printer friendly version

Why span/mirror ports are obsolete

Not so long ago, in the half-duplex Ethernet world, span ports were a convenient way of providing a window into network activity. Data recorders or network test and monitoring equipment could be connected and network administrators/engineers you could be fairly safe in the knowledge that every data packet traversing the network would reach the spanned port interface. After all, the maximum data traffic could not exceed 10/100/1000 Mbps in either direction at any given time.

Times have changed, speeds have increased, technology has changed and more demands are being made on the network infrastructure. Networks need to cater for multi-media traffic that requires full duplex communications. If we consider a 1 Gbps network running full duplex we can see that 1 Gbps can be running in both directions simultaneously, resulting in a potential 2 Gbps throughput, it is evident that providing a 1 Gbps span port is no longer sufficient if the requirement is to monitor and/or troubleshoot the data network (unless the demand for bandwidth in each direction is very low). Even so, networks expand; new servers and devices are added, staffing levels increase and the demand for bandwidth increases accordingly.

Many organisations have made the move to 10 Gbps lines and in making efficient use of these links they transport a variety of applications and protocols; VoIP, video, Internet, databases, financial applications and much more, the problem arises when you need to monitor, record or troubleshoot these 10 Gbps links.

Quite often there is a limitation on the number of span ports that can be configured and 10 Gbps troubleshooting equipment is very expensive.

A widely accepted solution is to relieve the pressure on the network switch and install inexpensive network TAPS as a first step, this will provide 100% access to all data traffic on a 24/7 basis, eliminates change control bureaucracy and these TAP devices have no impact on the live data traffic, they are totally non intrusive.

Many sophisticated TAPS can provide more advanced features such as filtering by application, protocol, IP address or VLan as well as speed conversion from 10 Gpbs to 1 Gbps, port broadcasting where 1 x 10 Gbps link can be broadcast to a number of output ports each of which may be used for a different monitoring, troubleshooting or recording functions. One port may be used for VoIP recording while another for Internet monitoring and a third or fourth port for troubleshooting.

TAPS provide 100% data capture on a 24/7 basis, are non intrusive and require no configuration, can be used for direct access for test equipment or can feed intelligent TAPs for more advanced features: port aggregation, filtering, speed conversion, port broadcasting, packet de-duplication and so on, they provide huge cost saving in the efficient use of test equipment and engineering resources. Many man hours can be saved by having the right test equipment at the right location when problems strike and can significantly reduce the mean time to repair (MTR).

Share this article:

Further reading: