Centec TAP Series Switches support bypass and in-line deployment in enterprise or Data Center network. It supports various TAP functions, including:
- M: N Flow mapping
- Tagging source port by VLAN
- LAG as output port
- Load balancing based on L2, L3 and L4 header
In the case of tunnel processing, the switches support de-encapsulating VxLAN header, and tagging different VLAN according to VNI. Centec TAP switch can also modify IPDA/SA and MACDA/SA to reach specified security device.
Centec V580-TAP devices could be used as the TAP aggregation devices on Data Center gateway, core network or access network. When deployed on the DC gateway, it could be easy running in the bypass mode to aggregate all the output traffic on a single TAP switch. The TAP switch could distribute the traffic to multiple security devices using the M:N flow mapping for further security check. In the real deployment, ACL could be applied on the output port of TAP switch to reduce the unnessary traffic load.
The bypass mode can also be used on the core network. The deployment is just the same as on the gateway. One thing to highlight here is although VxLAN is widely used in current Data Center, most security appliance could not either identify the VxLAN packet or even it could, taking quite much resources to process it. Centec V580-TAP switch could also offload the VxLAN encapsulation/decapsulation process to save the CPU resource on the security appliance.
The deployment of TAP switch on the DC access node is very similar as to the gateway. Basically there are two positions to place the TAP: on the uplink port of access device or on the network port. The only difference is traffic from uplink port would carry the VxLAN header which is very similar as in the core network.
The bypass mode could be applied to other networks like big Enterprise, smart grid or financial service.