Confirm Your Country or Area
Confirm your country to access relevant pricing, special offers, events, and contact information.
Products + Services
Oscilloscopes + Analyzers
- Spectrum Analyzers (Signal Analyzers)
- Network Analyzers
- Logic Analyzers
- Protocol Analyzers and Exercisers
- Bit Error Ratio Testers
- Noise Figure Analyzers and Noise Sources
- High-Speed Digitizers and Multichannel Data Acquisition Solutions
- AC Power Analyzers
- DC Power Analyzers
- Materials Test Equipment
- Device Current Waveform Analyzers
- Parameter and Device Analyzers, Curve Tracers
- Generators, Sources + Power
- Modular Instruments
- Network Test
- Network Security + Visibility
- Additional Products
- KeysightCare Service and Support
- KeysightAccess Service
- Calibration Services
- Repair Services
- Technology Refresh Services
- Test as a Service (TaaS)
- Test Asset Management and Optimization
- Network/Security Services
- Consulting Services
- Financial Services
- Education Services
- Keysight Support Portal
- Used Equipment
- All Services
- All Products, Software, Services
- Oscilloscopes + Analyzers
- Success Stories
Make The Right Choice For Monitoring Data Capture
WWhen monitoring a data network, you need quick and easy data access. A short delay or capturing the wrong data, can cost you thousands of dollars and result in longer troubleshooting time.
Keep in mind that you have choices when collecting monitoring data. Your choice of network monitoring equipment will affect the complexity and effectiveness of your monitoring strategy. The two most common ways of accessing monitoring data are through either a switched port analyzer (SPAN) port or a test access port (Tap).
A tap is a purpose-built device that passively makes a copy of network data but does not alter the data. Once you install it, you are done. No programming is required.
SPAN ports, also called mirror ports, are part of Layer 2 and 3 network switches. They are active devices and will require you to program them to copy the data desired.
Taps are the best choice when it comes to ease of data capture, versatility of location for data capture, and programming costs. Read this white paper to get more information on how to dimension taps within your network.
Taps Vs SPANs
There is a clear difference between taps and SPANs. Taps offer significant advantages over SPAN ports when monitoring the network.
One benefit is that you can "set and forget" taps because they are a one-time intrusion to the network. SPAN ports require you to configure the switch (or switches) every time you want to change the switch data that needs to be copied.
Once installed, taps and a network packet broker eliminate the need for many Change Board Review processes because you do not need to touch the live network. You just filter and analyze the readily available monitoring data to get the troubleshooting, performance, security-related, and compliance data you need.
Taps are also versatile and you can deploy them anywhere across your network. This gives you the ability to tap ingress, egress, remote links, problem links, etc. with almost no restrictions, unlike the SPAN port which is tied specifically to a network switch and the switch’s physical location.
Take a look at this solution brief to see the differences.
SPAN Ports Can Lie
The chart to the right is an attempt to perform an “apples to apples” comparison with respect to SPAN port and Tap port programming.
- The cost to administer a Tap is typically $0
- Proper SPAN port mirroring requires a network engineer to configure the switches (CLI programming + filter validation)
- Labor rate = $100/hr
- Programming for each SPAN session get progressively more time intensive to create a correct filter and troubleshoot it
Administration costs for SPAN sessions start Day 1. In this conservative example, the average annual recurring maintenance costs ($6,890) for SPAN sessions could have been redeployed to buy an average of 10 Taps (annually).
CONFIGURATION PROGRAMMING COST COMPARISON
(FOR 1ST YEAR)
|PROVISIONING||TAP COST||SPAN SESSION COST|
|SPAN session planning||$0||$3600
Is Partial Coverage Good Enough?
Taps offer the ability to collect data anywhere in the network, not just where the Layer 2 or Layer 3 switches are located.
Tap Vs SPAN Comparsion Table
While SPAN ports create a mirrored copy of network data, there are a host of issues associated with them and you need to factor this into your monitoring strategy. See the adjacent table for a comparison of the two data capture methods.
|Provides access to monitoring packets||x||x|
|Delivers a complete copy (100%) of data
(includeing bad data vital for diagnosis)
|Has full system resource priority during crisis
(i.e., does not drop frames)
|Less vulnerable to security attacks||x|
|Does not create unnecessary, duplicate packets||x|
|Does not create unnecessary, duplicate packets||x|
|Recommended for lawful intercept||x|
|Relieves SPAN port contention||x|
|Plug & play: no configuration needed||x|
The following resources are available to help you with your research
White Papers 2020.05.25
Best Practices for Visibility Architecture Tap Planning
Solution Briefs 2020.06.18
Why are Taps Critical to Network Visibility and Security?