Net Optics 10/100BaseT Port Aggregator Tap

The Tap shows all data frames on a single interface.

March 12, 2004

6 Min Read
Network Computing logo

No Drag on Performance

I tested the Port Aggregator in our Syracuse University Real-World Labs, using Spirent Communications' SMB (SmartBits) 600 with a LAN3101A minimodule, SmartWindow 7.7 and SmartApplications 2.5 (see "Tap Testing,").

To determine if the Port Aggregator would have an adverse effect on network performance, I ran the SmartApplications test suite for throughput and latency. This test is designed to conform with the Benchmarking Methodology for Network Interconnect Devices (RFC 2544).

Tap Examplesclick to enlarge

The Port Aggregator passed all frames at 100 percent utilization and with less than 2 microseconds of latency--hardly enough to matter. Rerunning the throughput test, I pulled the power cord while the frames were flying.

The frames continued to flow through the Port Aggregator without a single one dropping. I'm confident from my lab tests that the Port Aggregator won't impede network performance.Port Monitoring

The Port Aggregator's monitoring port, which can transmit data no faster than 100 Mbps, processes incoming frames on a first-in, first-out basis. If the total utilization of the monitoring port is less than 100 Mbps, all frames are sent to the monitoring port. If utilization exceeds 100 Mbps, the received data is queued in memory until it can be sent to the monitoring port.

When the memory is filled on a wire pair, incoming frames are dropped from the monitoring queue. As soon as memory is available, more frames can be added.

Using SmartWindows, I tested the monitoring port's capabilities by connecting Port 1 of the SMB 600 to the Port Aggregator's Port A, Port 2 of the SMB 600 to Port B and Port 3 of the SMB 600 to the monitoring port.

Performance Chartsclick to enlarge

After creating a 30-Mbps stream of 64-byte packets, I released a traffic stream on Port 1 that would burst a fixed number of single-sized frames--SmartWindows calculated the burst time. I then compared the number of frames received on the monitor port with the total number of frames sent from Ports 1 and 2. Counting any packet loss as a failure, I adjusted the number of frames until I received a maximum amount of burst traffic with zero loss.Smaller Means Slower

Port Aggregator/Tap Testingclick to enlarge

As frame size decreased, so did the throughput, which went from 128.6 Mbps for 1,500-byte frames to 116.5 Mbps for 128-byte frames.



NET OPTICS 10/100BASET PORT AGGREGATOR TAP, $950 (rackmount and PCI models). Net Optics, (408) 737-7777.

At a 1,500-byte frame size, 3,255 frames were passed that reached maximum utilization on the network; but 25,767 128-byte frames were transmitted in the burst. I found a 512-byte frame size to be optimal, allowing for the highest burst rate with a minimal reduction in overall throughput (see "Bits transferred during burst" in the performance charts below).Net Optics explained that for larger packet sizes, it takes longer to transmit the entire frame from the buffer, and the memory isn't freed until the frame has been successfully sent. With smaller packet sizes, throughput is limited because of the queuing process and the 4-byte tag the Port Aggregator tacks on each frame to track its status. Your results will vary, depending on your traffic mix.

Losing Latency

I used Spirent's SmartWindows to test latency for traffic sent to the monitor port. For burst traffic at a 512-byte frame size--less than 100 percent utilization--there was a repeated 44 microseconds of latency, which is trivial. Once traffic levels exceeded 100 percent utilization, however, I measured a large number of frames with latencies greater than 10 milliseconds, reaching as high as 336 milliseconds (see "Percent of frames within a latency bucket" in the performance charts).

In other words, as utilization surpasses 100 percent and frames are queued up until they can be transmitted, latency will increase. This is important to remember when you're troubleshooting, as latency-related issues may be masked.

Why Buy It?In short, the Port Aggregator worked as advertised. But the unit is cost-effective only if you » need to multiplex a full-duplex network onto a half-duplex connection, » expect short traffic bursts above 100 percent utilization or » can't risk a down link from a loss of power on the tap. If none of these conditions apply, you're better off buying a switch with a mirror port off eBay for about $300.

For information on how Net Optics has updated other taps that work with intrusion-detection systems, see the sidebar.

Mike Fratto is editor of Secure Enterprise and a contributing editor to NETWORK COMPUTING. Write to him at [email protected].

Post a comment or question on this story.



NET OPTICS 10/100BASET ACTIVE RESPONSE REGENERATION TAP, starts at $3,995. Net Optics, (408) 737-7777.

Net Optics has added an Active Response port to its 8x1 and 4x1 Regeneration Taps to enable response traffic from an intrusion-detection system to be injected back into the original network link.

Each Active Response Regeneration Tap passes traffic regardless of whether the unit is powered. The beta unit I tested had a rocker switch that let you change the Active Response port from active (traffic-injecting) mode to passive (traffic monitoring only) mode. In the production unit, Net Optics will replace the rocker switch with a DIP switch for activating the Active Response port and setting port speed and duplicity.

I tested the 8x1 Active Response Regeneration Tap in our Syracuse University Real-World Labs, putting it through the same tests the Port Aggregator underwent. First, I connected the Active Response to the SMB (SmartBits) 600. Passing frames through the Active Response tap, I successfully injected several frames back into the network. The tap passed 100 percent of all frames. Latency through the Active Response was negligible--less than 2 microseconds.

As tested, Active Response costs $4,995--about $1,000 more than an 8x1 Regeneration Tap without Active Response. The same purchasing criteria apply to this product as to the Port Aggregator: If you need a device that passes frames regardless of power, and if it's too disruptive to put a switch in-line so frames can be injected into the network, the product is worth the investment.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights