Technical Field
This application relates generally to monitoring, analysis, processing and recording of data packets in a network using a network tap device.
Brief Description of the Related Art
In many cases, it is desirable to monitor the traffic between two points in a network. A network tap is a hardware device which provides a way to access the data flowing across a network. It typically has a number of ports: a first port, a second port, and one or more monitor ports. A tap inserted between the first and second ports passes all traffic through unimpeded, but also copies that same data to a monitor port. A “filterable” network tap, which is commonly-used in a 10 Gigabit environment, provides advanced filtering. It can selectively pass data, e.g., based on application, VLAN ID, or other parameters, to a 1-Gigabit port for deep analysis and monitoring. Once a network tap is in place, the network can be monitored without interfering with the network itself. Likewise, a monitoring device can be connected to the tap as-needed without impacting the monitored network. Some taps operate at the physical layer of the 7 layer OSI model rather than the data link layer. This means that they can work with most data link network technologies that use that physical media, such as ATM and some forms of Ethernet. Network taps that act as simple optical splitters, sometimes called passive taps, may operate in this manner.
By way of additional background, modern time synchronization for data acquisition and recording systems often implement the Precisions Time Protocol (PTP) according to the IEEE 1588 standard. Time synchronization in a network based on IEEE1588 (or NTP/SNTP) is based on time-stamping of incoming and outgoing time packets on a time server (time source), and on time clients. In this approach, a PTP Ground Master Clock of a network is the common time base source for all PTP Slave Clocks within the network. The switches in a PTP network may have PTP Transparent Clock or Boundary Clock support. Time synchronization packets forwarded through a switch with PTP Transparent Clock support do not suffer from variable switch latency. The switches in the network preferably have Slave Clock support, meaning they are synchronized with the PTP Slave Clock end devices to the same Grand Master Clock. A switch on the edge of the network can also provide non-PTP interfaces with time synchronization output signals to distribute time to non-PTP end devices. The Transparent Clock (TC) mode preferably is implemented in each network switch. The TC functionality corrects the residual latency introduced by the network node. It also adjusts the time stamp in accordance with the switch residence time and forwards the synchronization messages to the next network node in the chain.
In the context of a network tap that implements the IEEE1588 standard, the clock used for time stamp generation can be based on a PTP Slave Clock implementation, NTP/SNTP client, built-in GPS receiver, or similar techniques for disciplining the network tap clock.