NP-Channel - EMEA Value Added Distributor for Network Visibility, Performance Monitoring, Security, and Test Solutions


Many of our customers have questions about our products, solutions, and their technology in general. These frequently asked questions are presented here for your quick reference:

Network Packet Brokers

What is a Network Packet Broker (NPB)?

Network Packet Broker (NPB) defines a new category of compact, hardware-based, rack-mounted devices that offer a new approach for handling and manipulating network packets. NPBs optimize the access and visibility of traffic from one or many network links to monitoring, security and acceleration tools. NPB capabilities include:
  • Aggregation of monitored traffic from multiple links/segments
  • Filtering and grooming of traffic to relieve overburdened monitoring tools
  • Load-balancing traffic across a pool of tools
  • Regeneration of traffic to multiple tools
NPBs intelligently distribute traffic flowing from network devices across various port mappings - many-to-many, any-to-many, many-to-any, and any-to-any. Formerly NPBs were known as data monitoring switches, data access switches, matrix switches, or traffic aggregators. The category of NPB encompasses all of these.

What is a VERSAstream™ Network Packet Broker?

A Network Packet Broker (NPB) or Network Monitoring Switch is a network device that acts like a network patch panel, but with the ability to aggregate and copy traffic to one or more ports. NPBs can combine data from multiple ethernet network segments into one or more aggregated streams of data, perform port steering, and regenerate ports, so that multiple copies of data are available for multiple tools. Some models have packet filtering capability.

NPBs are not designed to be inline devices, they receive their network traffic from two (2) different types of source. Most often, customers deploy taps on their network links which are inline devices that make a copy of network traffic. That copy is sent from the tap into the NPB. Some solutions use mirror ports or SPANs to collect traffic from the network.
Mirror ports are connected into Network Monitoring Switch for aggregation or regeneration (copies). NPBs are not inline devices, but are referred to as out of band devices, since they work with copies of network traffic from a tap or mirror port.

VERSAstream™ is Datacom Systems brand name for Network Packet Brokers or Network Monitoring Switches. These two terms are interchangeable.

Many solutions connect a VERSAstream™ to an intrusion detection system, protocol analyzer, or network probe. These devices can receive the aggregated data with just one network interface card (NIC). Network and security personnel are then able to monitor several network links simultaneously with as little as one monitoring tool.
In many environments there are multiple areas of interest at the access layer or network edge that have either lower utilization or use lower speed data sources.

TheVERSAstream™ allows these data sources to be aggregated together and monitored by a single high speed or high capacity tool instead of multiple lower speed legacy tools. This reduces the overall number of tools needed and dramatically reduces the rack space required, while also lowering ongoing support and maintenance costs for monitoring tool software and hardware.

Is the VERSAstream™ Network Packet Broker an out of band or an in-line device?

The VERSAstream™ is designed to receive traffic from an external tap or SPAN. It aggregates or copies network traffic to one or more ports.

Does the VERSAstream™ support multiple speed inputs?

Yes. A variety of speeds and ports are available. Many of our devices have SFP+ or SFP ports for 10G and 1G capability.

What if my network or existing monitoring tools are not the same media type?

No problem. VERSAstream™ models are available with a mix of copper and SFP ports also with all SFP based ports to allow complete flexibility for mixing media types.

What tools will work with the VERSAstream™ ?

Since Datacom Systems devices are standards compliant, you can connect any device to their products. The VERSAstream™ is platform independent and will accept connections from analyzers, IDS, IPS, and probes from any manufacturer with the appropriate port media and interface.

How to handle ERSPAN with xFilter?

ERSPAN is GRE with an additional proprietary Cisco header. So whenever you enable xFilter´s GRE processing: for gre-termination or gre-stripping, xFilter will strip ERSPAN packets. There is no additional configuration to strip or terminate ERSPAN tunnels. Specific ERSPAN filter-counters are available.


What is an Active Network Tap?

Active taps rely on a Fail-over system for power fault tolerance. If an Active tap loses power a set of copper relays will fall into a closed position to provide a passive bypass. When the passive bypass system is engaged a momentary interruption of link occurs. This can be kept to an absolute minimum by configuring the endpoint devices of the tapped link for PortFast or FastLearn.

What is a Passive Network Tap?

Passive Network Taps are network taps that will cause absolutely no change in the state of the link if the tap loses power. In the event of power loss, network traffic will flow uninterrupted as long as the network itself has power.

Are Ixia/Net Optics Taps passive devices?

All Ixia/Net Optics copper taps are completely passive. Simple Fiber Taps require no power and are completely passive. They are not a point of failure in the event of power loss. Net Optics also offers Zero Delay technology which guarantees no packet loss if the Tap loses power.

I am monitoring my network segment via a Span (mirror) port on my switch. How will I benefit by using a Tap?

Network Taps create permanent access ports for passive monitoring by splitting or regenerating the full-duplex network signal. The monitoring device connected to the Tap receives traffic as if it were in-line, including all errors. In contrast, a monitoring device connected to a switch Span port does not see all traffic. Corrupt network packets, or packets below minimum size, are usually dropped. Switches also eliminate Layer 1 and select Layer 2 errors, and are constrained by the bandwidth capacity of the Span port. In addition, by using a Tap you put less load on your switch buffer and can eliminate "resets" by the switch. For more information, please download the following white paper: Technical Comparison: Taps vs. Span Ports

What is a “Potential Point of Failure” and why should it be considered as part of any network access design that includes taps?

All network hardware, no matter how reliable, must be considered as a device that could malfunction. Network architects will assess the mission critical nature of any given link, what redundant or alternate data paths exist, and how service might be impacted if a service window were required to replace a device in that link.

In some cases an in-line device that has multiple links passing through it and may be an appropriate choice. But a more conservative design might dictate that no in-line device should ever tap more than one link – thereby eliminating the possibility that two links might ever be impacted if such a device had to be replaced. The most conservative or lowest risk designs may even require that the tapping be done by a non-powered Physical Layer device such as a simple fiber tap and the task of aggregating the duplex data streams and making multiple copies for the tools be handled by a separate device.

There is no right or wrong answer for such question – it will be determined by the individual circumstances and priorities of the organization – but such issues should be considered.

What is the “TCP Reset” or Traffic Injection feature in a tap and how is it used?

Intrusion Detection Systems (IDS) may have an option to use a feature known as “Active Response” when malicious traffic is detected. If an attacker uses TCP sessions, they can be reset by RST (Reset) packets that are sent to reset one or both hosts in a session from the IDS. In the case of UDP, a session can be broken by sending various ICMP packets to the host from the IDS box.

In some cases the IDS may need to use the monitoring NIC for this purpose. Enabling a Bi-directional traffic path in the tap allows the RST packets to renter the network through a tapped copper link. In the case of a tapped fiber link the directional characteristics of fiber taps will not allow this. The “any-to-any” feature of Datacom Systems configurable taps allows the RST packets to be sent out any available extra Monitor port of the tap and enter the network via a local network switch.

Traffic injection is only done on copper based inline taps or bypass switches. Fiber taps do not allow traffic injection, based on their directional nature, they simply make a one way copy of traffic used for analysis.

I noticed that Ixia/Net Optics offers 10 Gigabit taps and regeneration products in three different interfaces. How do I know which one to order?

The three different interfaces are based on different laser sources and fiber core diameters. 10 GigaBit SR is designed for use with 850 nm lasers and comes in two different fiber core diameters, 50 µm and 62.5 µm. 10 GigaBit LR is designed for use with 1310 nm lasers and 8.5 µm diameter fiber core. 10 GigaBit ER is designed for use with 1550 nm lasers and 8.5µm diameter fiber core.

Will Ixia/Net Optics Copper Taps work with Category 5, 5e, and 6 cables?

Yes, Ixia/Net Optics Taps work with all cable types. When mixing and matching different cable types, the connection will operate at the lowest rated cable. Ixia/Net Optics recommends that you use Category 5e (CAT5e) cables or better with all Gigabit copper devices. All Ixia/Net Optics copper Taps are shipped with CAT5e cables.

I have had a Ixia/Net Optics Fiber Tap for a couple of years and noticed that the light loss budget seems higher. Do the Fiber Taps go bad?

Fiber components of Ixia/Net Optics Fiber Taps are designed to last for the life of your installation. Dirty or loose connectors will cause a loss of optical power. Cleaning the connectors will restore light levels in most cases.

