WO2007059509A2 - Passive tap and associated system for tapping network data - Google Patents

Passive tap and associated system for tapping network data Download PDF

Info

Publication number
WO2007059509A2
WO2007059509A2 PCT/US2006/060917 US2006060917W WO2007059509A2 WO 2007059509 A2 WO2007059509 A2 WO 2007059509A2 US 2006060917 W US2006060917 W US 2006060917W WO 2007059509 A2 WO2007059509 A2 WO 2007059509A2
Authority
WO
WIPO (PCT)
Prior art keywords
tap
network
data
signal
zpl
Prior art date
Application number
PCT/US2006/060917
Other languages
French (fr)
Other versions
WO2007059509A3 (en
Inventor
Greta L. Light
James D. Mcvey
N. Anders Olsson
A. Michael Lawson
Paul R. Gentieu
Donald A. Blackwell
Original Assignee
Finisar Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Finisar Corporation filed Critical Finisar Corporation
Publication of WO2007059509A2 publication Critical patent/WO2007059509A2/en
Publication of WO2007059509A3 publication Critical patent/WO2007059509A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/022Capturing of monitoring data by sampling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors
    • H04L43/0847Transmission error

Definitions

  • monitoring systems utilizing network taps which are configured so that network data can be captured for analysis without interrupting operation of the network.
  • some taps include a buffering mechanism that enables the capture of network data.
  • network taps are able to copy selected portions of the data stream, and then provide the copied portion of the data stream to a network analyzer or other device for evaluation.
  • an Ethernet device 101 is shown as being in communication with an Ethernet device 102 using standard Cat5 network cable.
  • the communication on the twisted pair cable is bidirectional as is depicted by arrows 110 and 111.
  • a tap 120 which situated in the communication path between Ethernet devices 101 and 102. Tap 120 is used to access the data signals for monitoring.
  • the tap includes relays 121 and 122 that can direct the signal path flow, Further included in system 100 are four Physical Interface Devices (Phys) 131-
  • These Phys may be individuals or contained in two dual or one 130 quad package as shown.
  • the Phys provide the physical connection between the copper Cat5 cable and the communication network.
  • the relays 121 and 122 of tap 120 are energized causing the flow of information between the Ethernet devices 101 and 102 to be redirected to Phys 132 and 133.
  • energized relay 121 causes the data from device 101, referred to as A data, to flow to Phy 132.
  • Phy 132 sends the A data signal to Phy 131, where it is provided to monitor A for monitoring and to Phy 133, which provides the A data to energized relay 122 and device 102.
  • energized relay 122 causes data from device 102, referred to as B data, to flow to Phy 133.
  • Phy 133 sends the B data signal to Phy 134, where it is provided to monitor B for monitoring and to Phy 132, which provides the B data to energized relay 121 and device 101. Accordingly, system 100, utilizing the combination of tap 120 and quad Phy 13O 5 is able to monitor the communication between Ethernet devices 101 and 102 while still allowing the devices to communicate bi-directionally.
  • network tap 120 is often susceptible to a power loss or other fault conditions.
  • the external power supply to the network tap is a significant failure point in the system.
  • disconnection of such external power supplies is a relatively common occurrence.
  • disconnection of the external power supply to the network tap occurs because the network tap and power supply are located in a place where personnel may inadvertently, or mistakenly, unplug the power supply.
  • the principles of the present invention relate to a passive network tap or Zero Packet Loss (ZPL tap) coupled to the communication path of a copper-based communications network including first and second devices.
  • the first and second devices communicate by use of a data stream including first and second components.
  • the principles of the present invention are also directed to chassis systems including one or more ZPL taps.
  • the passive or ZPL network taps include first and second network ports configured to operably connect with first communication cables, the first communication cables configured to carry the data stream to and from the network tap device.
  • First and second tap ports configured to operably connect with second communication cables may also be included.
  • the passive or ZPL network taps further include a signal separator having a first node connected to the first network port and a second node connected to the second -A-
  • the signal separator is configured to receive the data stream from at least one of the first or second network port and pass through the data stream to the network port not providing the data stream.
  • the signal separator is further configured to obtain while passing through the data stream a first signal portion substantially comprising the first signal component and a second signal portion substantially comprising the second signal component.
  • the passive or ZPL network taps also includes a first receive only physical interface device (Phy) configured to receive the first signal portion from the signal separator and provide the first portion to the first tap port and a second receive only Phy configured to receive the second signal portion from the signal separator and provide the second signal portion to the second tap port.
  • Phy receive only physical interface device
  • Figure 1 illustrates a conventional copper based Ethernet monitoring system
  • Figure 2 illustrates a communications network including a passive or ZPL network tap array
  • Figure 3 illustrates a passive or zero packet loss network tap
  • Figure 4 illustrates internal and other features of the zero packet loss tap
  • FIGS 5A-5C illustrate embodiments of signal separators with bidirectional couplers
  • Figures 6A-6D illustrate examples of actual signal separation achievable by a signal separator by itself or in combination with a signal separation stage;
  • Figure 7 illustrates a plurality of passive or zero packet loss taps housed in a chassis of a tap array;
  • Figure 8 illustrates a zero packet loss tap/aggregator
  • Figure 9 illustrates a method for separating a first and a second signal component from a first data stream used in communication between two devices according to principles of the present invention
  • Figure 10 illustrates an environment and process flow that may be implemented to perform an operation to extract the a first signal component from a data stream comprising the first component and a second component that is less than the first component according to principles of the present invention
  • Figure 11 illustrates a method for configuring and using a listen or receive only Phy according to principles of the present invention.
  • Figure 12 illustrates an equipment rack in which multiple sub-chassis are combined together.
  • embodiments of the present invention are concerned with passive or zero packet loss network taps (also hereinafter referred to as a "ZPL" tap) and associated devices, hardware and software in connection with copper- based Ethernet networks.
  • the passive network tap eliminates potential network data loss due to power loss or other fault in the tap, which contributes to a relative improvement in the reliability and operation of the network.
  • passive network tap is configured for use with a variety of Ethernet data rates, including, but not limited to, 10/100/1000 Mbit/sec., or even faster rates. More generally however, embodiments of the invention are suited for operation with any network where data is carried over the network lines. Accordingly, the scope of the invention should not be construed to be limited to any specific network type or data rate.
  • exemplary passive network taps of the invention do not include any active components positioned in-line with a network cable that could cause data packet loss or otherwise cause users on either end of the network link to be aware of the fact that data is being accessed by a tap. In other words, regardless of power loss or other fault to the passive tap, there is no loss of communication between devices communicating over the network. Additionally, some embodiments of the passive network tap are employed in a stand-alone configuration where the network tap obtains data from the network and then passes the data to a remote, or external, device such as an analyzer, bit error rate tester ("BERT”) and/or other device.
  • a remote, or external, device such as an analyzer, bit error rate tester ("BERT”) and/or other device.
  • BERT bit error rate tester
  • the network tap is incorporated into another device, such as a portable analyzer for example.
  • a portable analyzer for example.
  • embodiments of the invention embrace portable analyzers and other devices that incorporate a passive network tap.
  • a group of passive network taps are incorporated together into a bank, block or similar configuration so that the network data stream can be tapped and directed to multiple devices by way of respective passive network taps.
  • Such banks or blocks can be configured in serial or parallel fashion.
  • embodiments of the passive network tap are suitable for use in Voice Over Internet Protocol ("Voice Over IP") systems and applications. Yet other embodiments are employed in monitoring telephone lines.
  • exemplary passive network taps are configured such that users on either end of the network link are unaware of the fact that data is being accessed by a tap. This feature is particularly useful for governmental agencies or other entities that are authorized to access network data for the purposes of monitoring and surveillance of communications.
  • Embodiments of the passive network tap include a variety of components which enable the network tap to implement network data stream tap functionality. More particular details concerning such components and their functionalities and operations are provided below in connection with the discussion of Figure 2.
  • An exemplary copper- based Ethernet monitoring system in. which a ZPL network tap may be employed will first be described, followed by aspects of an exemplary passive network tap. Note that the principles of the present invention are not limited to any specific environment.
  • Figure 2 depicts one example of an operating environment in which a ZPL tap can be utilized, in accordance with one example embodiment of the present invention.
  • the environment depicted in Figure 2 can also represent an environment in which a ZPL Tap and Aggregator of embodiments of the present invention can be included, as discussed further below in connection with Figures 8 and 8.
  • Figure 2 shows a block diagram of a communications network, or computer network 200, including a ZPL network tap array ("ZPL tap array”), generally designated at 250, in accordance with one embodiment of the present invention.
  • ZPL tap array ZPL network tap array
  • the computer network 200 in a selected network segment 201, generally includes a network server 202, a network switch 204 (e.g., a router), desktop computers 206 a-c, and the ZPL tap array 250.
  • the ZPL tap array 250 includes a chassis 252 that contains a plurality n of ZPL tap devices 300.
  • the network server 202, the desktop computers 206b,c and the ZPL tap 300 are coupled directly to the network switch 204.
  • the ZPL tap 300 is coupled between the network switch 204 and the desktop computer 206a via cables 208a, b.
  • the ZPL tap 200 is further coupled to a monitoring device 210 via cables 212a,b.
  • the cables 208 and 212 are typically four-pair Cat5 twisted-pair cables, but the ZPL tap 300 can also work with 1 OBASE-T and 100BASE-T Ethernet systems, which typically use Category 3 (Cat3) cables, or with other suitable transmission lines.
  • Cat3 Category 3
  • the ZPL tap 300 can be programmed to operate with multiple Ethernet speeds and cables using an onboard microprocessor, discussed further below, or by setting jumpers and/or switches in the ZPL tap.
  • the other n ZPL tap devices 300 are operably coupled to corresponding monitoring devices, such as the monitoring devices 220 and 230 shown in Figure 2, and their operation with regard to their respective monitoring devices is as described below with respect to the ZPL tap 300 and monitoring device 210.
  • each ZPL tap device is coupled to only one monitoring device; in other embodiments, one monitoring device is coupled to more than one ZPL tap device.
  • monitoring device as used herein is understood to include a network analyzer or other diagnostic equipment, intrusion detection system, or any other device used to monitor and/or analyze the operational status of a computer network segment.
  • the desktop computer 206a requests from the network server 202 a file containing information needed by an application program executing on the desktop computer 206a
  • the desktop computer 206a issues a request to the network server 202, which propagates through the ZPL tap 300 to the network switch 204 via cables 208a, b.
  • the network switch 204 reviews the destination address of the request and routes it to the network server 202 via cable 208c.
  • the network server 202 responds with the requested data.
  • the requested data is sent from the network server 202 to the network switch 204 via cable 208c.
  • the network switch 204 routes the data to the desktop computer 206a via the ZPL tap 200 and cables 208a, b.
  • the ZPL tap 200 is physically connected between the network switch 204 and desktop computer 206a. Full-duplex data flows simultaneously in both directions over the cables 208.
  • the ZPL tap 300 provides an independent copy, via the cables 212 a, b, of the data flowing in either direction to the monitoring device 210.
  • a request from the desktop computer 206a travels through the network switch 204 to network server 202, and is tapped and sent out a tap port of the ZPL tap 300 over cable 212a to the monitoring device 210.
  • data returning from the network server 202 is tapped and sent out another monitoring port of the ZPL tap 300 over cable 212b to the monitoring device 210.
  • the computer network 200 can be thought of as having a plurality of such segments, such as network segments 213 and 223 shown in Figure 2.
  • the network segment 213 includes a switch 214 and computers 216a-c.
  • the switch 214 is operably connected to a respective one of the n ZPL taps 300. which in turn is operably connected to the monitoring device 220.
  • the network segment 223 includes a switch 224 and computers 226a-c.
  • the switch 224 is operably connected to a respective one of the n ZPL taps 300, which in turn is operably connected to the monitoring device 230.
  • the operation of the ZPL taps 300 of the ZPL tap array 250 that are associated with the network segments 213 and 223 are the same as that described for the ZPL tap of the network segment 201.
  • the network segments described above are defined only for purposes of discussion and are merely representative of one of a variety of possible network and component configurations with respect to the ZPL tap array 250. Note also that, for purposes of clarity, not all operable connections between the various network components are shown or explicitly identified.
  • FIG 3 depicts a network tap device in the form of one ZPL tap 300, in accordance with one embodiment.
  • the ZPL tap 300 shown in Figure 3 is also referred to herein as a 1x1 ZPL tap and corresponds to any one of the ZPL taps grouped together in the chassis 252 of the ZPL tap array 250 depicted in Figure 2 and discussed above.
  • the collection of n ZPL taps 300 in the ZPL tap array 250 can be employed to provide a non-aggregated Tapping function with respect to multiple data streams that are transmitted through the ZPL tap array 150 during operation.
  • the ZPL tap 300 is a plug-in type card that can be readily inserted into and removed from a chassis, such as the chassis 252 of Figure 2. ' This card configuration is sometimes referred to as implementing a "blade" form factor.
  • the blade form factor for the 1x1 ZPL TAP card is about 3.5 inches wide by about 1.4 inches high by about 5.5 inches deep.
  • the scope of the invention is not limited to those exemplary dimensions.
  • the ZPL tap 300 includes a housing 352 having a front face 352A.
  • a plurality of ports 302 and 304 are included on the front face 352 A for enabling connection of communication cables, such as the cables 208 and 212 shown in Figure 2, with the ZPL tap.
  • a board 354 is also included with the ZPL tap 300 on which a plurality of electronic components, some of which will be described below in connection with Figure 4, are located.
  • a fan 356 is included on the board so as to provide cooling as needed to the electronic board components.
  • a power supply connector 358 is also included adjacent the rear portion of the ZPL tap 300.
  • a mounting component such as a mounting screw 360, is included on the front face 352A to assist in coupling the ZPL tap 300 to the chassis 352.
  • ZPL network tap will now be discussed in further detail with respect to Figure 4, which illustrates various internal and other features of the ZPL tap 300 of Figure 3 in greater detail. Note that it is anticipated that ZPL tap 300 may also include additional features and components not discussed herein such as magnetics modules.
  • the ZPL tap 300 includes various ports for receiving and transmitting data to and from network components, as depicted in Figure 2.
  • Two network ports 302a and 302b also referred to herein as “network A” and “network B” ports, are configured to couple with cables 208a and 208b of the network 200 of Figure 2, thereby interlinking the ZPL tap 300 with the network.
  • two tap ports 304a and 304b 5 also referred to herein as “tap A” and “tap B” ports, are configured to couple with cables 212a and 212b ( Figure 2), thereby linking the ZPL tap 300 to the monitoring device 210.
  • Each of the ports 302 and 304 is configured to receive an RJ-45 plug of the respective cable 208 or 212, typical of Ethernet-based networks, though other port/plug configurations could be alternatively used.
  • RJ-45 plug of the respective cable 208 or 212 typical of Ethernet-based networks, though other port/plug configurations could be alternatively used.
  • four twisted pairs of each cable create eight total conductors that interconnect with terminals in the network ports A and B, thereby electrically connecting each cable with the ZPL tap 300.
  • the ports 302, 304 enable both data signals and ZPL signals to enter and depart the ZPL tap 300, as will be described further below.
  • the data signal received by ports 302a and 302b are full duplex or bidirectional signals, which will also be referred to herein as A+B data to denote the full duplex or bidirectional nature of the signals coming from a device A and a device B coupled with passive or ZPL tap 300.
  • ZPL network tap 300 also includes a signal separator 310 that is operably connected to both ports 302a and 302b.
  • Signal separator 310 is configured to separate the A data from the B data received at ports 302a and 302b from each other and to provide the separated data streams to other components of the ZPL tap 300.
  • Signal separator 310 may be implemented in analog or digital hardware or any combination of the two.
