Aggregation and Filtering switches
In order to get visibility into network and application performance, as well as perform security functions, network operators need to be able to connect appliances to the network. These appliances could be network sniffers, IDS, IPS, specialised VoIP monitoring probes, and others.
Two challenges arise here: firstly, these appliances are costly and there are many points on the network where visibility is desired; secondly, there is contention for SPAN and TAP points, with different operations groups wanting access to the data for different tools.
In order to address these issues a class of aggregation and filtering switches, sometimes known as Packet Broker Switches, has arisen.
These have a large number of network ports of different speeds, and are connected to many SPAN and TAP points in the network.
Permanent visibility is needed at some places in the network (for example, if packet flow monitoring is required), so those points can be permanently connected to a probe. In many cases, the traffic can be filtered down to remove traffic that is not of interest (e.g. HTTPS, database replication, backups) and the resulting lower bandwidth means that traffic from multiple TAP and SPAN points can be aggregated into one probe port, achieving blanket network visibility without having to put a probe on every street corner.
Other points of the network only need connectivity for ad-hoc troubleshooting with network sniffers or other packet capture devices. In this case the ability to have all the potential troubleshooting points already connected to the aggregation and filtering switch means that access the the packet stream is instantaneous, and does not need to involve physical access to the data centre.