Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

TAP Aggregation for Network Monitoring

TAP aggregation is a network monitoring and troubleshooting tool.

TAP Aggregation Overview

TAP (test access point) aggregation, like port mirroring, is a network monitoring and troubleshooting tool. Unlike port mirroring, TAP aggregation provides N:M (any-to-any) packet replication, allowing you to capture different types of data in real time so that you quickly see what is happening in your network.

You configure a switch in your network to handle the TAP aggregation task. You configure interfaces on that switch as tap ports (receiving interfaces) or as tool ports (transmitting interfaces). You assign one or more tap ports to a tap group and one or more tool ports to a tool group. You map tap groups to tool groups. The running TAP aggregation configuration on the switch receives the network packets you want to test on the tap ports and sends the copied packets from the tool ports to off-switch monitoring tools and analyzers that you are running in your network.

Benefits of TAP Aggregation

TAP aggregation provides these benefits:

  • Increased visibility into your network—packets are replicated and sent, at line rate, to your data monitoring and analyzer tools.

  • Ability to dedicate a switch or switches partly or entirely to the TAP aggregation task, allowing capture and analysis of different types of network data in real time. Using the switch as your TAP equipment can simplify your network setup and possibly save money that you would have to spend on dedicated network packet broker tools.

    Note: A set of interfaces can work only with either TAP aggregation or with other switching tasks; the set cannot work with both.

How Does TAP Aggregation Work?

TAP aggregation helps you monitor and troubleshoot your network this way:

  1. Packets come into the tap ports.

  2. The packets are replicated to the tool ports mapped to the tap ports.

  3. Packets are sent from the tool ports to the monitoring tools and analyzers you have running in an off-switch location in your network.

For details on setting up TAP aggregation, see Configuring TAP Aggregation later in this document. See the Terminology for TAP Aggregation table directly below this section before you start setting up the configuration.

Terminology for TAP Aggregation

Table 1: TAP Aggregation Terminology
Term Description Configuration Notes

tap port

An interface that receives packets. On tap ports:

  • No egress traffic is allowed.

  • MAC learning is disabled.

  • No interaction occurs with the control plane.
Note:

An interface can only belong to one tap group.

tool port

An interface that transmits packets. Tool ports connect to devices that process the monitored data streams. On tool ports:

  • No ingress traffic is allowed.

  • MAC learning is disabled.

  • No interaction occurs with the control plane.
Note:

We recommend that you assign an interface to a single tool group.

pair

Configuration statement that you use to map a tap group to a tool group.
Note:

You can configure a maximum of 32 interfaces total for the mapped pair.

tap group

The set of interfaces (tap ports) assigned to receive packets that are to be sent for analysis.
Note:

For TAP aggregation to work, every interface that is part of the TAP aggregation configuration must be a member of a tap group or a tool group.

tool group

The set of interfaces (tool ports) assigned to transmit the replicated packets to the monitoring and analysis tools location.

interface list

The list of names of the interfaces you are adding to a tap group or a tool group.
Note:

You must configure each interface in the interface list with a logical interface.

TAP aggregation mode

A mandatory configuration that enables support for TAP aggregation on the interfaces that are configured as part of the tap-group and tool-group interface list in TAP aggregation mode.

  

Configure TAP Aggregation

Configure TAP aggregation on your switch.

To configure TAP aggregation:

  1. Start by enabling the TAP aggregation mode on your switch:
    Note:

    Step 1 above, enabling TAP aggregation mode, is mandatory. The feature does not work if you don't configure TAP aggregation mode. The mode applies at the interface level, not at the switch level.

  2. Create a logical interface on each interface that you will later add to a tap group or a tool group:
    For example:
    CAUTION:

    Ensure that you create the logical interfaces before you assign the interfaces to a group.

  3. Create a tap group with a list of interfaces:
    Note:

    • Enclose the list of interfaces in square brackets and separate the individual interface names with a space, like this:

    • An interface can belong to only one tap group.

    • The interface must include a logical interface.
  4. Create a tool group with a list of interfaces:
    Note: Enclose the list of interfaces in square brackets and separate the individual interface names with a space, like this:

    • We recommend that you assign an interface to a single tool group.

    • The interface must include a logical interface.
  5. Map a tap group to a tool group by including the pair configuration statement:
    Note:

    Ensure that you list the tap group name first and the tool group name second. The configuration doesn't work if you configure the tool-group name as the first name in the list.