1. The Field of the Invention
The present invention relates to network taps for providing access to network data for analysis purposes. In particular, the invention relates to a network tap that allows an attached analyzer device to access and monitor multiple communication links.
2. The Relevant Technology
In recent years, it has been desirable to be able to monitor and analyze the data flow in communication channels between and within networks. Some of these reasons include monitoring the communication channel for certain types of data, identifying and diagnosing network problems, detecting interruptions in the communication channel, detecting degradation in the communication channel, and the like. Thus, network taps, which are systems for tapping into communication lines, have been developed.
In general, a network tap is a device that is positioned in-line with a communication line and enables network analyzers or other attached devices to have access to a copy of the data transmitted over the communication line. A network tap is typically installed by physically disconnecting or breaking a network cable and positioning the tap between the two ends of the network cable. Once the tap is installed, network analyzers or other devices can access the network data without having to manipulate the network cable or altering the topology of the network. Moreover, conventional network taps enable access to the network data without disrupting or modifying the network data or the topology of the network.
Communication system channels have largely been composed of metallic conductors such as copper or other low resistance metals. Systems using such conductors have generally been relatively easy to monitor and evaluate without great disruption or intrusion into the communication channel since current flows throughout the entire conductor and portions of the conductor can be externally “tapped” with another conductor attached to the test equipment that bleeds-off a negligible amount of test current.
Additionally, conductive fibers that transmit light have also been used as communication channel medium and have proven to be advantageous for the transmission of large amounts of information, both in digital and analog form. Fiber conductors, unlike metallic conductors, propagate the information signal in a very longitudinally directional path. Furthermore, the information signal propagates down a very narrow internal portion of the conductor making the non-intrusive external “tapping” of the fiber impractical.
Therefore, in order to monitor a fiber channel, a splitter also known as a coupler, must be placed “in-line” with the fiber channel to reflect a portion of the light from the main conductive fiber channel to another conductive fiber channel that can be coupled to a network analyzer or other test equipment.
FIG. 1 illustrates a system 100 for monitoring a plurality of fiber channels 102-108 connected to a plurality of in-line taps 126-132. The fiber channels 102-108 represent a portion of a communication cable disposed in this example somewhere between the Internet 134 and a local area network (LAN) 136. Each tap 126-132 includes a dedicated coupler 110-116 connecting with a corresponding plurality of dedicated test equipment 118-124. Taps 126-132 allows test equipment 118-124 to monitor and/or analyze the signal in channels 102-108, while an output signal is allowed to continue on to the LAN 136.
While the arrangement of FIG. 1 makes in-line testing possible, the installation of individual taps 126-132 to each individual channel 102-108 has been complex and tedious. Additionally, even when the taps 126-132 are inserted into the various individual fiber channels 102-108, the logistics and expense of connecting dedicated test equipment to each channel soon becomes prohibitively expensive. It would be an advantage to provide a tap which allows for multiple communication channels to be monitored in a cost-effective manner.
Also, even if a single piece of test equipment is reused on multiple channels, the logistics of disconnecting and reconnecting to each of the various couplers becomes expensive, tedious, and, especially when remote monitoring is desired, impractical or impossible to timely access and physically re-couple with each of the channels.
There is a need to provide a non-intrusive solution that efficiently uses network analysis resources while allowing the channel to remain intact without interrupting the flow of traffic on the channel. Furthermore, a need exists for providing convenient selection of channels for monitoring without impacting the flow of communications traffic on the channel under analysis. There further exists a need to efficiently utilize test equipment without requiring deployment of a full suite of test equipment dedicated to each communication channel.
In recent years, various types of attached devices have been developed for connecting to network taps. That is, network taps have been used for reasons other than simply monitoring a communication line. For example, the market for network security systems has also increased and is expected to continue to rise over the next few years. Indeed, security systems are almost a necessity in any enterprise local area network system to prevent unwanted intrusions by unauthorized people. Security systems typically comprise a firewall and/or an intrusion detection system. A firewall generally consists of one or more filters placed in the flow of communication to block the transmission of certain classes of traffic. Alternatively, a firewall may consist of one or more gateways that permit traffic flow into a network system. However, firewalls are sometimes defeated, which can result in unauthorized individuals gaining access to the network.
Intrusion detection systems are network security devices that identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise the network. For example, an intrusion detection system may be implemented to prevent against, among other things, access by hackers or deployment of viruses. In order to detect such intrusions, the intrusion detection system must have access to the data flow in a communication line that is in communication with the firewall. The intrusion detection system analyzes the data for indicia of intrusions.
Firewalls and intrusion detection systems are usually appliances or software applications implemented on servers or client computers in a network. When implemented as an appliance, a firewall and an intrusion detection system are usually separate devices connected to each other and to the network through multiple communication lines and/or switches. However, because conventional network taps permit only uni-directional data flow to connected devices, intrusion detection systems have been configured to communicate with the firewall through an additional external, or out-of-band, communication line and an external switch. This presents additional hardware that needs to be purchased and configured. Furthermore, the external switch is often expensive. It would thus be an advantage to reduce the number of communication lines required to connect a network tap, an intrusion detection system and/or firewall to a network. Furthermore, it would be an advantage to reduce the expense of having an extra switch to allow the intrusion detection system to communicate with the firewall.
Generally, each tap 126-132 requires a pair of ports to connect each test equipment 118-124. Thus, only those test equipment that are connectable by dual cables can be used with the taps in FIG. 1. However, some testing equipment are manufactured to connect to a network tap through a single cable, while others can connect to a network through two cables. For example, an intrusion detection system which has only one port may also require a costly external switch device to combine two ports into one. This can be done with a span port which combines all of the Ethernet traffic onto a single port. Also, there are other analyzers that connect to network taps using one or two cables. However, previous network taps were not flexible enough to accommodate different attached devices requiring different connective configurations. It would thus be an advantage to provide a network tap which allows for multiple types of attached devices to be connected thereto. Additionally, it would thus be advantageous to provide the user with the ability to select between various port configurations or even disable some of the ports.
Furthermore, it would be advantageous to be able to enable or disable a network tap with the ability to send information back through the network tap without disrupting the data flow in the main communication line depending on the type of attached device connected thereto. For some types of attached device, the ability to send device data would be advantageous, while for other types of attached devices, a passive connection is preferred. However, the prior art taps did not provide this type of flexibility. It would thus be an advantage to provide a user with a network tap in which the ability to send information through the tap could be enabled or disabled.
System 100 also illustrates that network taps of the prior art have largely remained passive devices, simply as a means for allowing attached devices to view the network data. However, it would be an advantage to allow attached devices to be able to extract statistics of the network data and use these statistics as a basis for additional functions. It would also be an advantage to be able to upgrade or program a network tap after it has been connected to a network system without having to disconnect the network tap or replace the network tap in order to provide other functionalities.