  • signal separator 310 may be implemented as a bidirectional coupler, dual directional coupler, or a differential bidirectional coupler, all of which will be described in more detail to follow. Note that all specific implementations of signal separator 310 disclosed herein are for illustration only and should not be used to limit the scope of the invention as signal separator 320 is not limited by to specific implementation. Note that the components discussed herein are "operably connected" to one another when data signals are able to pass from one component to the other. These connections are indicated in Figure 4 by the arrows drawn between the various components.
  • signal separator 310 may include an amplifier 315, which may be any reasonable amplifier.
  • the amplifier 315 may be coupled to the signal separator 310 and included in another portion of ZPL tap 300.
  • Amplifier 315 may be configured to amplify the signals that are separated by signal separator 310 prior to the separated signals being supplied to other portions of ZPL tap 300.
  • ZPL network tap 300 further includes a signal separation stage 320 that is operably connected to signal separator 310 and/or one of the Phys 330-360 described below.
  • Signal separation stage 320 receives at least partially separated signals from the signal separator 310 and is configured to further separate the A and B data from each other.
  • Signal separation stage 320 may be implemented as a separate process or operation, or as discrete circuit components included in the signal separator 310.
  • Signal separation stage 320 may also be implemented as a part of one of the Pbys 330-360.
  • the signal separation stage or module 320 may also be included in microprocessor 370. In some embodiments, signal separation stage 320 operations may be dispersed among several of the components of the passive network tap 300. Signal separation stage 320 will be discussed in more detail to follow.
  • ZPL tap 300 also includes Physical Interface Device ("Phy') Phys 330-360.
  • Phys may be individual Phys, be contained in two dual packages or one quad package as shown by dashed line 331.
  • Phy 330 and Phy 340 are operably connected to signal separator 310 and/or signal separation stage 320.
  • Phys 330 and 340 are further operably connected to Phy 350 and Phy 360 respectively.
  • Phy 350 and Phy 360 are in turn operably connected to tap ports 304a and 304b respectively.
  • one or more magnetics modules may be coupled between Phys 350 and 360 and tap ports 304a and 304b for performing signal isolation functions for the respective data signal passing through the magnetics during tap operation.
  • the Phys 330-360 represent integrated circuitry or functional blocks that provide physical access to the data stream received from ports 302 and 304.
  • the Phys 330-360 are further configured to receive a data signal and convert it to a particular data format. For instance, in one embodiment Phys 330 and 340 receive data signals from the signal separator 310 in a 1000BASE-T signal format, used with Cat5 copper cabling, and convert the signals to IOOOB ASE-X serial signals in preparation for later use. Similarly, 1000BASE-X data signals that are received by the Phys 330-360 in the reverse direction are converted by the respective Phy into 1000BASE-T signals for retransmission onto one of the copper cables 208 and 212.
  • different data formatting conversions can be performed by the Phys 330-360 as may be needed for a particular application.
  • One example data conversion could be from PAN-5 to SGMII format
  • data received by the Phys 330-360 are converted as needed for further use by the ZPL tap 300 or other downline components.
  • Phys 330 and 340 are configured accordingly to the principles of the present invention to be listen only or receive only Phys. This novel functionality will be explained in more detail to follow.
  • a microcontroller 370 that is programmed to monitor and control the operation of the ZPL tap 300 is also included.
  • the microcontroller 370 includes various components, including integrated A/D ("Analog to Digital") converter inputs as well as digitally programmable inputs and outputs ("170”), and is programmed as desired to enable achievement of desired functions with respect to the operation of the ZPL network tap.
  • the microcontroller 370 is programmed to configure Phys 330-360 to perform the data format translation needed for proper operation of the ZPL tap 300.
  • the microcontroller 370 can include internal diagnostic circuitry that enables the ZPL tap 300 to identify and report faults in the operation of the tap and/or with regard to operation of the computer network 200 with which the ZPL tap 300 is connected.
  • the diagnostic circuitry of the microcontroller 370 also provides the capability for the ZPL tap 300 to resolve identified faults.
  • Some embodiments of the invention include indicators, such as LED visual indicators 345 ( Figure 3), which operate in connection with the diagnostic circuitry to provide a user with information concerning the operational status and condition of the ZPL tap 300.
  • Figure 4 shows that the ZPL tap 300 includes a temperature sensor 380, operably connected to the microcontroller 370, for monitoring one or more temperature conditions relating to operation of the tap. Should excessive temperature conditions be encountered, the microcontroller 370 can. direct corrective measures to be taken so as to prevent damage to the ZPL tap 300 or interruption of the data stream.
  • the microcontroller 370 can also control operation of any user interface, such as an LED panel.
  • Figure 4 further shows the ZPL tap 300 as including a traditional external power link 390 for plugging into a wall outlet, for instance.
  • ZPL tap 300 may also include various other components that are not illustrated.
  • signal separator 310 may be implemented in various forms. Referring to Figures 5A-5C, three different example embodiments of signal separator 310 are depicted as various bidirectional couplers. Note that the example bidirectional couplers of Figures 5A-5C are for illustration only and are not meant to limit the scope of the appended claims. As will be appreciated, any reasonable bidirectional coupler may be used to implement the principles of the present invention.
  • the example bidirectional couplers of Figures 5 may have the following characteristics: 20 dB of coupling, 1 to 2 dB of insertion loss, and 20 dB of directivity.
  • FIG. 5A-5C depict a bidirectional coupler for a single twisted pair cable, it is also contemplated that the various bidirectional couplers of Figures 5A-5C may include additional couplers for additional twisted pairs.
  • a coupler for a Cat5 cable would have four couplers for the four twisted pairs of the Cat5 cable.
  • an example single bidirectional coupler 510 is depicted as being coupled to the communication path with an Ethernet device 501 (A system) and an Ethernet device 502 (B system).
  • the Ethernet devices communicate using a 100 ohm differential twisted pair cable, which is depicted in Figures 5A-5C as the D ATA+ and DATA- lines.
  • single bidirectional coupler 510 is configured for a single ended 50 ohm line.
  • impendence matching circuits 515 and 516 are implemented to match the 100 ohm twisted pair to the 50 ohm single ended line so that the A and B data can flow through the coupler 510 to the Ethernet devices 501 and 502 respectively.
  • impendence matching circuits of this type are well known in the art, no further description is necessary.
  • single bidirectional coupler 510 is configured to couple a sample of the A data out of the A+B data being transmitted and to also couple a sample of the B data out of the A+B being transmitted. Since coupler 510 is a bidirectional coupler, coupler 510 includes a couple forward (CF) and a couple reverse (CR) node that are both used in the coupling operation.
  • CF couple forward
  • CR couple reverse
  • coupler 510 may not be able to fully isolate the A and B data and consequently may couple out a sampled signal that is labeled as Ab data, which illustrates that the signal mostly comprises A data, but may have some portion of B data included. Coupler 510 may further couple out a sampled signal that is labeled as Ba data, which illustrates that the signal mostly comprises B data, but may have some portion of A data included. The sampled signals may men be provided to signal separation stage 320 for further signal isolation, although this is not required. Note that single bidirectional coupler 510 allows for continuous communication between the Ethernet 501 and 502 devices.
  • Dual bidirectional coupler 520 is depicted as being coupled to in the communication path with an Ethernet device 501 (A system) and an Ethernet device 502 (B system). Dual bidirectional coupler 520 may achieve better signal separation than single bidirectional coupler 510 of Figure 3 A. Dual bidirectional coupler 520 includes a first bidirectional coupler stage 520A coupled to a second bidirectional coupler stage 520B. Note that the use of first, second, and so on in the claims and in the specification is not meant to imply any type of ordering, but is only meant to distinguish one component from another.
  • Ethernet devices 501 and 502 communicate using a 100 ohm differential twisted pair cable, while dual bidirectional coupler 520 is configured for a single ended 50 ohm line. Accordingly, impendence matching circuits 515 and 516, which have the same functionality as the matching circuits of Figure 5 A, are implemented to allow for signal transmission.
  • bidirectional coupler stage 520A is configured to couple a sample of the A data out of the A+B data being transmitted. Since coupler stage 520A is a bidirectional coupler stage, coupler stage 520A includes a CF and a CR node. The CR node, however, is typically terminated in a 50 ohm termination as coupler stage 520A is configured to sample the forward A data and not the reverse B data. However, since the A+B data is bidirectional, coupler stage 520A may not be able to fully isolate the B data and consequently may couple out a sampled signal that is labeled as Ab data, which illustrates that the signal mostly comprises A data, but may have some portion of B data included.
  • bidirectional coupler stage 520A allows for continuous communication between the Ethernet 501 and 502 devices.
  • bidirectional coupler stage 520B is configured to couple a sample of the B data out of the A+B data being transmitted. Since coupler stage 520B is a bidirectional coupler stage, coupler stage 520B also includes a CF and a CR node. The CR node is also typically terminated in a 50 ohm termination as coupler stage 520B is configured to sample the forward B data and not the reverse A data.
  • coupler stage 520B may not be able to fully isolate the A data and consequently may couple out a sampled signal that is labeled as Ba data, which illustrates that the signal mostly comprises B data, but may have some portion of A data included. Note that single bidirectional coupler stage 520B also allows for continuous communication between the Ethernet 501 and 502 devices. The sampled Ab and Ba data may then be provided to signal separation stage 320 for further separation if necessary.
  • a differential bidirectional coupler 530 is depicted as being coupled to the communication path with an Ethernet device 501 (A system) and an Ethernet device 502 (B system).
  • Differential bidirectional coupler 530 may achieve better signal separation than either of the couplers discussed in relation to Figures 5A and 5B.
  • Differential bidirectional coupler 530 includes a first coupler stage 530A and a second coupler stage 530B. Note that the configuration of coupler 530 allows for the direct coupling of the 100 ohm differential lines without the need for impedance matching circuits such as circuits 515 and 516.
  • differential bidirectional coupler 530 also allows for continuous communication between the Ethernet 501 and 502 devices.
  • coupler stage 530A is configured to couple a sample of the A data out of the A+B data being transmitted.
  • coupler stage 530A includes a CR node that is terminated in a 50 Ohm termination, while the CF node couples out the forward Ab signal as described previously.
  • coupler stage 530B couples a sample of the B data out of the A+B data being transmitted.
  • Coupler stage 530B also being bidirectional, includes a CR node that is terminated in a 50 Ohm termination, while the CF node couples out the forward Ba signal as described previously. The Ab and Ba signals may then be provided to signal separation stage 320 if necessary, IV.
  • signal separation stage 320 may be implemented in one or more components of passive or ZPL network tap 300 or it may be a stand alone component of the tap 300.
  • Signal separation stage 320 may include both hardware, whether discrete analog or digital components, and software, or any combination of hardware and software, that may be used to implement various methods that are configured to further separate the A component from the Ab signal and the B component from the Ba signal.
  • signal separation stage 320 may be implemented as a programmable attenuator and a differencing amplifier with gain that may be part of signal separator 310 or stand alone components.
  • signal separation stage 320 may be implemented as a Digital Signal Processing (DSP) module that is included in either Phy 330 or 340 or that is included in a dual or quad chip package that includes at least one of Phy 330 or 340.
  • DSP Digital Signal Processing
  • the signal separation stage may be included as a module of processor 370.
  • the signal separation module may be distributed across the signal separator 310, the Phys 330 and/or 340, and the processor 370 or even other components of the ZPL tap 300.
  • Figure 9 illustrates a method 900 for a signal separator such as signal separator 310, a DSP module implemented in one of the Phys 330 or 340, or for processor 370, either separately or in combination, to separate a first and a second signal component from a first data stream used in communication between two devices.
  • a signal separator such as signal separator 310, a DSP module implemented in one of the Phys 330 or 340, or for processor 370, either separately or in combination, to separate a first and a second signal component from a first data stream used in communication between two devices.
  • Method 900 includes obtaining or receiving 902 from the first data stream a second data stream comprising at least a portion of the first component and a portion of the second component that is smaller than the first component
  • signal separator 310 may obtain a second data stream that includes the A data and a portion of B data that is smaller than the A data as previously explained.
  • the second data stream including the A data and the portion of B data may be received by a receive module of processor 370 or of a DSP module of Phys 330 and/or 340.
  • Method 900 also includes obtaining or receiving 904 from the first data stream a third data stream comprising at least a portion of the second component and a portion of the first component that is smaller than the second component.
  • signal separator 310 may obtain a third data stream that includes the B data and a portion of A data that is smaller than the B data as previously explained.
  • the third data stream including the B data and the portion of A data may be received by a receive module of processor 370 or of a DSP module of Phys 330 and/or 340.
  • Method 900 further includes determining 906 a reverse coupling characteristic.
  • a characterization module of the signal separator 310, processor 370 or a DSP module of the Phys 330 and/or 340 may determine, based on the coupling characteristics of signal separator 310, the reverse coupling characteristic.
  • the reverse coupling characteristic may be determined ahead of time and provided to the characterization module. Having the characterization module receive the reverse coupling characteristic is to be considered determining the reverse coupling characteristic for purposes of the embodiments disclosed herein.
  • Method 900 additionally includes applying 908 the reverse coupling characteristic in an operation to remove at least a portion of the second component from the second data stream.
  • the signal separator 31O 5 processor 370 or a DSP module of the Phys 330 and/or 340 may perform the operation, as will be explained in more detail to follow, to remove at least some of the B data from the second data stream, thus leaving substantially only the A data as part of the second data stream.
  • Method 900 finally includes applying 910 the reverse coupling characteristic in an operation to remove at least a portion of the first component from the third data stream.
  • the signal separator 310, processor 370 or a DSP module of the Phys 330 and/or 340 may perform the operation, as will be explained in more detail to follow, to remove at least some of the A data from the third data stream, thus leaving substantially only the B data as part of the third data stream.
  • FIG. 10 illustrates an environment and process flow 1000 that may be implemented to perform an operation to extract the B data from a data stream comprising B data and a portion of A data that is less than the B data or the A date from a data stream comprising A data and a portion of B data that is less than the A data.
  • the modules and components of environment 1000 may be included as part of signal separator 310, processor 370, a DSP module of Phys 330 and/or 340, or some other component of ZPL tap 300.
  • the modules and components of environment 1000 may be disturbed across one or more of the signal separator 310, processor 370, a DSP module of Phys 330 and/or 340, or some other component of ZPL tap 300.
  • the modules and components of environment 1000 may be implemented as hardware, software, or any combination of the two without restriction as circumstances may warrant.
  • a receive module 1010 may receive a data stream 1001 that comprises B data and a portion of A data that is smaller than the B data This is denoted as Ba data
  • the receive module 1010 may also receive a data stream 1005 that comprises A data and a portion of B data that is smaller that the A data and is denoted as Ab data. Note that the data streams 1001 and 1005 may be received from the signal separating portions of signal separator 310.
  • the environment 1000 may include a characterization module 1020. Characterization module is configured to determine or alternatively to receive from another source, the reverse coupling characteristic 1025 for the signal separator 310.
  • the reverse coupling characteristic is denoted as a factor ⁇ .
  • the data stream 1005 and the reverse coupling characteristic 1030 may then be received by a multiply module 1030.
  • the multiply module is configured to multiply data stream 1030 and reverse coupling characteristic to produce a signal 1035.
  • An add/subtract module 1040 then subtracts the signal 1035 from the data stream
  • the difference is then provided to multiply module 1030, where the difference is multiplied by 1/ (1- ⁇ z ).
  • the resultant separated signal 1050 will be comprised substantially of B data and no A data.
  • the A data can be extracted by using this same method.
  • Equation 1 (Ab - ⁇ Ba)/ (1 - ⁇ 2 )
  • signal separation stage 320 can achieve at least 80% separation of the signals. For example, if the signal separation stage 320 were separating out the Ab signal, then 80% of the resulting signal would be A data and 20% would be b data In other embodiments, signal separation stage 320 may achieve 90% separation of signals. The 80% and 90% examples are meant to be typical examples with other percentages contemplated so as to enable the Phys to receive the separated signals in as pure a form as possible.
  • Figure 6A includes a signal 601 which illustrates the A+B data of Figure 4.
  • Signal 601 includes an A data portion 601A and a B data portion 601B.
  • Figure 6A further illustrates the results of subjecting signal 601 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320.
