Understanding the Role of Network Taps in Data Center Observability
Network taps can provide detailed visibility into network traffic. Find out if this is the right solution to enhance your data center observability profile.
Gaining visibility into network traffic is a key component of data center observability – which is why installing network taps could be a wise choice for data center operators seeking to enhance their monitoring capabilities.
However, network taps are not always the best observability solution inside a data center. Depending on your goals and resources, other methods might deliver better visibility or lower costs.
To help you decide, this article explains how network taps work, how they contribute to data center observability, alternatives to network tapping, and when you may (or may not) want to add network taps to your facility.
What is a Network Tap?
A network tap is a device that captures traffic as it flows over a network. Typically, taps copy the traffic and then send the copies to a location where they can be stored or analyzed. The original traffic reaches its intended destination without disruption.
Some vendors treat ‘TAP’ in this context as an acronym for ‘Test Access Point’ or ‘Terminal Access Point’. However, this is technically a backronym, as the term’s origins are analogous to ‘phone tap’ – a verb that predates the modern networking industry by several years.
Taps are usually deployed on local networks in locations that allow them to intercept traffic flowing between servers and external endpoints.
Network taps are available in two forms:
Physical taps, which are more efficient because they require minimal computing resources to copy or forward network traffic. Physical taps are also less prone to failure due to issues like a lack of sufficient memory or CPU, which lowers the risk that they could fail in ways that disrupt normal traffic flows.
Virtual taps, meaning software agents that copy traffic as it flows across a server or network switch. Virtual taps are more flexible to deploy because using them doesn’t require setting up new hardware. However, because they require memory and CPU to operate, they may fail in situations where there is more traffic than they can handle based on available resources.
A network tap captures traffic as it flows over a network and helps data center operators enhance their observability capabilities
Alternatives to Network Taps
Taps are not the only way to gain visibility into the network. One alternative is to run network monitoring software on servers or other endpoints. The software can inspect traffic flowing into and out of the endpoints.
The main challenge with this approach, however, is that you must set up separate monitoring agents for each endpoint you want to observe.
In addition, monitoring agents can consume significant CPU and memory resources (although new approaches to observability, based on technology like eBPF, can help to mitigate this issue).
You can also generate network logs as traffic flows through switches or other routing hardware. Logging doesn’t typically record the network data itself, which makes it different from tapping; instead, logs usually record information like which endpoints were talking to each other and which protocols they were using.
Thus, network logging doesn’t provide the same depth of information as a network TAP. But if your main goal in data center observability is to gain a sense of overall network behavior, not analyze network traffic itself, logging may be a simpler and more efficient approach.
Benefits of Network Taps for Data Center Observability
Network taps can be useful in any setting where you want to track what’s happening on a network. For example, tapping the local network in an office could help to detect malicious traffic associated with cyber-attacks.
However, network taps are especially beneficial as a network observability solution inside data centers, for several reasons:
Ability to handle large traffic volumes: A typical data center could have many gigabytes’ worth of data flowing over its networks in any given hour. Because network taps – especially physical taps – are very efficient, they excel at handling this high traffic load.
Centralized observability: Strategically located network taps can intercept all the data flowing into and out of a data center, providing a centralized vantage point for observing the network. This is especially beneficial when you have hundreds or thousands of endpoints whose traffic you want to monitor.
Packet-level visibility: Network taps allow you to peer into each individual data unit – known as packets – that flows across a network. This deep visibility can be useful for complex troubleshooting needs, such as figuring out why certain types of traffic experience high rates of packet loss.
Lower risk of disruptions: Data center observability techniques that consume significant CPU and memory pose the risk of disrupting operations if they lack enough resources to operate normally and network traffic is held up as a result. Physical network taps almost never have this problem, however, due to their hyper-efficient operation. That's an advantage in any data center that hosts mission-critical workloads.
The Downsides of Network Taps in Data Centers
Despite its advantages, network tapping inside a data center poses some potential challenges. One is cost. High-capacity hardware taps can cost upwards of $10,000 each, and you may need a number of taps to monitor different networks or network segments. This makes the devices a significant investment inside data centers.
Privacy can pose another challenge. Unless your organization owns all the infrastructure housed inside a data center, network tapping may give you access to other people’s data. This could violate terms of service for data center operators. That said, depending on how your networks are designed and where you place taps, it's often possible to collect data only from certain servers within a data center and ignore traffic routed to or from others.
Finding a way to analyze all the data generated through tapping can also be tough. Looking for patterns in network log files is relatively simple compared to analyzing the vast dumps of data produced by network tapping.
When – and When Not – to Adopt Network Tapping for Data Centers
Whether it makes sense to leverage network tapping as a means of data center observability depends on the following:
Your data center network architecture: To deploy a network tap effectively, you’ll need a network architecture that lets you insert the tap in a location where it can access all of the traffic you want to capture – and avoid capturing any third-party traffic that you don’t have permission to monitor.
How much network traffic you have: If you have so much traffic that other network observability solutions can’t handle it, tapping may be your best option.
How many endpoints you have: If you’re monitoring traffic from a relatively small collection of servers, traditional network monitoring agents hosted on the servers may be a simpler way to achieve observability than a tap.
How much observability depth you require: If you need the deepest possible level of observability into data center traffic, tapping might be the best approach. If you just want an overview of overall network operations and trends, consider logging instead.
About the Author
You May Also Like