SHARE
Networking / March 12, 2019

Understanding Network TAPs, Part 1: TAPs vs. SPANs

TAPs, or Test Access Points, are one of the basic building blocks of modern networks. Unglamorous, perhaps, but undeniably useful. Understanding when and how to use TAPs lets you achieve visibility into what’s running on a wire, giving you the knowledge you need to treat those packets appropriately.

Our recent whitepaper, “Understanding Network TAPs — The First Step to Visibility,” takes a deep dive into the world of TAPs and network visibility. This the first of three blog entries that will share some of the paper’s highlights. This time: TAPs vs. SPANs (Switched Port Analyzer).

Figure 1. Direct cabling vs. TAP cabling

Both technologies extract network traffic, but they go about it in different ways. A TAP is a hardware device inserted at a specific point in the network to extract specific data, while SPANs are software inside a switch or router that duplicates incoming or outgoing traffic and forwards it to a special port, called a SPAN or mirror port.

As the whitepaper notes, given a choice, TAPs are generally preferable for several reasons:

  1. SPAN ports are easily oversubscribed and have the lowest priority when it comes to forwarding, resulting in dropped packets
  2. The SPAN application is processor-intensive and can have a negative performance impact on the switch itself, possibly affecting network traffic
  3. Because SPAN traffic is easily reconfigured, SPAN output can change from day to day, resulting in inconsistent reporting

Why not use a TAP every time? Well, you won’t always have access to the network infrastructure carrying the traffic in question, or maintenance windows could prevent timely TAP deployment. Moreover, some remote locations might not be able to justify deploying a TAP, but can offer SPAN access that supports occasional troubleshooting without bringing down the link. Sometimes, too, speed or interface-type considerations make a SPAN the only viable option.

An old networking axiom puts it like so: “TAP where you can, SPAN where you can’t.”

Read the Full Whitepaper for More

That’s all for this time, but there’s a lot more to TAPs. Part 2 of this series will explore the differences between active and passive TAPs, but if you can’t wait, check out the full whitepaper here (PDF). Or just swing by the Gigamon Network TAPs site to learn how Gigamon products leverage TAPs to deliver excellent visibility into the packets on your network.

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Networking group.

Share your thoughts today

RELATED CONTENT

CALCULATOR
Customers have saved millions in IT costs. How much can you save?
REPORT
Learn how 1,200 of your IT security peers plan to fight cyberattacks
WEBINAR
Zero Trust: What You Need to Know to Secure Your Data and Networks
DEMO
See how to finally achieve visibility to reduce costs and remove complexity

Back to top