  • the resultant signal is designated as 602.
  • signal 602 includes an A data portion 602 A that is substantially similar to A data portion 601 A.
  • the B data portion 602B has substantially been removed from signal 602, Accordingly, passive tap 300 is shown to achieve a high, level of success in separating the B data from the A data
  • Figure 6B also includes a signal 610 that illustrates the A+B data of Figure 4.
  • Signal 610 includes an A data portion 610A and a B data portion 610B.
  • Figure 6B further illustrates the results of subjecting signal 610 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320.
  • the resultant signal is designated as 611.
  • signal 611 includes an A data portion 61 IA that is substantially similar to A data portion 610A
  • the B data portion 61 IB 5 has substantially been removed from signal 611. Accordingly, passive or ZPL tap 300 is once again shown to achieve a high level of success in separating the B
  • Figure 6C illustrates in further detail the signal separation that may be achieved by passive or ZPL tap 300.
  • Figure 6C illustrates a signal 620 which may correspond to the A+B data of Figure 4.
  • signal 620 includes both an A data and B data portions.
  • Figure 6C further illustrates the results of subjecting signal 620 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320. These results are designated as signals 621 and 622.
  • signal 621 illustrates an A data portion that is substantially similar to the A data portion of signal 620 while having a B data portion that has been substantially removed.
  • signal 622 includes a B portion that is substantially similar to the B data portion of signal 620 while having an A data portion that has been substantially removed.
  • Figure 6C includes a signal 623 that is the combination of signals 621 and 622.
  • Signal 623 illustrates that combining the two signals that have been subjected to signal separation (e.g., signals 621 and 622) produces a signal that is substantially similar to signal 620.
  • Figure 6D illustrates in further detail the signal separation that may be achieved by passive or ZPL tap 300.
  • Figure 6D also illustrates a signal 630 which may correspond to the A+B data of Figure 4.
  • signal 630 includes both an A data and B data portions.
  • Figure 6D further illustrates the results of subjecting signal 630 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320. These results are designated as signals 631 and 632.
  • signal 631 illustrates an A data portion that is substantially similar to the A data portion of signal 630 while having a B data portion that has been substantially removed.
  • signal 632 includes a B portion that is substantially similar to the B data portion of signal 630 while having an A data portion that has been substantially removed.
  • Figure 6D also includes a signal 633 that is the combination of signals 631 and 632 and that produces a signal that is substantially similar to signal 630.
  • passive network tap 300 also includes Phys 330-360.
  • the Phy IC chips may be configured in a quad configuration included on a single chip as illustrated at 331 in Figure 4.
  • the quad Phy 331 may consist of the four Phys 330-360.
  • the Phys 330-360 may be individual, separate IC chips.
  • the Phy IC chips may be implemented as any combination of two of the Phys, for example Phys 330 and 350 on an IC chip and Phys 340 and 360 on an IC chip.
  • Phy 330 and 340 may have a connection 332 that allows the chips to communicate with each other when implemented as separate chips.
  • Hie Phy chips e.g., as a quad chip, separate, individual chips, or any combination of two of the Phys
  • the actual implementation of ' the internal circuitry and internal operations of the Phy ICs is unimportant to the principles of the present invention. Rather, it is the terminal characteristics of the Phy ICs, especially a unidirectional or listen only terminal characteristic, that are important to the principles of the present invention, as will be explained in more detail to follow.
  • the Phys whether implemented as a quad Phy IC 331 chip or individual Phy IC chips 330-360, are configured to have specific terminal characteristics.
  • Phy IC chips 330 and 340 are configured to be receive or listen only Phys. This means that Phys 330 and 340, regardless of how implemented (e.g., as part of a quad chip, separate, individual chips, or any combination of two of the Phys), have front ends that are different from the prior art Phys previously described as Phys 330 and 340 do not transmit.
  • Phys 330 and 340 ignore any auto negotiations between Ethernet or other protocol implanting devices A and B that are coupled to 23PL tap 300 and therefore do not need to undergo any training by the devices before the Phy IC chips can lock onto and monitor the signals between devices A and B. Instead, the Phys 330 and 340 monitor the communication between devices A and B until a data unit such as a header or idle is recognized, at which time the Phys 330 and 340 lock onto the monitored signal. Both Phy IC chips operate as a slave only chip that use the received signal clock and have no echo canceling.
  • Phys 330 and 340 can be power cycled on and off without network communication being effected and both can monitor the conversation between devices A and B at any time.
  • the listen only Phys 330 and 340 may lock onto the communication signals between devices A and B without any external help from the network devices.
  • Phys 330 and 340 are configured to work on unidirectional traffic and may be considered as unidirectional Phy ICs.
  • one or more of the Phy ICs may include digital signal processing that may assist in further signal separation or, as mentioned previously, may act as the signal separation stage 320.
  • Phy 330 receives the recovered A data and what portion of B data remains from the signal separation stage 320 and/or the signal separator 310. Phy 330 then provides the signal to Phy 350, which in turn provides the signal to a monitoring device A through tap port 304a. In like manner, Phy 340 receives the recovered B data and what portion of A data remains from the signal separation stage 320 and/or the signal separator 310. Phy 340 then provides the signal to Phy 360, which in turn provides the signal to a monitoring device B through tap port 304b. Phys 350 and 360 may be configured to be unidirectional Phys or conventional Phys.
  • Figure 11 illustrates a method 1100 for configuring and using a listen or receive only Phy according to the principles of the present invention. Such a method was successfully performed using the DP83865 10/100/1000 Ethernet Physical Layer chip available from National Semiconductor Corporation doing business at 2900 Semiconductor Drive, Santa Clara, CA 95052-8090. Note however, that method 1100 is not limited to the use of the DP83865 chip.
  • Method 1100 includes obtaining 1102 a Phy 330 or 340 with a front end that does not have transmit functionality.
  • a Phy 330 or 340 implemented using the DP83865 10/100/1000 Ethernet Physical Layer chip available from National Semiconductor Corporation may have its front end transmit functionality disabled by obtaining a firmware patch configured to disable the transmit functionality.
  • a firmware patch configured to disable the transmit functionality.
  • one or more registers of the DP 83865 may have code or firmware modified or newly written to it that disables the transmit functionality. The function of this firmware is to place the DP83865 into a forced mode of operation (using the DP83865 special "manual" configuration mode).
  • the code or firmware may disable IOOOBASET Auto-Negotiation, disable one or more output drivers and configure the DP83865 as a Slave device.
  • a Phy chip may be obtained that has previously had its front end transmit functionality disabled or removed by hard coding at manufacture time or by other process now known in the art or hereafter developed. The embodiments disclosed herein contemplate other ways of obtaining a Phy chip with no front end transmit functionality.
  • Method 1100 also includes viewing or monitoring 1104 incoming data frames or packets with the Phy chip.
  • the Phy 330 or 340 that has no front end transmit functionality may receive the separated A or B data from signal separation stage 320 and/or signal separator 310. The Phy 330 or 340 may then view the A or B data.
  • Method 1110 also includes recognizing 1106 known signal elements with the Phy chip. For example, by knowing that the type of data to lock onto, such as Gigabit Ethernet data, the clock rate is defined, so that performing clock recovery from the receive data stream is possible. Further, it well known that Ethernet data has a known signal packet with known elements such as three idles between data frames.
  • the PCS Physical Coding Sublayer
  • the Phy chip is able to learn that the received data is an Ethernet signal without having to undergo auto negotiation and to lock onto this signal.
  • Method 1100 further includes using 1108 the known signal element to at least partially lock onto the data frame or packet.
  • Phy 330 or 340 uses the known signal element such as the Ethernet idle to lock onto the A data stream or the B data stream.
  • the data stream may then be provided by Phys 330 and 340 to Phys 350 and 360, which in turn may provide the signals to external monitoring devices through tap ports 304a and 304b.
  • the amount of time it takes for Phy 330 or 340 to lock onto the signal is not important. As tap 300 is a passive tap, the speed that Phys 330 and 340 lock onto the signal does not effect the operation of the tap 300.
  • the systems of the invention can be used to tap a network cable and access network data
  • the invention further extends to the use of the systems described herein to access network data, to supply the network data to any associated device, and to process the data.
  • the system 300 can be used to access Ethernet data being communicated over a copper network cable and to supply the accessed data to a network analyzer device.
  • the network analyzer device can then perform diagnostic functions on the accessed data.
  • the network analyzer can be a local device that is dedicated for use with a single system 300. Alternately, the network analyzer can be used in conjunction with a plurality of systems 300 as will be described below, and can access and analyze or otherwise process the data accessed by any of the associated systems 300. The network analyzer can instead be remote and receive the accessed data through a data network
  • the data can also be used for any other purpose.
  • the data can be stored and analyzed or processed in a delayed manner.
  • the access data can be processed in real time.
  • the invention extends to methods for using the systems described herein to access Ethernet data and to analyze the content, such as the content of data files, telephone conversations carried using Voice over IP (VoIP) or other protocols, images, video, audio, or other data types.
  • VoIP Voice over IP
  • one of the benefits of the network taps of the invention is that they are passive and do not affect the data being transmitted over the network except for some attenuation thereof.
  • the taps of the invention do not include any active components positioned in-line with the network cable that could cause data packet loss or otherwise cause users on either end of the network link to be aware of the fact that data is being accessed by a tap. Regardless of loss of power to the tap, there is no loss of communication between the Ethernet devices. This feature is particularly useful for governmental agencies or other entities that are authorized to access network data for the purposes of monitoring and surveillance of communications.
  • the ZPL tap 300 can be employed alone or, as discussed above in connection with Figure 2, as part of a larger group of ZPL tap devices.
  • those devices are fitted in the chassis 252, which is suitably sized and configured to retain a predetermined number of devices therein.
  • twenty four (24) ZPL tap devices 300 are retained in the chassis 252 of the tap array 250, arranged in two (2) rows of twelve (12) cards each.
  • the 24 ZPL tap devices 300 collectively define a chassis fo ⁇ n factor having approximate dimensions of about 17" (IU) wide by about 7" (4U) high by about 8" deep.
  • the ZPL tap array 250 can tap data streams from a variety of points in the computer network 100 and forward these streams to respective monitoring devices for analysis or other treatment.
  • the network tapping functions of one or more ZPL taps can be merged with data aggregating functionality provided by an aggregator to enable both data tapping and aggregating in an integrated device.
  • a ZPL tap/aggregator (“ZPL T/A"), generally designated at 400.
  • the ZPL T/A 400 includes a sub-chassis 402 that houses various components, including a plurality of network tap devices in the form of tap data cards 404, and an aggregator card 406.
  • the ZPL T/A 400 generally functions by tapping data from various points on the network using the plurality of tap data cards 404, then aggregating that data via the aggregator card 406 before the data is forward to a monitoring device or other suitable component. Use of the ZPL T/A 400 in this manner simplifies the tapping process and topology by integrating various functionalities into one device.
  • the ZPL T/A includes within its sub-chassis a number, "X," of ZPL active plug-in data cards that operably connect with the corresponding X-into-1 aggregator plug-in card, where "X" again represents the number of cards in the group of ZPL active data cards.
  • X again represents the number of cards in the group of ZPL active data cards.
  • the number of tap data cards that are to be connected to a corresponding aggregator card can be varied. Ih the example embodiment illustrated in Figure 8, five (5) tap data cards are connected with a corresponding 5 -into- 1 aggregator card. This combination therefore provides both ZPL aggregation and ZPL TAP capabilities.
  • multiple tap data cards could be included with multiple aggregator cards within a single sub-chassis, wherein some of the tap data cards are assigned to one aggregator and the remaining tap data cards are assigned to the other aggregator card.
  • both the tap data cards 404 and the aggregator card 406 have the same form factor.
  • One example form factor for the aforementioned cards is about 7/8 inches wide by 3.5 inches (2U) high by 5.5 inches deep.
  • Other form factors may be defined and employed as well, and the scope of the invention is not limited to any particular form factor or card configuration.
  • each of the tap data cards 404 and aggregator card 406 includes a housing including a housing front face 408.
  • An LED bank 410 including LEDs 410a and b, is included on the front face 408 of each tap data card 404 of the ZPL T/A 400.
  • the front face 408 of the aggregator card 406 includes an LED bank 411 including LEDs 411a, b, and c.
  • the LED banks 410 and 411 are employed to enable the functionality status of the tap data cards 404 and aggregator card 406 to be determined.
  • each tap data card 404 includes two RJ-45 network ports 412a and 412b on the front face 408, and a dual output backplane connector (not shown) on the rear portion of the card.
  • the rear portion of the card can include two RJ-45 outlet ports.
  • the aggregator card 406 includes RJ-45 tap ports 414a and 414b on its front face and a backplane connector (not shown) on the rear portion of the card. Note that this combination of interfaces is merely shown as an example, and additional or alternative interfaces may be employed.
  • each tap data card 404 is similar to that of the ZPL tap 300 described above in connection with Figures 3 and 4.
  • the network ports 412a, b of each tap data card 404 are operably connected to a node on the communications network by communication cables such that data traversing the network at the node can be input into and output from the tap data card via the network ports.
  • Each tap data card 404 can be interconnected with a different node on the network so as to enable data from various points on the network to be tapped.
  • the backplane connector on the rear portion of each tap data card 404 is operably connected to the backplane connector of the aggregator card 406 so as to enable each data stream from each outlet port to be input into the aggregator card.
  • the aggregator card 406 is configured to receive data streams from the outlet ports of each of the tap data cards 404 via its backplane connector.
  • the data streams received from each tap data card outlet port are combined, or aggregated, into two composite data streams that are directed out of the aggregator card 406 via the tap ports 414a, b. These data streams can then be forwarded via communication cables to a monitoring device or other suitable location.
  • each of the tap data cards 404 of the ZPL T/A 400 includes the LED bank 410, including the LEDS 410a and b.
  • Each of the LEDs 410a and b can act as a status indicator, such as a bi-color LED for example, in order to supply a visual status indication with regard to the link connectivity for those cards.
  • the LEDs 410a, b can be used to indicate the link status of each of the tap data cards 404. In one embodiment, the LED 410a will light green if a valid Gigabit Ethernet connection is detected on network port A, while the LED 410b will light green if a valid Gigabit Ethernet connection is detected on network port B.
  • each tap data card 404 may include further identifications for each of the network ports 412a and 412b. Note that the labeling present on the front face 408 of the tap data cards 404 can be modified according to the different configurations possible with the tap data cards or the aggregator card.
  • the aggregator card 406 also includes indication functionality that enables a user to make various determinations concerning the operation and status of the card.
  • the example embodiment disclosed in Figure 4 includes an aggregator card having the LED bank 411 including the LEDs 41 Ia 7 b, and c. The LED 411c lights green when DC power is detected on the DC power port, and lights red or is extinguished, when no DC power is detected on the DC power port.
  • the LEDs 411a, b of the aggregator card 406 can be used to indicate the link status of the aggregator ports: in one embodiment, the LED 410a will light green if a valid Gigabit Ethernet connection is detected on network port A, while the LED 410b will light green if a valid Gigabit Ethernet connection is detected on network port B.
  • the components of the ZPL T/A 400 are included in a housing referred to herein as the sub-chassis 402.
  • the form factor of a particular sub-chassis will depend upon the number of cards that are included in the sub-chassis.
  • the 5-ioto-l tap/aggregator arrangement disclosed in Figure 9 has a form factor of less than about 7" high by about 5-2/3" wide by about 12" deep.
  • multiple sub-chassis can be combined together in an equipment rack to form or define a chassis, such as the chassis shown in Figure 9 and generally designated at 450.
  • five sub-chassis 402, each including five tap data cards 404 and one aggregator card 406, are combined together in an equipment rack to form the chassis 450 that can provide ZPL data tapping and aggregation for thirty (30) data links.
  • the form factor for the example arrangement of the chassis 450 in Figure 6 is about 7" high by about 19" wide by about 12" deep. This arrangement generally corresponds with a standard 4U rack mount.
  • one of the sub-chassis 402 includes an unutilized link 452, while the chassis 450 itself includes a vacant sub-chassis location 454.

Abstract

A zero packet loss network tap includes first and second network ports, first and second tap ports, and a signal separator configured to receive the data stream from at least one of the first or second network port and pass through the data stream to the network port not providing the data stream and obtain while passing through the data stream a first signal portion substantially comprising the first signal component and a second signal portion substantially comprising the second signal component. Devices are configured to receive the separated signal portion from the signal separator and provide the separated signal portions to the tap ports.

Description

PASSIVE TAP AND ASSOCIATED SYSTEM FOR TAPPING NETWORK DATA
BACKGROUND
The dependence upon the use of data networks to transmit and receive data at high data rates has led to a corresponding interest in the ability to perform real-time monitoring and analysis of that data, or network traffic, so that performance of the network can be evaluated, and problems identified and resolved. Such data monitoring and analysis necessitates the ability to access the network data stream without disrupting data transmission and the operation of the network. To this end, monitoring systems utilizing network taps are employed which are configured so that network data can be captured for analysis without interrupting operation of the network. In general, such use various mechanisms to access network data For example, some taps include a buffering mechanism that enables the capture of network data. In other cases, network taps are able to copy selected portions of the data stream, and then provide the copied portion of the data stream to a network analyzer or other device for evaluation.
Referring to Figure 1, a conventional copper-based Ethernet monitoring system 100 is illustrated. For example, an Ethernet device 101 is shown as being in communication with an Ethernet device 102 using standard Cat5 network cable. As per the Gigabit Ethernet standard, the communication on the twisted pair cable is bidirectional as is depicted by arrows 110 and 111.
Also illustrated is a tap 120 which situated in the communication path between Ethernet devices 101 and 102. Tap 120 is used to access the data signals for monitoring. The tap includes relays 121 and 122 that can direct the signal path flow, Further included in system 100 are four Physical Interface Devices (Phys) 131-
134. These Phys may be individuals or contained in two dual or one 130 quad package as shown. The Phys provide the physical connection between the copper Cat5 cable and the communication network.
In operation, when it is desirable to monitor the data flow between Ethernet devices 101 and 102, the relays 121 and 122 of tap 120 are energized causing the flow of information between the Ethernet devices 101 and 102 to be redirected to Phys 132 and 133. For example, energized relay 121 causes the data from device 101, referred to as A data, to flow to Phy 132. Phy 132 sends the A data signal to Phy 131, where it is provided to monitor A for monitoring and to Phy 133, which provides the A data to energized relay 122 and device 102. In like manner, energized relay 122 causes data from device 102, referred to as B data, to flow to Phy 133. Phy 133 sends the B data signal to Phy 134, where it is provided to monitor B for monitoring and to Phy 132, which provides the B data to energized relay 121 and device 101. Accordingly, system 100, utilizing the combination of tap 120 and quad Phy 13O5 is able to monitor the communication between Ethernet devices 101 and 102 while still allowing the devices to communicate bi-directionally.
While system 100 has generally proven to be useful in enabling the monitoring and analysis of network traffic, significant problems remain with this conventional system. One problem of particular concern is that network tap 120 is often susceptible to a power loss or other fault conditions. For example, the external power supply to the network tap is a significant failure point in the system. Unfortunately, disconnection of such external power supplies is a relatively common occurrence. In many cases, disconnection of the external power supply to the network tap occurs because the network tap and power supply are located in a place where personnel may inadvertently, or mistakenly, unplug the power supply. These challenges are only magnified where multiple network taps are implemented in the communication network or other system. Any loss of power or other fault typically causes relays 121 and 122 to close. Consequently, any A data and B data that would have passed through the relays 121 and 122 during the switching operation is lost. Also, any data that is in tap 120 and the quad Phy 130 when power is interrupted is also lost. In addition, Ethernet devices 101 and 102 must reconfigure themselves to properly communicate, which also disrupts network data flow. In view of the high data speeds employed in many networks, even a very short term interruption in power to the network tap 120 will seriously compromise the integrity of the data stream, so that even if the network is otherwise in operational condition, an interruption of power to the network tap and the resulting loss of data can severely impair operation of the network. This lack of fault tolerance in many high speed data communication networks is a major concern that remains largely unaddressed.
BRIEF SUMMARY OF THE INVENTION
The principles of the present invention relate to a passive network tap or Zero Packet Loss (ZPL tap) coupled to the communication path of a copper-based communications network including first and second devices. The first and second devices communicate by use of a data stream including first and second components. The principles of the present invention are also directed to chassis systems including one or more ZPL taps.
The passive or ZPL network taps include first and second network ports configured to operably connect with first communication cables, the first communication cables configured to carry the data stream to and from the network tap device. First and second tap ports configured to operably connect with second communication cables may also be included.
The passive or ZPL network taps further include a signal separator having a first node connected to the first network port and a second node connected to the second -A-
network port. The signal separator is configured to receive the data stream from at least one of the first or second network port and pass through the data stream to the network port not providing the data stream. The signal separator is further configured to obtain while passing through the data stream a first signal portion substantially comprising the first signal component and a second signal portion substantially comprising the second signal component.
The passive or ZPL network taps also includes a first receive only physical interface device (Phy) configured to receive the first signal portion from the signal separator and provide the first portion to the first tap port and a second receive only Phy configured to receive the second signal portion from the signal separator and provide the second signal portion to the second tap port.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter,
Additional features and advantages of the invention will be set forth in the description that follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The features and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.
BRIEF DESCRIPTION OF THE DRAWINGS To further clarify the above and other advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Figure 1 illustrates a conventional copper based Ethernet monitoring system;
Figure 2 illustrates a communications network including a passive or ZPL network tap array;
Figure 3 illustrates a passive or zero packet loss network tap; Figure 4 illustrates internal and other features of the zero packet loss tap;
Figures 5A-5C illustrate embodiments of signal separators with bidirectional couplers;
Figures 6A-6D illustrate examples of actual signal separation achievable by a signal separator by itself or in combination with a signal separation stage; Figure 7 illustrates a plurality of passive or zero packet loss taps housed in a chassis of a tap array;
Figure 8 illustrates a zero packet loss tap/aggregator;
Figure 9 illustrates a method for separating a first and a second signal component from a first data stream used in communication between two devices according to principles of the present invention;
Figure 10 illustrates an environment and process flow that may be implemented to perform an operation to extract the a first signal component from a data stream comprising the first component and a second component that is less than the first component according to principles of the present invention; Figure 11 illustrates a method for configuring and using a listen or receive only Phy according to principles of the present invention; and
Figure 12 illustrates an equipment rack in which multiple sub-chassis are combined together. DETAILED DESCRIPTION
As disclosed in this description, and in the accompanying drawings which are also included as part of the present disclosure, embodiments of the present invention are concerned with passive or zero packet loss network taps (also hereinafter referred to as a "ZPL" tap) and associated devices, hardware and software in connection with copper- based Ethernet networks. Among other things, the passive network tap eliminates potential network data loss due to power loss or other fault in the tap, which contributes to a relative improvement in the reliability and operation of the network.
One example of such a passive network tap is configured for use with a variety of Ethernet data rates, including, but not limited to, 10/100/1000 Mbit/sec., or even faster rates. More generally however, embodiments of the invention are suited for operation with any network where data is carried over the network lines. Accordingly, the scope of the invention should not be construed to be limited to any specific network type or data rate.
Further, it should be noted that unlike conventional taps, which use relays with physical switches as described previously, exemplary passive network taps of the invention do not include any active components positioned in-line with a network cable that could cause data packet loss or otherwise cause users on either end of the network link to be aware of the fact that data is being accessed by a tap. In other words, regardless of power loss or other fault to the passive tap, there is no loss of communication between devices communicating over the network. Additionally, some embodiments of the passive network tap are employed in a stand-alone configuration where the network tap obtains data from the network and then passes the data to a remote, or external, device such as an analyzer, bit error rate tester ("BERT") and/or other device. In yet other implementations however, the network tap is incorporated into another device, such as a portable analyzer for example. Thus, embodiments of the invention embrace portable analyzers and other devices that incorporate a passive network tap. In still further embodiments, a group of passive network taps are incorporated together into a bank, block or similar configuration so that the network data stream can be tapped and directed to multiple devices by way of respective passive network taps. Such banks or blocks can be configured in serial or parallel fashion.
Qf course, the scope of the invention is not limited to data communications network applications. By way of example, embodiments of the passive network tap are suitable for use in Voice Over Internet Protocol ("Voice Over IP") systems and applications. Yet other embodiments are employed in monitoring telephone lines. As mentioned, exemplary passive network taps are configured such that users on either end of the network link are unaware of the fact that data is being accessed by a tap. This feature is particularly useful for governmental agencies or other entities that are authorized to access network data for the purposes of monitoring and surveillance of communications.
Embodiments of the passive network tap include a variety of components which enable the network tap to implement network data stream tap functionality. More particular details concerning such components and their functionalities and operations are provided below in connection with the discussion of Figure 2. An exemplary copper- based Ethernet monitoring system in. which a ZPL network tap may be employed will first be described, followed by aspects of an exemplary passive network tap. Note that the principles of the present invention are not limited to any specific environment.
I. Example Copper-Based Ethernet Monitoring System Employing a ZPL Tap
Reference is now made to Figure 2, which depicts one example of an operating environment in which a ZPL tap can be utilized, in accordance with one example embodiment of the present invention. Alternatively, the environment depicted in Figure 2 can also represent an environment in which a ZPL Tap and Aggregator of embodiments of the present invention can be included, as discussed further below in connection with Figures 8 and 8. In particular, Figure 2 shows a block diagram of a communications network, or computer network 200, including a ZPL network tap array ("ZPL tap array"), generally designated at 250, in accordance with one embodiment of the present invention. Although computer network 200 was selected to illustrate the present invention, any computer network topology can be used with the present invention, including but not limited to various combinations of network servers, switches, routers, hubs and various end user computers/terminals. Indeed, various modifications to both the ZPL tap array and its operating environment can be realized while still residing within the scope of the present claimed invention. Hereinafter, individual elements forming a group of like elements may also be referred to by a letter designation. In greater detail, the computer network 200, in a selected network segment 201, generally includes a network server 202, a network switch 204 (e.g., a router), desktop computers 206 a-c, and the ZPL tap array 250. The ZPL tap array 250 includes a chassis 252 that contains a plurality n of ZPL tap devices 300.
The network server 202, the desktop computers 206b,c and the ZPL tap 300 are coupled directly to the network switch 204. The ZPL tap 300 is coupled between the network switch 204 and the desktop computer 206a via cables 208a, b. The ZPL tap 200 is further coupled to a monitoring device 210 via cables 212a,b. For Gigabit Ethernet, the cables 208 and 212 are typically four-pair Cat5 twisted-pair cables, but the ZPL tap 300 can also work with 1 OBASE-T and 100BASE-T Ethernet systems, which typically use Category 3 (Cat3) cables, or with other suitable transmission lines. The ZPL tap 300 can be programmed to operate with multiple Ethernet speeds and cables using an onboard microprocessor, discussed further below, or by setting jumpers and/or switches in the ZPL tap. Similarly, the other n ZPL tap devices 300 are operably coupled to corresponding monitoring devices, such as the monitoring devices 220 and 230 shown in Figure 2, and their operation with regard to their respective monitoring devices is as described below with respect to the ZPL tap 300 and monitoring device 210. In one embodiment each ZPL tap device is coupled to only one monitoring device; in other embodiments, one monitoring device is coupled to more than one ZPL tap device. The term "monitoring device" as used herein is understood to include a network analyzer or other diagnostic equipment, intrusion detection system, or any other device used to monitor and/or analyze the operational status of a computer network segment.
In a typical network session, the desktop computer 206a requests from the network server 202 a file containing information needed by an application program executing on the desktop computer 206a The desktop computer 206a issues a request to the network server 202, which propagates through the ZPL tap 300 to the network switch 204 via cables 208a, b. The network switch 204 reviews the destination address of the request and routes it to the network server 202 via cable 208c. The network server 202 responds with the requested data. The requested data is sent from the network server 202 to the network switch 204 via cable 208c. The network switch 204 routes the data to the desktop computer 206a via the ZPL tap 200 and cables 208a, b. To view the request made by the desktop computer 206a and response made by the network server 202, the ZPL tap 200 is physically connected between the network switch 204 and desktop computer 206a. Full-duplex data flows simultaneously in both directions over the cables 208. In the present embodiment, the ZPL tap 300 provides an independent copy, via the cables 212 a, b, of the data flowing in either direction to the monitoring device 210. For example, a request from the desktop computer 206a travels through the network switch 204 to network server 202, and is tapped and sent out a tap port of the ZPL tap 300 over cable 212a to the monitoring device 210. Likewise, data returning from the network server 202 is tapped and sent out another monitoring port of the ZPL tap 300 over cable 212b to the monitoring device 210.