What is the difference between ATM Fiber Taps and GigaBit Fiber Taps? Can they be used interchangeably?

ATM Fiber Taps are manufactured and tested for use with an LED light source and GigaBit Fiber Taps are manufactured and tested for use with a Laser light source. You should avoid mixing Tap types to ensure insertion loss and split ratio accuracy and prevent ATM Taps from being damaged by laser light.

I noticed Ixia/Net Optics Fiber Optic Taps are offered in multiple split ratios. Why would I need the different split ratios?

A split ratio is the amount of light that is re-directed from the network to the monitor ports. With higher split ratios, less light is re-directed from the network link to the monitoring link, ensuring adequate light power for the network link. Click on the following link to download our Split Ratio Reference Chart. Ixia/Net Optics Fiber Split Ratio Reference Chart

I have installed a Net Optics Fiber Tap and verified that network traffic is passing through the Tap but I do not see traffic coming out of the Tap Monitor Ports. What should I check?

If the Transmit and Receive portions of your fiber optic cable are crossed on the Network Ports of the Tap, you will see traffic pass through the Tap but nothing coming from the Monitor Ports. Check to see that the cables going into the Network A and B ports on the Tap are as follows: TX = In, RX = Out.

I have a 10/100BaseT Tap and can´t get link established through the Tap. Do I have it cabled correctly?

When connecting Tap network ports to Switches, Routers, and Hubs, use straight-through cables. Use a crossover cable and a straight-through cable when you are connecting similar devices, such as Switch-Switch (DTE-DTE), to the Tap. Use straight-through cables to connect hubs, switches, or NICs to the Monitor Ports.

Do Ixia/Net Optics Taps participate in link negotiation?

All Fiber, WAN, and 10/100-based Taps are pass-through devices that do not participate in link negotiation. Ixia/Net Optics Copper Taps negotiate a separate link with each network device.

Aggregation Taps

Where would I use an aggregation tap in my network?

Although ideal for Ethernet links where the total utilization is under 50%, theSINGLEstream™ Aggregation Tap may be used on any full duplex Ethernet link. The most likely locations on the network to deploy a link aggregation tap will be those in which probes or IDS devices need 24x7 visibility. These include the links between switches and critical servers, full duplex connections between routers and firewalls, and links between firewalls and a demilitarized zone (DMZ).

What´s the difference between Port Aggregators and Link Aggregators?

Port Aggregation Taps are aggregating the RX- and TX traffic of one network link to one monitoring port. Therefore it is possible to analyze the Full Duplex network traffic on one single interface. After aggregating the TX - and RX traffic to one single port, the aggregated traffic is regenerated to a second monitoring port, providing the possibility to have a second monitoring tool to analyze the Full Duplex traffic with also just one NIC.

Link Aggregators allow the monitoring of multiple network segments with one or several monitoring appliances. These Taps are aggregating the traffic of up to 12 Full Duplex connections into one single interface After aggregation, the traffic is regenerated to up to 24 monitoring Ports . One big advantage of this solution is that the connected monitoring system only needs one NIC to monitor all 12 connections at the same time. Link Aggregation Taps are perfectly designed for the analysis of asymmetric network traffic and redundant routes with dynamic network protocols.

Do you send all traffic to the Link Aggregator monitor ports?

Yes, all traffic is sent to the Monitor Ports until the sum of traffic reaches the capacity of the Monitor Port. Any traffic above this threshold is dropped.

Do you receive the full line rate data stream with Port Aggregators?

The Ixia/Net Optics Port Aggregator Taps combine traffic from both sides of a full-duplex link and send all traffic, up to the capacity of the Monitor Port, to the attached monitoring device. When utilization levels exceed the capacity of the Monitor Port, the Port Aggregator Taps buffer overflow data and send this data as soon as utilization drops below the capacity of the Monitor Ports.

What if my network links and my monitoring tools are not the same media type?

No problem. SINGLEstream™ Aggregation Taps come in a variety of media combinations that allow monitoring of fiber links with copper tools, copper links with fiber tools and are also available in several models with SFP based monitor ports that allow media type to be changed.

