There are some unique advantages in using a Garland FieldTap with a Byte25 appliance that were not immediately obvious until we connected it up and ran some tests. Turns out this is a perfect tap to use for monitoring.
For information on the FieldTap from Garland Technology, look here:
https://www.garlandtechnology.com/products/fieldtap
A quick overview of the Garland FieldTap
I guess if you are actually reading this blog post, you probably have a fair idea of what a network tap actually does. But just in case, and in a as few words as possible, a network tap is a small hardware device that sits in-line on an ethernet connection and allows for a copy of all packets to be sent to a monitoring device. The beauty of a network tap is that it provides a fully fault tolerant solution – that is, it does not impact the performance of the ethernet connection and will continue to pass packets even in the event of a power outage.
The Garland FieldTap is an interesting and useful network tap variant. Normal ethernet network taps output a ‘copy’ of the packets on standard ethernet connections, by contrast, rather than using Ethernet, the Garland FieldTap uses a standard USB 3.0 to output packets. That is, the Garland FieldTap listens to standard copper Ethernet but outputs a copy of all traffic to a USB 3.0 interface. This allows great flexibility as to what type of monitoring devices can be deployed. I guess the most common deployment scenario for Garland FieldTaps is the use by field engineers with laptops for network troubleshooting, however the flexibility of the Garland FieldTap USB output solves a specific use-case for Byte25 when deploying monitoring appliances.
The following review was undertaken by Byte25 to assess the suitability of using the Garland FieldTap for connection to Byte25 monitoring appliances in production environments.
Dealing with Garland Technology
Not sure if the experience of dealing with vendors should form part of any review, but I am going to include it here as the Garland guys are super easy to deal with. Big shout out to Kumar Rajaram the Garland APAC Regional Director who drove all the way across greater Sydney to hand deliver a couple of units for us to play with. I certainly haven’t experienced this level of support from the bigger tap and NPB vendors.
Integrating with Byte25
Ok, so now to the technical stuff. We plugged the Garland FieldTap in and connected to a USB port on a Byte25 appliance. We use a Debian Linux distribution on our appliances and once connected, the Garland FieldTap was immediately visible as 2 new Debian network interfaces, in this case eth1 and eth2. No configuration or software required, the USB chipset and ethernet ports are supported under the standard Debian ‘Buster’ distro. Just to double check that we had the right interfaces, we ran ethtool on these interfaces which clearly showed the driver to be for a LAN79xx USB to ethernet chipset as expected in a USB capable network tap.
The two interfaces presented from the FieldTap under Linux (and I guess the same would be true for other operating systems) correspond to each of the ethernet ports on the FieldTap itself. But even better than that, it looks like the each interface defined under Linux for the FieldTap relates respectively to the transmit and receive sides of the ethernet link being monitored. This is clever design by an engineer that understands network monitoring – only forwarding the transmit side of each ethernet port means packets are counted only once by the connected appliance. This makes monitoring super easy, as we can just listen on the 2 FieldTap USB defined ethernets under Linux, eth1 and eth2 and we get an exact copy of the monitored Ethernet link.
This made integration with Byte25 seamless, the FieldTap simply presents as 2 extra interfaces which we then listen on – so no code changes on our end (I like this bit the best :).
What Happens When the Power Goes Out?
Now this was one of the nicest things about the FieldTap, and definitely something I wasn’t expecting. When a ‘normal’ ethernet tap loses power, electronic relays are activated to close the circuit for the monitored ethernet link to ensure the link remains active. This process results in a very short outage which normally triggers the ethernet connections on each side to renegotiate resulting in an actual outage of a few seconds. By contrast, the FieldTap has a cool design feature that allows it draw power from the USB interface. This means that even if the tap loses external power, the ethernet interfaces remain powered up so there is no ethernet renegotiation and so no actual outage. For those that are familiar with Ixia taps, this is very similar in functionality to their zero delay tap but way less expensive and actually probably more robust as it doesn’t rely on a battery that can run flat.
The Advantages of the FieldTap over Bridges and Mirror Ports
Most Byte25 customers use SPAN or mirror ports configured on a switch to access traffic, and most of the time this works fine. There are plenty of resources around pointing out the shortfalls of using a switch SPAN/mirror ports but in our experience, for a visibility solution like Byte 25, SPAN/mirror ports work fine.
I say SPAN/mirror ports work ‘most of the time’, in reality though there are often 2 issues. Firstly it is often difficult to actually configure a SPAN/mirror port, the connected switch may not support port mirroring or the customer may not have access to the switch config, and secondly, the low end Byte25 Branch appliance only has one physical ethernet port making connecting a switch mirror port difficult.
To get around this, at Byte25 we have implemented an inline solution using an ethernet chipset with bypass functionality. That is the appliance can sit in line and in the event of a power outage the chipset will initiate a relay to ‘fail close’ and keep traffic flowing. In essence this is the same functionality as a network tap. However, when the appliance is running, we need to implement bridging across the ethernet ports in software in order for them to pass traffic. The bridging is dependent on the Linux kernel, so if Linux has a problem, such as exceptionally high CPU usage, then we have the potential to impact network throughput. This is unusual and hasn’t happened to date, but it is certainly a potential point of weakness.
The Garland FieldTap presents a more robust solution in both these scenarios, firstly it doesn’t take up an extra ethernet port (which is perfect for the Byte25 Branch appliance) and secondly cannot impact network performance in event or a software issue within the Byte25 appliance.
For implementations that require a high level of fault tolerance and robustness, Byte25 would certainly recommend the Garland FieldTap. Even when compared to a standard network tap there are significant advantages with the USB format which make the Garland FieldTap an excellent solution.