For purposes of discussion, selected components of the computer network 200 as included in the network segment 201 were discussed above. The computer network 200 can be thought of as having a plurality of such segments, such as network segments 213 and 223 shown in Figure 2. In more detail, the network segment 213 includes a switch 214 and computers 216a-c. The switch 214 is operably connected to a respective one of the n ZPL taps 300. which in turn is operably connected to the monitoring device 220. Similarly, the network segment 223 includes a switch 224 and computers 226a-c. The switch 224 is operably connected to a respective one of the n ZPL taps 300, which in turn is operably connected to the monitoring device 230. The operation of the ZPL taps 300 of the ZPL tap array 250 that are associated with the network segments 213 and 223 are the same as that described for the ZPL tap of the network segment 201. Furthermore, note that the network segments described above are defined only for purposes of discussion and are merely representative of one of a variety of possible network and component configurations with respect to the ZPL tap array 250. Note also that, for purposes of clarity, not all operable connections between the various network components are shown or explicitly identified.
Together with Figure 2, reference is now made to Figure 3, which depicts a network tap device in the form of one ZPL tap 300, in accordance with one embodiment. The ZPL tap 300 shown in Figure 3 is also referred to herein as a 1x1 ZPL tap and corresponds to any one of the ZPL taps grouped together in the chassis 252 of the ZPL tap array 250 depicted in Figure 2 and discussed above. As such, the collection of n ZPL taps 300 in the ZPL tap array 250 can be employed to provide a non-aggregated Tapping function with respect to multiple data streams that are transmitted through the ZPL tap array 150 during operation.
In general, the ZPL tap 300 is a plug-in type card that can be readily inserted into and removed from a chassis, such as the chassis 252 of Figure 2. ' This card configuration is sometimes referred to as implementing a "blade" form factor. In one example implementation, the blade form factor for the 1x1 ZPL TAP card is about 3.5 inches wide by about 1.4 inches high by about 5.5 inches deep. However, the scope of the invention is not limited to those exemplary dimensions.
In greater detail, the ZPL tap 300 includes a housing 352 having a front face 352A. A plurality of ports 302 and 304, to be described further below, are included on the front face 352 A for enabling connection of communication cables, such as the cables 208 and 212 shown in Figure 2, with the ZPL tap. A board 354 is also included with the ZPL tap 300 on which a plurality of electronic components, some of which will be described below in connection with Figure 4, are located. A fan 356 is included on the board so as to provide cooling as needed to the electronic board components. A power supply connector 358 is also included adjacent the rear portion of the ZPL tap 300. In addition, a mounting component, such as a mounting screw 360, is included on the front face 352A to assist in coupling the ZPL tap 300 to the chassis 352. II. Example Passive or ZPL Network Tap
Embodiments of an example ZPL network tap will now be discussed in further detail with respect to Figure 4, which illustrates various internal and other features of the ZPL tap 300 of Figure 3 in greater detail. Note that it is anticipated that ZPL tap 300 may also include additional features and components not discussed herein such as magnetics modules.
For example, the ZPL tap 300 includes various ports for receiving and transmitting data to and from network components, as depicted in Figure 2. Two network ports 302a and 302b, also referred to herein as "network A" and "network B" ports, are configured to couple with cables 208a and 208b of the network 200 of Figure 2, thereby interlinking the ZPL tap 300 with the network. Similarly, two tap ports 304a and 304b5 also referred to herein as "tap A" and "tap B" ports, are configured to couple with cables 212a and 212b (Figure 2), thereby linking the ZPL tap 300 to the monitoring device 210. Each of the ports 302 and 304 is configured to receive an RJ-45 plug of the respective cable 208 or 212, typical of Ethernet-based networks, though other port/plug configurations could be alternatively used. Thus, in the case of Cat5 cables 208a and 208b, four twisted pairs of each cable create eight total conductors that interconnect with terminals in the network ports A and B, thereby electrically connecting each cable with the ZPL tap 300. As explained herein, the ports 302, 304 enable both data signals and ZPL signals to enter and depart the ZPL tap 300, as will be described further below. As noted above, the data signal received by ports 302a and 302b are full duplex or bidirectional signals, which will also be referred to herein as A+B data to denote the full duplex or bidirectional nature of the signals coming from a device A and a device B coupled with passive or ZPL tap 300.
ZPL network tap 300 also includes a signal separator 310 that is operably connected to both ports 302a and 302b. Signal separator 310 is configured to separate the A data from the B data received at ports 302a and 302b from each other and to provide the separated data streams to other components of the ZPL tap 300. Signal separator 310 may be implemented in analog or digital hardware or any combination of the two. In some example embodiments, signal separator 310 may be implemented as a bidirectional coupler, dual directional coupler, or a differential bidirectional coupler, all of which will be described in more detail to follow. Note that all specific implementations of signal separator 310 disclosed herein are for illustration only and should not be used to limit the scope of the invention as signal separator 320 is not limited by to specific implementation. Note that the components discussed herein are "operably connected" to one another when data signals are able to pass from one component to the other. These connections are indicated in Figure 4 by the arrows drawn between the various components.
In some embodiments, signal separator 310 may include an amplifier 315, which may be any reasonable amplifier. In other embodiments, the amplifier 315 may be coupled to the signal separator 310 and included in another portion of ZPL tap 300. Amplifier 315 may be configured to amplify the signals that are separated by signal separator 310 prior to the separated signals being supplied to other portions of ZPL tap 300.
As it may not be possible for signal separator 310 to fully separate the A and B data from each other, ZPL network tap 300 further includes a signal separation stage 320 that is operably connected to signal separator 310 and/or one of the Phys 330-360 described below. Signal separation stage 320 receives at least partially separated signals from the signal separator 310 and is configured to further separate the A and B data from each other. Signal separation stage 320 may be implemented as a separate process or operation, or as discrete circuit components included in the signal separator 310. Signal separation stage 320 may also be implemented as a part of one of the Pbys 330-360. The signal separation stage or module 320 may also be included in microprocessor 370. In some embodiments, signal separation stage 320 operations may be dispersed among several of the components of the passive network tap 300. Signal separation stage 320 will be discussed in more detail to follow. ZPL tap 300 also includes Physical Interface Device ("Phy') Phys 330-360.
These Phys may be individual Phys, be contained in two dual packages or one quad package as shown by dashed line 331. As illustrated, Phy 330 and Phy 340 are operably connected to signal separator 310 and/or signal separation stage 320. Phys 330 and 340 are further operably connected to Phy 350 and Phy 360 respectively. Phy 350 and Phy 360 are in turn operably connected to tap ports 304a and 304b respectively. Note that one or more magnetics modules (not illustrated) may be coupled between Phys 350 and 360 and tap ports 304a and 304b for performing signal isolation functions for the respective data signal passing through the magnetics during tap operation.
The Phys 330-360 represent integrated circuitry or functional blocks that provide physical access to the data stream received from ports 302 and 304. The Phys 330-360 are further configured to receive a data signal and convert it to a particular data format. For instance, in one embodiment Phys 330 and 340 receive data signals from the signal separator 310 in a 1000BASE-T signal format, used with Cat5 copper cabling, and convert the signals to IOOOB ASE-X serial signals in preparation for later use. Similarly, 1000BASE-X data signals that are received by the Phys 330-360 in the reverse direction are converted by the respective Phy into 1000BASE-T signals for retransmission onto one of the copper cables 208 and 212. In other embodiments, different data formatting conversions can be performed by the Phys 330-360 as may be needed for a particular application. One example data conversion could be from PAN-5 to SGMII format Thus, data received by the Phys 330-360 are converted as needed for further use by the ZPL tap 300 or other downline components.
Note that Phys 330 and 340 are configured accordingly to the principles of the present invention to be listen only or receive only Phys. This novel functionality will be explained in more detail to follow. In some embodiments, a microcontroller 370 that is programmed to monitor and control the operation of the ZPL tap 300 is also included. In general, the microcontroller 370 includes various components, including integrated A/D ("Analog to Digital") converter inputs as well as digitally programmable inputs and outputs ("170"), and is programmed as desired to enable achievement of desired functions with respect to the operation of the ZPL network tap. By way of example, the microcontroller 370 is programmed to configure Phys 330-360 to perform the data format translation needed for proper operation of the ZPL tap 300. Generally, the microcontroller 370 can include internal diagnostic circuitry that enables the ZPL tap 300 to identify and report faults in the operation of the tap and/or with regard to operation of the computer network 200 with which the ZPL tap 300 is connected. In some embodiments, the diagnostic circuitry of the microcontroller 370 also provides the capability for the ZPL tap 300 to resolve identified faults. Some embodiments of the invention include indicators, such as LED visual indicators 345 (Figure 3), which operate in connection with the diagnostic circuitry to provide a user with information concerning the operational status and condition of the ZPL tap 300. Similarly, Figure 4 shows that the ZPL tap 300 includes a temperature sensor 380, operably connected to the microcontroller 370, for monitoring one or more temperature conditions relating to operation of the tap. Should excessive temperature conditions be encountered, the microcontroller 370 can. direct corrective measures to be taken so as to prevent damage to the ZPL tap 300 or interruption of the data stream. The microcontroller 370 can also control operation of any user interface, such as an LED panel.
Figure 4 further shows the ZPL tap 300 as including a traditional external power link 390 for plugging into a wall outlet, for instance. As mentioned previously, ZPL tap 300 may also include various other components that are not illustrated.
III. Example Signal Separators Including Differential Bidirectional Couplers
As mentioned previously, signal separator 310 may be implemented in various forms. Referring to Figures 5A-5C, three different example embodiments of signal separator 310 are depicted as various bidirectional couplers. Note that the example bidirectional couplers of Figures 5A-5C are for illustration only and are not meant to limit the scope of the appended claims. As will be appreciated, any reasonable bidirectional coupler may be used to implement the principles of the present invention. The example bidirectional couplers of Figures 5 may have the following characteristics: 20 dB of coupling, 1 to 2 dB of insertion loss, and 20 dB of directivity. Note that these characteristics are only examples of the many characteristics of a bidirectional coupler that may be implemented according to the principles of the present invention and should not be used to limit the scope of the appended claims. Also note that although Figures 5A-5C depict a bidirectional coupler for a single twisted pair cable, it is also contemplated that the various bidirectional couplers of Figures 5A-5C may include additional couplers for additional twisted pairs. For example, a coupler for a Cat5 cable would have four couplers for the four twisted pairs of the Cat5 cable.
Referring to Figure 5 A, an example single bidirectional coupler 510 is depicted as being coupled to the communication path with an Ethernet device 501 (A system) and an Ethernet device 502 (B system). As mentioned previously, the Ethernet devices communicate using a 100 ohm differential twisted pair cable, which is depicted in Figures 5A-5C as the D ATA+ and DATA- lines. However, single bidirectional coupler 510 is configured for a single ended 50 ohm line. Accordingly, impendence matching circuits 515 and 516 are implemented to match the 100 ohm twisted pair to the 50 ohm single ended line so that the A and B data can flow through the coupler 510 to the Ethernet devices 501 and 502 respectively. As impendence matching circuits of this type are well known in the art, no further description is necessary.
In operation, single bidirectional coupler 510 is configured to couple a sample of the A data out of the A+B data being transmitted and to also couple a sample of the B data out of the A+B being transmitted. Since coupler 510 is a bidirectional coupler, coupler 510 includes a couple forward (CF) and a couple reverse (CR) node that are both used in the coupling operation. For example, the CF node is used to couple out the A data and the CR node is used to couple out the B data However, since the A+B data is bidirectional, coupler 510 may not be able to fully isolate the A and B data and consequently may couple out a sampled signal that is labeled as Ab data, which illustrates that the signal mostly comprises A data, but may have some portion of B data included. Coupler 510 may further couple out a sampled signal that is labeled as Ba data, which illustrates that the signal mostly comprises B data, but may have some portion of A data included. The sampled signals may men be provided to signal separation stage 320 for further signal isolation, although this is not required. Note that single bidirectional coupler 510 allows for continuous communication between the Ethernet 501 and 502 devices.
Referring to Figure 5B3 an example dual bidirectional coupler 520 is depicted as being coupled to in the communication path with an Ethernet device 501 (A system) and an Ethernet device 502 (B system). Dual bidirectional coupler 520 may achieve better signal separation than single bidirectional coupler 510 of Figure 3 A. Dual bidirectional coupler 520 includes a first bidirectional coupler stage 520A coupled to a second bidirectional coupler stage 520B. Note that the use of first, second, and so on in the claims and in the specification is not meant to imply any type of ordering, but is only meant to distinguish one component from another. As mentioned previously with respect to Figure 5 A, the Ethernet devices 501 and 502 communicate using a 100 ohm differential twisted pair cable, while dual bidirectional coupler 520 is configured for a single ended 50 ohm line. Accordingly, impendence matching circuits 515 and 516, which have the same functionality as the matching circuits of Figure 5 A, are implemented to allow for signal transmission.