Why do Datacom’s link aggregation capable taps have more than one output (monitor port)?

In many network environments it is desirable and often necessary to have an IDSdevice monitoring a on a 24x7 basis. Additional monitor ports allow a protocol analyzeror other network management tools to access the same link on a permanent or as needed basis. This eliminates contention for access to the data. The extra monitor ports also allow redundant devices to be connected to the same link as a failsafe measure to prevent the loss of data in case one of the connected devices has problems or needs to be updated.

If I’m using a SINGLEstream™ Aggregation Tap and the link exceeds 50% aggregate utilization will I see packet loss on the link itself?

No. The link will continue to operate normally. If any packets were to be lost due to oversubscription they would be packet copies only – not the original data itself.

Is there a tap that can provide both aggregated and non-aggregated output?

Yes. Datacom Systems SS-1200, SS-2200 and SS-4200 series taps can be configured by the user to provide either type of output or on the higher port density models can even provide both simultaneously.
An additional benefit of this design is the capability for the tap to be reconfigured to accommodate growth in utilization. These taps can initially be deployed as aggregation taps but when utilization spikes begin to dictate the addition of a monitor card to the tool and a need for non-aggregated output - they can be reconfigured by the user to provide non-aggregated output.

Regeneration Taps

What is a Regeneration Tap?

Regeneration Taps provide passive monitoring access for multiple devices. Ixia/Net Optics' passive Regeneration Taps enable real-time, simultaneous monitoring of a network link or Span port by up to eight protocol analyzers, intrusion detection systems, and other devices for network monitoring and troubleshooting.

How is a Regeneration Tap different from a Matrix Switch?

Regeneration Taps provide passive monitoring access for multiple devices. Ixia/Net Optics Matrix Switches provide passive monitoring access across multiple networks for analyzers to perform real-time monitoring and analysis. Matrix switches greatly increase monitoring efficiency and leverage analyzer investments.

What are the different options available with Regeneration Taps?

The Regeneration Taps come in 2, 4,8 and 10 monitor port versions. They also support all major network interfaces such as 10/100, Gigabit, and WAN (OC3 and OC12). Regeneration Taps also come in Span and in-line versions. Span Regeneration Taps give users the ability to monitor up to two Span ports independently with multiple resources, reducing the burden on your switch. The in-line models tap one critical full-duplex link and make up to ten copies of that link.

Are Net Optics Regeneration Taps passive devices?

Yes, Regeneration Taps are completely passive devices.

Bypass Switches

What is a Bypass Switch?

Bypass Switches protect the link against power loss from the in-line IPS or security appliance. When the Bypass Switch is receiving power, traffic is routed to the in-line appliance. If power is lost or the appliance needs to be removed for maintenance, the Bypass Switch routes traffic past the in-line device using Fast Path technology preventing link downtime. See diagram below:

What is the heartbeat packet?

Heartbeat packets are a method of by which the load balancer becomes aware that an attached Intrusion Prevention System (IPS) lost power or had any other type of failure. The load balancer sends heartbeat packets through attached IPSs to continuously validate that the IPSs are passing traffic - the same technique used by Bypass Switches. If an IPS fails, the load balancer automatically takes the traffic that was bound to that IPS and redistributes it to the remaining active IPSs. When the failed IPS comes back online, the load balancer returns the traffic to it.
Another possible mode of dealing with IPS failures that may be offered by some monitoring load balancers is a port loopback mode. In this situation, traffic simply bypasses a failed IPS as if that IPS were connected through a bypass switch. Yet another mod is N+M tool redundancy where one or more warm-standby IPSs are designated.

How does a Bypass Switch with Heartbeat work?

The Optical Bypass Switch with Heartbeat protects against power failure, physical link failure, and application failure on the in-line appliance. The switch checks the path through the in-line appliance by sending a packet every second from Monitor Port C. The switch validates the path when it receives the packet on the Monitor Port D. If the switch does not receive the packet as expected three times in a row, the switch automatically enters Bypass ON mode.

Can you re-configure the Heartbeat interval?

(Ixia) Yes, you can configure the Heartbeat interval and also the numbers packets missed before the Bypass Switch enters Bypass Enabled Mode. The Bypass Switch has an RS232 port and a command line interface for programming Bypass Switch options. See the Installation Guide for complete information.


