NextGig Systems, Inc. - Network Connectivity & Test Solutions
NextGig Systems, Inc. - Network Connectivity & Test Solutions
Whitepapers - Ethernet 10/100/1000 Copper Taps, Passive or Active?
Gigamon - Intelligent Data Access Networking
Abstract
This article presents an overview of the various Ethernet 10/100/1000 physical layer technologies for the copper medium. It discusses the pros and cons of active versus passive tapping and why active tapping is preferred for Gigabit Ethernet running over the copper medium. The switch-over behavior of active relay-based tapping is also presented.
10, 100 and 1000 – It is more than adding zeroes
The Ethernet physical layer is typically implemented in a chip called PHY. In the old days each PHY can handle only one port. Today there are PHY chips that each chip can handle multiple ports and supports both the copper and optical media. For example, see PHY chips from Broadcom or Marvell. Also, the PHY may be integrated as part of a larger chip that has other functionalities such as the MAC layer, or even as part of the CPU chip.
Most users of Ethernet and Gigabit Ethernet pay little attention to how the physical layer works. From a user’s perspective, typically the parameters that involve configuring the PHY are enabling or disabling auto-negotiation, setting up the auto-negotiation advertisement parameters such as the speed, duplex and flow control, or forcing them to certain values if auto-negotiation is disabled. There are obviously a lot more parameters in the PHY that can be configured, such as enabling or disabling automatic MDI crossover (AUTO-MDIX), the LED modes etc, but most of them are handled by the device driver and are invisible to the user.
Over the past some 25 years, the speed of Ethernet has increased from 10 Mbps in the early 1980’s, to 100 Mbps (Fast Ethernet) in the mid-1990’s, to 1000 Mbps (Gigabit Ethernet) in the late 1990’s. We also have 10Gbps Ethernet since the early 2000’s. The IEEE 802.3 standard governs these various technologies. Note that there are a few versions of Ethernet within each speed category. This reflects the fact that the technology is an evolving one, and that the marketplace plays a role in selecting the winners based on cost, features and availabilities. Table 1 shows a few of the Ethernet versions from each speed category for the copper medium. The common ones are marked with an asterisk.
Among these Ethernet versions, not just the speed is different, but also the cabling, duplex mode and the underlying encoding of the data bits are different. Each data octet or nibble is encoded in a symbol, and the symbol may contain more than one binary bit, hence the baud rate is distinct from the transmitted bit rate. Data encoding has long been used to provide clock recovery; bits recognition; error detection/correction and to maintain the DC balance of the medium.
One amazing thing with the current PHY chips is that a typical PHY today can support almost all of these Ethernet versions through proper register configurations. This is a lot of technologies integrated into the same chip!
The faster the baud, the harder to sniff
There are a few objectives to achieve when tapping an Ethernet copper connection.
The tap should not change the electrical characteristic of the tapped cable. It should avoid drawing too much power from the cable and it should minimize changing the impedance of the cable.
The tap should not generate errors back to the tapped line.
The tap must receive a clean copy of the tapped traffic.
The tap must be able to receive traffic from both directions in a full-duplex connection.
The tapped line must not be affected in case the tap fails.
The tap should have high performance and low cost.
Note that we assume the user is performing legal tapping in this discussion. The user is the network operator who wants to monitor and maintain his or her own network. We do not address the likelihood that a tap can be discovered by an external source. The latter belongs to a totally different profession beyond the knowledge of the author.
Given that all Fast Ethernet and Gigabit Ethernet traffic are encoded in symbols, it makes sense to put PHY chips on the taps so that the tapped traffic terminates at the PHY chips. The PHY chips then decode the tapped traffic back to the original data octets, which can then be re-generated to feed the back end monitoring or security tools.
Generally speaking, there are 3 ways to tap an Ethernet copper connection.
The first way is through direct connections to the wires of the tapped cable, as shown in figure 1
Table 1: Common Ethernet Technologies for the Copper Medium
One Baud (Bd) = One transmitted symbol per second
STP = Shield Twisted Pair
UTP = Unshielded Twisted Pair
The advantage of this method is that the tapped connection is not affected even if the tap fails. The disadvantage of this method is that the tap interferes electrically with the tapped cable. It introduces changes in the impedance of the cable and also draws away power from the tapped source. This problem gets worse as the line speed increases. For Gigabit Ethernet, this method imposes challenges in properly terminating the connections so they do not create reflections, distortion of signals and generation of crosstalk, yet simultaneously trying to minimize the amount of power drawn from the wires being tapped.
The second tapping method is through inductive tapping, as shown in figure 2.