In operation, bidirectional coupler stage 520A is configured to couple a sample of the A data out of the A+B data being transmitted. Since coupler stage 520A is a bidirectional coupler stage, coupler stage 520A includes a CF and a CR node. The CR node, however, is typically terminated in a 50 ohm termination as coupler stage 520A is configured to sample the forward A data and not the reverse B data. However, since the A+B data is bidirectional, coupler stage 520A may not be able to fully isolate the B data and consequently may couple out a sampled signal that is labeled as Ab data, which illustrates that the signal mostly comprises A data, but may have some portion of B data included. Note that bidirectional coupler stage 520A allows for continuous communication between the Ethernet 501 and 502 devices. In like manner, bidirectional coupler stage 520B is configured to couple a sample of the B data out of the A+B data being transmitted. Since coupler stage 520B is a bidirectional coupler stage, coupler stage 520B also includes a CF and a CR node. The CR node is also typically terminated in a 50 ohm termination as coupler stage 520B is configured to sample the forward B data and not the reverse A data. However, since the A+B data is bidirectional, coupler stage 520B may not be able to fully isolate the A data and consequently may couple out a sampled signal that is labeled as Ba data, which illustrates that the signal mostly comprises B data, but may have some portion of A data included. Note that single bidirectional coupler stage 520B also allows for continuous communication between the Ethernet 501 and 502 devices. The sampled Ab and Ba data may then be provided to signal separation stage 320 for further separation if necessary.
Referring now to Figure 5 C, a differential bidirectional coupler 530 is depicted as being coupled to the communication path with an Ethernet device 501 (A system) and an Ethernet device 502 (B system). Differential bidirectional coupler 530 may achieve better signal separation than either of the couplers discussed in relation to Figures 5A and 5B. Differential bidirectional coupler 530 includes a first coupler stage 530A and a second coupler stage 530B. Note that the configuration of coupler 530 allows for the direct coupling of the 100 ohm differential lines without the need for impedance matching circuits such as circuits 515 and 516. As with the other coupler examples, differential bidirectional coupler 530 also allows for continuous communication between the Ethernet 501 and 502 devices.
In operation, coupler stage 530A is configured to couple a sample of the A data out of the A+B data being transmitted. Being bidirectional, coupler stage 530A includes a CR node that is terminated in a 50 Ohm termination, while the CF node couples out the forward Ab signal as described previously. In like manner, coupler stage 530B couples a sample of the B data out of the A+B data being transmitted. Coupler stage 530B, also being bidirectional, includes a CR node that is terminated in a 50 Ohm termination, while the CF node couples out the forward Ba signal as described previously. The Ab and Ba signals may then be provided to signal separation stage 320 if necessary, IV. Example Signal Separation Stage
As mentioned previously, signal separation stage 320 may be implemented in one or more components of passive or ZPL network tap 300 or it may be a stand alone component of the tap 300. Signal separation stage 320 may include both hardware, whether discrete analog or digital components, and software, or any combination of hardware and software, that may be used to implement various methods that are configured to further separate the A component from the Ab signal and the B component from the Ba signal.
In one embodiment, signal separation stage 320 may be implemented as a programmable attenuator and a differencing amplifier with gain that may be part of signal separator 310 or stand alone components. In other embodiments, signal separation stage 320 may be implemented as a Digital Signal Processing (DSP) module that is included in either Phy 330 or 340 or that is included in a dual or quad chip package that includes at least one of Phy 330 or 340. In still other embodiments, the signal separation stage may be included as a module of processor 370. In further embodiments, the signal separation module may be distributed across the signal separator 310, the Phys 330 and/or 340, and the processor 370 or even other components of the ZPL tap 300.
Referring now to Figure 9, Figure 9 illustrates a method 900 for a signal separator such as signal separator 310, a DSP module implemented in one of the Phys 330 or 340, or for processor 370, either separately or in combination, to separate a first and a second signal component from a first data stream used in communication between two devices. Note that although the method 900 will be described in relation to the environment of Figures 4 and 5, this is for illustration only and should not be used to limit the scope of the appended claims. It is anticipated that method 900 may be practiced in numerous environments. Method 900 includes obtaining or receiving 902 from the first data stream a second data stream comprising at least a portion of the first component and a portion of the second component that is smaller than the first component For example, in one embodiment, signal separator 310 may obtain a second data stream that includes the A data and a portion of B data that is smaller than the A data as previously explained. In alternative embodiments, the second data stream including the A data and the portion of B data may be received by a receive module of processor 370 or of a DSP module of Phys 330 and/or 340.
Method 900 also includes obtaining or receiving 904 from the first data stream a third data stream comprising at least a portion of the second component and a portion of the first component that is smaller than the second component. For example, in one embodiment, signal separator 310 may obtain a third data stream that includes the B data and a portion of A data that is smaller than the B data as previously explained. In alternative embodiments, the third data stream including the B data and the portion of A data may be received by a receive module of processor 370 or of a DSP module of Phys 330 and/or 340.
Method 900 further includes determining 906 a reverse coupling characteristic. For example, a characterization module of the signal separator 310, processor 370 or a DSP module of the Phys 330 and/or 340 may determine, based on the coupling characteristics of signal separator 310, the reverse coupling characteristic. In other embodiments, the reverse coupling characteristic may be determined ahead of time and provided to the characterization module. Having the characterization module receive the reverse coupling characteristic is to be considered determining the reverse coupling characteristic for purposes of the embodiments disclosed herein.
Method 900 additionally includes applying 908 the reverse coupling characteristic in an operation to remove at least a portion of the second component from the second data stream. For example, the signal separator 31O5 processor 370 or a DSP module of the Phys 330 and/or 340 may perform the operation, as will be explained in more detail to follow, to remove at least some of the B data from the second data stream, thus leaving substantially only the A data as part of the second data stream. Method 900 finally includes applying 910 the reverse coupling characteristic in an operation to remove at least a portion of the first component from the third data stream. For example, the signal separator 310, processor 370 or a DSP module of the Phys 330 and/or 340 may perform the operation, as will be explained in more detail to follow, to remove at least some of the A data from the third data stream, thus leaving substantially only the B data as part of the third data stream.
Figure 10 illustrates an environment and process flow 1000 that may be implemented to perform an operation to extract the B data from a data stream comprising B data and a portion of A data that is less than the B data or the A date from a data stream comprising A data and a portion of B data that is less than the A data. Note that the modules and components of environment 1000 may be included as part of signal separator 310, processor 370, a DSP module of Phys 330 and/or 340, or some other component of ZPL tap 300. Alternatively, the modules and components of environment 1000 may be disturbed across one or more of the signal separator 310, processor 370, a DSP module of Phys 330 and/or 340, or some other component of ZPL tap 300. Note that the modules and components of environment 1000 may be implemented as hardware, software, or any combination of the two without restriction as circumstances may warrant.
For example, a receive module 1010 may receive a data stream 1001 that comprises B data and a portion of A data that is smaller than the B data This is denoted as Ba data In addition, the receive module 1010 may also receive a data stream 1005 that comprises A data and a portion of B data that is smaller that the A data and is denoted as Ab data. Note that the data streams 1001 and 1005 may be received from the signal separating portions of signal separator 310.
The environment 1000 may include a characterization module 1020. Characterization module is configured to determine or alternatively to receive from another source, the reverse coupling characteristic 1025 for the signal separator 310. The reverse coupling characteristic is denoted as a factor γ.
The data stream 1005 and the reverse coupling characteristic 1030 may then be received by a multiply module 1030. The multiply module is configured to multiply data stream 1030 and reverse coupling characteristic to produce a signal 1035.
An add/subtract module 1040 then subtracts the signal 1035 from the data stream
1001. The difference is then provided to multiply module 1030, where the difference is multiplied by 1/ (1- γ z). The resultant separated signal 1050 will be comprised substantially of B data and no A data. The A data can be extracted by using this same method.
In mathematical terms, the process flow of environment 1000 is illustrated below. Note that equations 1 and 2 are derived directly from the process flow of environment 1000. Equations 3 and 4 are based on the fact that the a data and b data are equal to the reverse coupling characteristic times the A data and B data respectively. A= (Ab - γBa)/ (1 - γ2) (Equation 1)
B= (Ba - γAb)/ (1 - γ 2) (Equation 2) For example, to extract B a = γA (Equation 3) b =γB (Equation 4)
Ba= B+ a= B+γA (Equation 5) Ab = A+ b =A+γB (Equation 6)
Substituting:
B = (B+γA-γ (A+γB)) / (1- γ z)
B = (B+γA-γA-γ2B) / (l- γ2) B = (B-Y2B) / (1- γ2) B = B (I- γ2) / (l- γ2) B - B
Note that method and process flow shown in relation to environment 1000 is only one of many possible signal separation operations and should not be used to limit the scope of the invention.
In some embodiments, signal separation stage 320 can achieve at least 80% separation of the signals. For example, if the signal separation stage 320 were separating out the Ab signal, then 80% of the resulting signal would be A data and 20% would be b data In other embodiments, signal separation stage 320 may achieve 90% separation of signals. The 80% and 90% examples are meant to be typical examples with other percentages contemplated so as to enable the Phys to receive the separated signals in as pure a form as possible.
Referring now to Figures 6A-6D, examples of actual signal separation achievable by signal separator 310 by itself or in combination with signal separation stage 320 is illustrated. These figures illustrate actual results as measured on various test equipment.
Figure 6A includes a signal 601 which illustrates the A+B data of Figure 4. Signal 601 includes an A data portion 601A and a B data portion 601B. Figure 6A further illustrates the results of subjecting signal 601 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320. The resultant signal is designated as 602. As illustrated, signal 602 includes an A data portion 602 A that is substantially similar to A data portion 601 A. The B data portion 602B, however, has substantially been removed from signal 602, Accordingly, passive tap 300 is shown to achieve a high, level of success in separating the B data from the A data
In like manner, Figure 6B also includes a signal 610 that illustrates the A+B data of Figure 4. Signal 610 includes an A data portion 610A and a B data portion 610B. Figure 6B further illustrates the results of subjecting signal 610 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320. The resultant signal is designated as 611. As illustrated, signal 611 includes an A data portion 61 IA that is substantially similar to A data portion 610A The B data portion 61 IB5 however, has substantially been removed from signal 611. Accordingly, passive or ZPL tap 300 is once again shown to achieve a high level of success in separating the B
Figure imgf000027_0001
Figure 6C illustrates in further detail the signal separation that may be achieved by passive or ZPL tap 300. For example, Figure 6C illustrates a signal 620 which may correspond to the A+B data of Figure 4. As such, signal 620 includes both an A data and B data portions. Figure 6C further illustrates the results of subjecting signal 620 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320. These results are designated as signals 621 and 622.
For example, signal 621 illustrates an A data portion that is substantially similar to the A data portion of signal 620 while having a B data portion that has been substantially removed. In like manner, signal 622 includes a B portion that is substantially similar to the B data portion of signal 620 while having an A data portion that has been substantially removed. Finally, Figure 6C includes a signal 623 that is the combination of signals 621 and 622. Signal 623 illustrates that combining the two signals that have been subjected to signal separation (e.g., signals 621 and 622) produces a signal that is substantially similar to signal 620. In similar manner, Figure 6D illustrates in further detail the signal separation that may be achieved by passive or ZPL tap 300. For example, Figure 6D also illustrates a signal 630 which may correspond to the A+B data of Figure 4. As such, signal 630 includes both an A data and B data portions. Figure 6D further illustrates the results of subjecting signal 630 to passive or ZPL tap 300, specifically signal separator 310 by itself or in combination with signal separation stage 320. These results are designated as signals 631 and 632.
For example, signal 631 illustrates an A data portion that is substantially similar to the A data portion of signal 630 while having a B data portion that has been substantially removed. In like manner, signal 632 includes a B portion that is substantially similar to the B data portion of signal 630 while having an A data portion that has been substantially removed. Finally, Figure 6D also includes a signal 633 that is the combination of signals 631 and 632 and that produces a signal that is substantially similar to signal 630. V. Example Phvs
As previously mentioned, passive network tap 300 also includes Phys 330-360. In one embodiment, the Phy IC chips may be configured in a quad configuration included on a single chip as illustrated at 331 in Figure 4. The quad Phy 331 may consist of the four Phys 330-360. In other embodiments, the Phys 330-360 may be individual, separate IC chips. In still other embodiments, the Phy IC chips may be implemented as any combination of two of the Phys, for example Phys 330 and 350 on an IC chip and Phys 340 and 360 on an IC chip. In some embodiments, Phy 330 and 340 may have a connection 332 that allows the chips to communicate with each other when implemented as separate chips. Note that the exact implementation of Hie Phy chips (e.g., as a quad chip, separate, individual chips, or any combination of two of the Phys) is not important to the principles of the present invention. Further note that the actual implementation of ' the internal circuitry and internal operations of the Phy ICs is unimportant to the principles of the present invention. Rather, it is the terminal characteristics of the Phy ICs, especially a unidirectional or listen only terminal characteristic, that are important to the principles of the present invention, as will be explained in more detail to follow.
The Phys, whether implemented as a quad Phy IC 331 chip or individual Phy IC chips 330-360, are configured to have specific terminal characteristics. For example, Phy IC chips 330 and 340 are configured to be receive or listen only Phys. This means that Phys 330 and 340, regardless of how implemented (e.g., as part of a quad chip, separate, individual chips, or any combination of two of the Phys), have front ends that are different from the prior art Phys previously described as Phys 330 and 340 do not transmit. For example, Phys 330 and 340 ignore any auto negotiations between Ethernet or other protocol implanting devices A and B that are coupled to 23PL tap 300 and therefore do not need to undergo any training by the devices before the Phy IC chips can lock onto and monitor the signals between devices A and B. Instead, the Phys 330 and 340 monitor the communication between devices A and B until a data unit such as a header or idle is recognized, at which time the Phys 330 and 340 lock onto the monitored signal. Both Phy IC chips operate as a slave only chip that use the received signal clock and have no echo canceling.