Do you offer any Media Conversion products?

Yes, we offer several different Media Conversion products. Click here to see the variety of Media Conversion products we offer.

What is Twinax cabling?

Twinaxial cabling, or "Twinax", is a type of cable similar to coax, but with two inner conductors instead of one. Due to cost efficiency it is becoming common in modern very short range high speed differential signaling applications.
One of major applications includes Cisco Systems implementation coupled with SFP+ modules. This type of connection is able to transmit at 10 Gigabit full duplex speed over 10 meter distances. Moreover this setup offers 15 to 25 times lower transceiver latency than current 10GBASE-T CAT6/CAT6a/CAT7 cabling systems: 0.1 µs for Twinax with SFP+ versus 1.5 to 2.5 µs for current 10GBASE-T specification. The power draw of Twinax with SFP+ is around 0.1 watts, which is also much better than 4-8 watts for 10GBASE-T.
As always with cabling one of the consideration points is Bit error ratio or BER for short. Twinax copper cabling has BER better than 10-18 according to Cisco, and therefore is acceptable for applications in critical environments.

Technology Terms

What is Zero Delay™?

Zero Delay™ is a unique tap technology offered only by Ixia/Net Optics that prevents packet loss or delay should the Tap lose power. Zero Delay technology prevents link downtime by eliminating the typical 10ms delay caused when other Taps lose power. That small delay can cascade into much longer delays as devices on the link detect a failure and attempt to re-establish communication.

What is Virtual Zero Delay (VZD)?

VZD is a patent-pending technology from Ixia/Net Optics designed to improve network reliability when using copper taps. Ixia/Net Optics' innovative Virtual Zero Delay circuitry guarantees that iLink Agg in-line copper connections will never lose their links when power goes off for whatever reason - such as power failures or during planned power up and power down events.
In the past, link renegotiation has been a major challenge for copper taps, costing precious seconds or minutes of link downtime when Tap power transitions. The VZD eliminates those lengthy renegotiation cycles by preserving the link state through power transitions, as if no break existed.

What is Link Fault Detect™?

Link Fault Detect is a Ixia/Net Optics feature that gives devices connected to the Tap critical information about link status. If either side of the bi-directional link fails, the Tap immediately communicates the fault to the other device, reducing the time required to activate a redundant path.

What is Flow Coherency?

Flow coherency ensures complete two-way conversations are directed to the same monitoring tool - meaning that traffic flows are kept together on the same monitoring tool. Flows are typically defined by a 5-tuple of header fields in the packets, the 5-tuple being source and destination IP addresses and ports, and the protocol.
Packets with the same 5-tuple value are all routed to the same tool, ensuring that entire flows are monitored or recorded on a single tool.

What is Fast Path™?

Fast Path is a technology found in the Ixia/Net Optics Bypass Switches that supports fail-open monitoring with any Gigabit in-line device when it shares the same power source as the in-line appliance. As long as the Bypass Switch is receiving power, it diverts network traffic to attached in-line devices. When power is lost, Fast Path maintains network link integrity with high-speed switching so the network link is maintained but is no longer routed to the in-line device.

What is Active Response?

Ixia/Net Optics products with Active Response allow network personnel to set their network devices to send active response packets such as TCP resets, ICMP messages, or ACL changes into the tapped link. Normally, Tap monitor ports are transmit only and do not allow traffic to flow back into the active link.

What is LaserWire?

Laserwire™ is new generation of cable for lower cost, high speed serial connectivity.
Laserwire utilizes fiber optic technology for the transmission of data while reducing the weight, density and power consumption of copper interconnects.
  • Lowest weight for high port count architectures
  • Small bend radius for easy installations
  • Low power consumption enabling a greener datacenter
  • Small Laserwire Jack enables compact host board designs
  • 'Plug and Play' solution for serial 10Gbps Interconnects

What is Deep Packet Inspection (DPI)?

Deep Packet Inspection is the ability to apply filters to a packet or multiple packets at any location, regardless of packet length or the location of the data to be matched within this packet. By applying filters based on DPI to traffic sent to a monitoring tool you are able to capture just the traffic of interest.

Talk to us

+49 6102 748-0