The advantage of this method is that the tapped connection is not affected even if the tap fails. The disadvantage of this method is that the tap interferes electrically with the tapped cable. It introduces changes in the impedance of the cable and also draws away power from the tapped source. This problem gets worse as the line speed increases. For Gigabit Ethernet, this method imposes challenges in properly terminating the connections so they do not create reflections, distortion of signals and generation of crosstalk, yet simultaneously trying to minimize the amount of power drawn from the wires being tapped.
The second tapping method is through inductive tapping, as shown in figure 2.
Active relay tapping terminates the connection of each node to the tap. The tap then uses a forwarding engine to forward the traffic from the left hand connection to the right hand and vice versa, and meanwhile it creates copies of the same traffic and send them to the backend monitoring and security tools.
The disadvantage of this method is that the forwarding engine is an active electronic component that may fail over time or the tap may fail if electricity goes out. The role of the relay is to rapidly close the circuit of the connection being monitored in case the tap fails, such that node 1 connects to node 2 as if there is simply a straight wire between them. The end result is that the tapped connection is not permanently broken if the active tap fails.
This method turns out to be the best for tapping Gigabit Ethernet traffic. It does not involve changing the impedance along the cable. From the system standpoint, this is as if there are two separate standard Ethernet connections: one from node 1 to the left PHY of the tap; another from node 2 to the right PHY of the tap. This method also works well for 10Mbps and 100 Mbps Ethernet connections.
The following shows a 10/100/1000 copper tap module manufactured by Gigamon. The relays are the small rectangular components in the front of the module. Similar relay-based Gigabit tap products are available from other manufacturers as well (e.g., NetOptics and Network Critical).
Switch-over behavior of an active relay copper tap
Typically, there are 8 relays in an active Ethernet copper tap. Each relay handles one of the 8 wires within a CAT 5 cable. The switch-over time of a relay is about 0.5 millisecond, as shown in figure 4.
In figure 4, each horizontal division represents 500 micro-seconds. Before switching from active mode to passive mode, traffic flows from node 1 to the tap, then through the forwarding engine to node 2, and vice versa in the other direction. Therefore signals are seen on the green line for the first 4 time divisions. At the 4.25th division, relay switch over occurs, and therefore no more traffic goes to the PHY of the tap. The green line suddenly becomes quiet. Then at about the beginning of the 5th time division, the purple line suddenly sees signals. This means that physical connection between node 1 and node 2 is now established. Hence the switch-over time before physical connection is re-established is about 1 time division, or 0.5 millisecond.
During a relay switch over, although the physical connection is re-established within half a millisecond, the link between node 1 and node sometimes may not be re-established until 2 to 3 seconds later. Other times the link may be re-established right after physical connection is re-established.
We monitored the trace behavior during such situations and found out that, if the link LED goes off and comes back on in 2-3 seconds, the purple signal, which is seen 0.5 millisecond after the relay switch over, suddenly disappears and stays disappeared for 2-3 seconds and then comes back out again. At this moment the link LED is also up. In the case where the link LED’s stay solid at the end nodes, we observe that the signal at the purple line stays unchanged. Note that to re-establish a link, the PHY has to go through a state machine exchanging a number of control code groups. The device driver software that periodically polls the PHY for link status may have sampled the link down event and may then reset the PHY and/or MAC. The time to come out of a PHY or MAC reset is usually much longer, in the order of 1 or 2 seconds. Hence this can contribute to the perceived 2-3 seconds overall delay because both ends may have their PHY or MAC modules resetting.
No free lunch
In summary, technically, there are more challenges to implement a passive copper tap that works at Gigabit Ethernet speed or higher. Using an active relay copper tap is the current best choice, although there may be occasions where the link can be down for 2-3 seconds during a relay switch-over. This has to do with the process of re-establishing link between the end nodes. The tap relay typically re-establishes physical connection within a millisecond or less.
About Gigamon Systems
Founded in 2003 by six veterans of network monitoring and telecommunications equipment companies, Gigamon Systems is the inventor and leading provider of Data-Access Switches. Its flagship product, GigaVUE®®, can multicast packets from one span or tap to many tools to solve the span port sharing problem. It also can aggregate and intelligently filter packets from many spans or taps to one or multiple tools to solve the problem of monitoring flows across complex mesh topologies and virtual networks. GigaVUE®® facilitates unobtrusive parallel tool deployment with network-wide coverage, significantly reducing customers’ capital budgets and yielding immediate ROI benefits.
For more information about Gigamon Data Access Switches please contact us here.
Questions? Call 1-805-277-2400
Web Demo
Related Products
All Network Taps
Network Monitoring
Network Recording
Ethernet Testing
Network Emulation
Storage Emulation
All registered and unregistered trademarks are the sole property of their respective owners.
Products | Solutions | Store | Support | News | About Us | Why NextGig? | Employment | Privacy | Sitemap | Contact Us
Copyright © NextGig Systems, Inc. All Rights Reserved.