Phys 330 and 340 can be power cycled on and off without network communication being effected and both can monitor the conversation between devices A and B at any time. In other words, the listen only Phys 330 and 340 may lock onto the communication signals between devices A and B without any external help from the network devices. Accordingly, Phys 330 and 340 are configured to work on unidirectional traffic and may be considered as unidirectional Phy ICs. In some embodiments, as mentioned previously, one or more of the Phy ICs may include digital signal processing that may assist in further signal separation or, as mentioned previously, may act as the signal separation stage 320.
The operation of the unidirectional Phys 330 and 340 will now be described. As illustrated in Figure 4, Phy 330 receives the recovered A data and what portion of B data remains from the signal separation stage 320 and/or the signal separator 310. Phy 330 then provides the signal to Phy 350, which in turn provides the signal to a monitoring device A through tap port 304a. In like manner, Phy 340 receives the recovered B data and what portion of A data remains from the signal separation stage 320 and/or the signal separator 310. Phy 340 then provides the signal to Phy 360, which in turn provides the signal to a monitoring device B through tap port 304b. Phys 350 and 360 may be configured to be unidirectional Phys or conventional Phys.
As mentioned above, the Phys 330 and 340 are configured in a novel way different from conventional Phys to have front end terminal characteristics that make them listen or receive only Phys. Figure 11 illustrates a method 1100 for configuring and using a listen or receive only Phy according to the principles of the present invention. Such a method was successfully performed using the DP83865 10/100/1000 Ethernet Physical Layer chip available from National Semiconductor Corporation doing business at 2900 Semiconductor Drive, Santa Clara, CA 95052-8090. Note however, that method 1100 is not limited to the use of the DP83865 chip.
Method 1100 includes obtaining 1102 a Phy 330 or 340 with a front end that does not have transmit functionality. For example, in some embodiments, a Phy 330 or 340 implemented using the DP83865 10/100/1000 Ethernet Physical Layer chip available from National Semiconductor Corporation may have its front end transmit functionality disabled by obtaining a firmware patch configured to disable the transmit functionality. For instance, one or more registers of the DP 83865 may have code or firmware modified or newly written to it that disables the transmit functionality. The function of this firmware is to place the DP83865 into a forced mode of operation (using the DP83865 special "manual" configuration mode). For example, the code or firmware may disable IOOOBASET Auto-Negotiation, disable one or more output drivers and configure the DP83865 as a Slave device. In other embodiments, a Phy chip may be obtained that has previously had its front end transmit functionality disabled or removed by hard coding at manufacture time or by other process now known in the art or hereafter developed. The embodiments disclosed herein contemplate other ways of obtaining a Phy chip with no front end transmit functionality. Method 1100 also includes viewing or monitoring 1104 incoming data frames or packets with the Phy chip. For example, the Phy 330 or 340 that has no front end transmit functionality may receive the separated A or B data from signal separation stage 320 and/or signal separator 310. The Phy 330 or 340 may then view the A or B data.
Method 1110 also includes recognizing 1106 known signal elements with the Phy chip. For example, by knowing that the type of data to lock onto, such as Gigabit Ethernet data, the clock rate is defined, so that performing clock recovery from the receive data stream is possible. Further, it well known that Ethernet data has a known signal packet with known elements such as three idles between data frames. In one embodiment, the PCS (Physical Coding Sublayer) of Phy chip 330 or 340 implemented as the DP83865 chip is configured to view the data steam until it recognizes the Ethernet idle or some other known element. In this way, the Phy chip is able to learn that the received data is an Ethernet signal without having to undergo auto negotiation and to lock onto this signal.
Method 1100 further includes using 1108 the known signal element to at least partially lock onto the data frame or packet. For example, Phy 330 or 340 uses the known signal element such as the Ethernet idle to lock onto the A data stream or the B data stream. The data stream may then be provided by Phys 330 and 340 to Phys 350 and 360, which in turn may provide the signals to external monitoring devices through tap ports 304a and 304b. Note that the amount of time it takes for Phy 330 or 340 to lock onto the signal is not important. As tap 300 is a passive tap, the speed that Phys 330 and 340 lock onto the signal does not effect the operation of the tap 300. Advantageously, users of network devices A and B do not notice when the listen only Phys 330 and 340 lock onto the data stream. Further, power may be cycled on and off to the listen only Phys without users of network devices A and B knowing and without any data being lost. VI. Example Methods and Systems
As described herein, the systems of the invention can be used to tap a network cable and access network data The invention further extends to the use of the systems described herein to access network data, to supply the network data to any associated device, and to process the data. For instance, the system 300 can be used to access Ethernet data being communicated over a copper network cable and to supply the accessed data to a network analyzer device. The network analyzer device can then perform diagnostic functions on the accessed data.
The network analyzer can be a local device that is dedicated for use with a single system 300. Alternately, the network analyzer can be used in conjunction with a plurality of systems 300 as will be described below, and can access and analyze or otherwise process the data accessed by any of the associated systems 300. The network analyzer can instead be remote and receive the accessed data through a data network
The data can also be used for any other purpose. For example, the data can be stored and analyzed or processed in a delayed manner. Alternately, the access data can be processed in real time. The invention extends to methods for using the systems described herein to access Ethernet data and to analyze the content, such as the content of data files, telephone conversations carried using Voice over IP (VoIP) or other protocols, images, video, audio, or other data types. It is noted that one of the benefits of the network taps of the invention is that they are passive and do not affect the data being transmitted over the network except for some attenuation thereof. Unlike conventional taps, which use relays with physical switches, the taps of the invention do not include any active components positioned in-line with the network cable that could cause data packet loss or otherwise cause users on either end of the network link to be aware of the fact that data is being accessed by a tap. Regardless of loss of power to the tap, there is no loss of communication between the Ethernet devices. This feature is particularly useful for governmental agencies or other entities that are authorized to access network data for the purposes of monitoring and surveillance of communications.
Reference is now made to Figure 7. As mentioned, depending upon the needs of the user, the ZPL tap 300 can be employed alone or, as discussed above in connection with Figure 2, as part of a larger group of ZPL tap devices. In the event that multiple ZPL tap devices are employed, those devices are fitted in the chassis 252, which is suitably sized and configured to retain a predetermined number of devices therein. In the example arrangement shown in Figure 7, twenty four (24) ZPL tap devices 300 are retained in the chassis 252 of the tap array 250, arranged in two (2) rows of twelve (12) cards each. When thus arranged, the 24 ZPL tap devices 300 collectively define a chassis foπn factor having approximate dimensions of about 17" (IU) wide by about 7" (4U) high by about 8" deep. So configured, the ZPL tap array 250 can tap data streams from a variety of points in the computer network 100 and forward these streams to respective monitoring devices for analysis or other treatment. Reference is now made to Figure 8. In another example embodiment of the present invention, the network tapping functions of one or more ZPL taps can be merged with data aggregating functionality provided by an aggregator to enable both data tapping and aggregating in an integrated device. One example of such a device is shown in Figure 8, which shows a ZPL tap/aggregator ("ZPL T/A"), generally designated at 400. As shown, the ZPL T/A 400 includes a sub-chassis 402 that houses various components, including a plurality of network tap devices in the form of tap data cards 404, and an aggregator card 406. The ZPL T/A 400 generally functions by tapping data from various points on the network using the plurality of tap data cards 404, then aggregating that data via the aggregator card 406 before the data is forward to a monitoring device or other suitable component. Use of the ZPL T/A 400 in this manner simplifies the tapping process and topology by integrating various functionalities into one device.
In a general sense, the ZPL T/A includes within its sub-chassis a number, "X," of ZPL active plug-in data cards that operably connect with the corresponding X-into-1 aggregator plug-in card, where "X" again represents the number of cards in the group of ZPL active data cards. As such, it is appreciated that the number of tap data cards that are to be connected to a corresponding aggregator card can be varied. Ih the example embodiment illustrated in Figure 8, five (5) tap data cards are connected with a corresponding 5 -into- 1 aggregator card. This combination therefore provides both ZPL aggregation and ZPL TAP capabilities. In other embodiments, multiple tap data cards could be included with multiple aggregator cards within a single sub-chassis, wherein some of the tap data cards are assigned to one aggregator and the remaining tap data cards are assigned to the other aggregator card.
In the present embodiment, both the tap data cards 404 and the aggregator card 406 have the same form factor. One example form factor for the aforementioned cards is about 7/8 inches wide by 3.5 inches (2U) high by 5.5 inches deep. Of course, other form factors may be defined and employed as well, and the scope of the invention is not limited to any particular form factor or card configuration.
In greater detail, each of the tap data cards 404 and aggregator card 406 includes a housing including a housing front face 408. An LED bank 410, including LEDs 410a and b, is included on the front face 408 of each tap data card 404 of the ZPL T/A 400. Similarly, the front face 408 of the aggregator card 406 includes an LED bank 411 including LEDs 411a, b, and c. The LED banks 410 and 411 are employed to enable the functionality status of the tap data cards 404 and aggregator card 406 to be determined.
Also included on the front faces of 408 of the tap data cards 404 and aggregator card 406 are a plurality of interfaces, or ports, for interfacing with the communications network. In particular, each tap data card 404 includes two RJ-45 network ports 412a and 412b on the front face 408, and a dual output backplane connector (not shown) on the rear portion of the card. In an alternative embodiment the rear portion of the card can include two RJ-45 outlet ports. Correspondingly, the aggregator card 406 includes RJ-45 tap ports 414a and 414b on its front face and a backplane connector (not shown) on the rear portion of the card. Note that this combination of interfaces is merely shown as an example, and additional or alternative interfaces may be employed.
The functionality of each tap data card 404 is similar to that of the ZPL tap 300 described above in connection with Figures 3 and 4. As such, the network ports 412a, b of each tap data card 404 are operably connected to a node on the communications network by communication cables such that data traversing the network at the node can be input into and output from the tap data card via the network ports. Each tap data card 404 can be interconnected with a different node on the network so as to enable data from various points on the network to be tapped. The backplane connector on the rear portion of each tap data card 404 is operably connected to the backplane connector of the aggregator card 406 so as to enable each data stream from each outlet port to be input into the aggregator card. Thus, in the ZPL T/A configuration shown in Figure 8, the aggregator card 406 is configured to receive data streams from the outlet ports of each of the tap data cards 404 via its backplane connector.
Once received by the aggregator card 406, the data streams received from each tap data card outlet port are combined, or aggregated, into two composite data streams that are directed out of the aggregator card 406 via the tap ports 414a, b. These data streams can then be forwarded via communication cables to a monitoring device or other suitable location.
As indicated in Figure 8, each of the tap data cards 404 of the ZPL T/A 400 includes the LED bank 410, including the LEDS 410a and b. Each of the LEDs 410a and b can act as a status indicator, such as a bi-color LED for example, in order to supply a visual status indication with regard to the link connectivity for those cards. The LEDs 410a, b can be used to indicate the link status of each of the tap data cards 404. In one embodiment, the LED 410a will light green if a valid Gigabit Ethernet connection is detected on network port A, while the LED 410b will light green if a valid Gigabit Ethernet connection is detected on network port B. In addition, the front face 408 of each tap data card 404 may include further identifications for each of the network ports 412a and 412b. Note that the labeling present on the front face 408 of the tap data cards 404 can be modified according to the different configurations possible with the tap data cards or the aggregator card.
Similar to the tap data card 404, the aggregator card 406 also includes indication functionality that enables a user to make various determinations concerning the operation and status of the card. As mentioned, the example embodiment disclosed in Figure 4 includes an aggregator card having the LED bank 411 including the LEDs 41 Ia7 b, and c. The LED 411c lights green when DC power is detected on the DC power port, and lights red or is extinguished, when no DC power is detected on the DC power port. Similar to the tap data cards 404, the LEDs 411a, b of the aggregator card 406 can be used to indicate the link status of the aggregator ports: in one embodiment, the LED 410a will light green if a valid Gigabit Ethernet connection is detected on network port A, while the LED 410b will light green if a valid Gigabit Ethernet connection is detected on network port B.
Together with Figure 8, reference is now made to Figure 12. As previously mentioned, the components of the ZPL T/A 400 are included in a housing referred to herein as the sub-chassis 402. In general, the form factor of a particular sub-chassis will depend upon the number of cards that are included in the sub-chassis. As an example, the 5-ioto-l tap/aggregator arrangement disclosed in Figure 9 has a form factor of less than about 7" high by about 5-2/3" wide by about 12" deep. As suggested above, however, multiple sub-chassis can be combined together in an equipment rack to form or define a chassis, such as the chassis shown in Figure 9 and generally designated at 450. In the present example embodiment, five sub-chassis 402, each including five tap data cards 404 and one aggregator card 406, are combined together in an equipment rack to form the chassis 450 that can provide ZPL data tapping and aggregation for thirty (30) data links. The form factor for the example arrangement of the chassis 450 in Figure 6 is about 7" high by about 19" wide by about 12" deep. This arrangement generally corresponds with a standard 4U rack mount.
In the example arrangement illustrated in Figure 12, one of the sub-chassis 402 includes an unutilized link 452, while the chassis 450 itself includes a vacant sub-chassis location 454. These details illustrate that fewer than all of the links in any given sub- chassis, and fewer than all sub-chassis locations may be employed in a particular configuration. Because some or all of the links of any number of sub-chassis can be employed, embodiments of the invention enable virtually unlimited flexibility in terms of the definition and implementation of ZPL tap/aggregation arrangements. Moreover, because data signal transfer between the pluggable cards of the chassis occurs in the chassis backplane, the need to use cables and other connectors in one embodiment is greatly reduced.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing descriptioa All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.

