP. Each tool receives most, if not all, of the traffic from the converged pipe, requiring it to process a massive amount of data in order to get to the data it is trying to monitor.
Figure 1: Configuration employing a mix of SPAN ports and optical TAPs
SPAN ports provide a fairly straightforward approach to providing access and can even offer some level of aggregation, assuming the router platform is lightly utilized. The problem with this method of data access is that the primary function of a router is not to provide monitoring access, so burning SPAN ports on these platforms for this purpose can quickly become cost-prohibitive. Moreover, higher level processing functions are contingent upon the amount of resources not being utilized for other router tasks.??í??í
Optical TAPs eliminate the cost issues related to SPAN ports but have their own restrictions. TAPs are dedicated to a particular test or monitoring device which, by definition, eliminates the possibility of sharing or switching data between multiple tools. Although they provide access at a better price point, they do so while draining optical power. This, in turn, limits the distance between network devices. Further, without their own processing resources, TAPs do not alleviate the monitoring equipment's burden of too much data.