Claims

CLAIMS What is claimed is:
1. A Zero Packet Loss (ZPL) network tap device array, comprising: a chassis; and a plurality of network tap devices included in the chassis, at least one of the network tap devices being a ZPL tap configured to passively monitor network data.
2. The ZPL network device array in accordance with Claim 1, wherein the at least one ZPL tap comprises: first and second network ports configured to operably connect with frist communication cables, the first communication cables configured to cany data signals comprising first and second signal components to and from the network tap device; first and second tap ports configured to operably connect with second communication cables; a signal separator having a first node connected to the first network port and a second node connected to the second network port, wherein the signal separator is configured to receive the data signals from at least one of the first or second network port and pass through the data signals to the network port not providing the data signals, and wherein the signal separator is further configured to obtain while passing through the data signals a first signal portion substantially comprising the first signal component and a second signal portion substantially comprising the second signal component ; a first receive only physical interface device (Phy) configured to receive the first signal portion from the signal separator and provide the first portion to the first tap port; OJid a second receive only Phy configured to receive the second signal portion from the signal separator and provide the second signal portion to the second tap port.
3. The ZPL network device array in accordance with Claim 2, wherein the at least one ZPL tap further comprises: a signal separation module coupled between the signal separator and the first and second receive only Phys, wherein the signal separation module is configured to substantially remove the second signal component from the first signal portion and to substantially remove the first signal component from the second signal portion.
4. The ZPL device array in accordance with Claim 2, wherein the first and second tap ports are configured to be connected via the second communication cables to a monitoring device for monitoring the first and second signal portions.
5. The ZPL device array in accordance with Claim 2, wherein the first and second network ports are RJ-45 ports located on the front face of the ZPL tap.
6. The ZPL device array in accordance with Claim 1 , further comprising: a sub-chassis; a plurality of ZPL tap devices in the sub-chassis, each ZPL tap being configured to passively monitor network data, each ZPL tap capable of outputting a stream of data; and at least one aggregator that receives and aggregates the streams of data output from each of the ZPL tap devices, the at least one aggregator configured to forward the aggregated data to a monitoring device.
7. The ZPL device array in accordance with Claim I3 wherein ZPL device array does not affect data being transmitted over a network coupled to the ZPL device array except for normal attenuation.
8. The ZPL device array in accordance with Claim 1, wherein communication between network devices coupled to the ZPL device array is not lost due to a loss of power to the ZPL device array.
9. The ZPL device array in accordance with Claim 1, wherein ZPL device array is configured to monitor and analyze the content of data files, telephone conversations carried using Voice over IP (VoIP) or other protocols, images, video, audio, or other data types.
10. A passive network tap coupled to the communication path of a copper- based communications network including first and second devices, the first and second devices communicating by use of a data stream including a first and a second component, the passive network tap comprising: first and second network ports configured to operably connect with frist communication cables, the first communication cables configured to carry the data stream to and from the network tap device; first and second tap ports configured to operably connect with second communication cables; a signal separator having a first node connected to the first network port and a second node connected to the second network port, wherein the signal separator is configured to receive the data stream from at least one of the first or second network port and pass through the data stream to the network port not providing the data stream, and wherein the signal separator is further configured to obtain while passing through the data stream a first signal portion substantially comprising the first signal component and a second signal portion substantially comprising the second signal component ; a first receive only physical interface device (Phy) configured to receive the first signal portion from the signal separator and provide the first portion to the first tap port; and a second receive only Phy configured to receive the second signal portion from the signal separator and provide the second signal portion to the second tap port.
11. The passive network tap in accordance with Claim 10, wherein the at least further comprising: a signal separation module coupled between the signal separator and the first and second receive only Phys, wherein the signal separation module is configured to substantially remove the second signal component from the first signal portion and to substantially remove the first signal component from the second signal portion.
12. The passive network tap in accordance with Claim 10, wherein the first and second tap ports are configured to be connected via the second communication cables to a monitoring device for monitoring the first and second signal portions.
13. The passive network tap in accordance with Claim 10, wherein the first and second network ports are RJ-45 ports located on the front face of the passive network tap.
14. The passive network tap in accordance with Claim 10, wherein the signal separator is a differential bidirectional coupler.
15. The passive network tap in accordance with Claim 10, wherein the signal separator is a single ended single or dual bidirectional coupler.
16. The passive network tap in accordance with Claim 10, wherein the first and second listen only Phys are configured to ignore auto negotiation between the first and second devices of the communications network and to lock onto the data stream without any external help from the first and second devices of the communications network.
17. The passive network tap in accordance with Claim 10, wherein the first and second listen only Phys are configured to be power cycled on and off without network communication being effected.
18. The passive network tap in accordance with Claim 10, wherein the passive network tap does not affect data being transmitted over the communications network except for normal attenuation.
19. The passive network tap in accordance with Claim 10, wherein communication between the first and second devices of the communications network is not lost due to a loss of power to the passive network tap.
20. The passive network tap in accordance with Claim 10, wherein the passive network tap is configured to monitor and analyze the content of data files, telephone conversations carried using Voice over IP (VoIP) or other protocols, images, video, audio, or other data types.
PCT/US2006/060917 2005-11-15 2006-11-15 Passive tap and associated system for tapping network data WO2007059509A2 (en)

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
US73724005P 2005-11-15 2005-11-15
US60/737,240 2005-11-15
US73951305P 2005-11-23 2005-11-23
US73987905P 2005-11-23 2005-11-23
US60/739,879 2005-11-23
US60/739,513 2005-11-23
US75334805P 2005-12-22 2005-12-22
US60/753,348 2005-12-22
US77193206P 2006-02-09 2006-02-09
US60/771,932 2006-02-09

Publications (2)

Publication Number Publication Date
WO2007059509A2 true WO2007059509A2 (en) 2007-05-24
WO2007059509A3 WO2007059509A3 (en) 2008-02-21

Family

ID=38049394

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/060917 WO2007059509A2 (en) 2005-11-15 2006-11-15 Passive tap and associated system for tapping network data

Country Status (1)

Country Link
WO (1) WO2007059509A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7778207B2 (en) 2005-11-15 2010-08-17 Light Greta L Passive tap and associated system for tapping network data
US7809960B2 (en) 2005-10-12 2010-10-05 Cicchetti Christopher J Network tap device powered by power over ethernet
US7809476B2 (en) 2005-10-12 2010-10-05 Cicchetti Christopher J Network tap/aggregator configured for power over ethernet operation
US8027277B2 (en) 2005-11-15 2011-09-27 Jds Uniphase Corporation Passive network tap for tapping network data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040215832A1 (en) * 2003-03-31 2004-10-28 Gordy Stephen C. Network tap with interchangeable ports
US20050071711A1 (en) * 2003-09-19 2005-03-31 Shaw Robert E. Multiple and parallel access network tap for gigabit internet lans
US20050129033A1 (en) * 2003-12-13 2005-06-16 Gordy Stephen C. Network tap for use with multiple attached devices
US20050147082A1 (en) * 2003-12-30 2005-07-07 Keddy Asha R. Apparatus to control PHY state of network devices
US20050222815A1 (en) * 2004-03-31 2005-10-06 Kevin Tolly System and method for testing and certifying products

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040215832A1 (en) * 2003-03-31 2004-10-28 Gordy Stephen C. Network tap with interchangeable ports
US20050071711A1 (en) * 2003-09-19 2005-03-31 Shaw Robert E. Multiple and parallel access network tap for gigabit internet lans
US20050129033A1 (en) * 2003-12-13 2005-06-16 Gordy Stephen C. Network tap for use with multiple attached devices
US20050147082A1 (en) * 2003-12-30 2005-07-07 Keddy Asha R. Apparatus to control PHY state of network devices
US20050222815A1 (en) * 2004-03-31 2005-10-06 Kevin Tolly System and method for testing and certifying products

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7809960B2 (en) 2005-10-12 2010-10-05 Cicchetti Christopher J Network tap device powered by power over ethernet
US7809476B2 (en) 2005-10-12 2010-10-05 Cicchetti Christopher J Network tap/aggregator configured for power over ethernet operation
US7778207B2 (en) 2005-11-15 2010-08-17 Light Greta L Passive tap and associated system for tapping network data
US7787400B2 (en) 2005-11-15 2010-08-31 Light Greta L Passive network tap with digital signal processing for separating signals
US7860034B2 (en) 2005-11-15 2010-12-28 Light Greta L Receive only physical interface device IC used in a passive network tap
US7860033B2 (en) 2005-11-15 2010-12-28 Light Greta L Passive network tap with bidirectional coupler and associated splitting methods
US8027277B2 (en) 2005-11-15 2011-09-27 Jds Uniphase Corporation Passive network tap for tapping network data

Also Published As

Publication number Publication date
WO2007059509A3 (en) 2008-02-21

Similar Documents

Publication Publication Date Title
US7860034B2 (en) Receive only physical interface device IC used in a passive network tap
US8027277B2 (en) Passive network tap for tapping network data
US7809960B2 (en) Network tap device powered by power over ethernet
US7809476B2 (en) Network tap/aggregator configured for power over ethernet operation
US7522543B2 (en) High-speed communications network tap with zero delay
US6975209B2 (en) In-line power tap device for Ethernet data signal
US7486624B2 (en) Multiple and parallel access network tap for gigabit internet LANS
US8386846B2 (en) Network switch with backup power supply
US7548515B2 (en) Apparatus for monitoring a network
EP2609697B1 (en) Scalable high speed gigabit active bundle link and tester
US6898632B2 (en) Network security tap for use with intrusion detection system
US6912282B2 (en) Enabling Cisco legacy power to support IEEE 802.3 AF standard power
US20040120259A1 (en) Passive network tap device
US20120023340A1 (en) Network switch with power over ethernet
US8165133B2 (en) Physical layer device with integrated switch
US20130149912A1 (en) Local Area Networks for Intelligent Patching System Controllers and Related Methods, Controllers and Communications Interfaces
WO2007059509A2 (en) Passive tap and associated system for tapping network data
US6880078B2 (en) Xaui extender card
CN101741571A (en) Ethernet multipath branching unit and realization method thereof
US8543844B2 (en) Inline power control
JP2010239418A (en) Transmission line terminating circuit and transmission line monitoring method
Koyama et al. Monitoring Tool for IP-based Program-production Systems in Conjunction with NMOS Control Information
US20060002420A1 (en) Tapped patch panel
US6998734B1 (en) Systems and methods for providing high density connections for a network device
JP2001007833A (en) Interface converter

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06846309

Country of ref document: EP

Kind code of ref document: A2