NEOX NETWORK Hybrid 100Base-FX Multimode 100Mbps Fiber TAPs User Guide

QUICK USER GUIDE
// NEOX Packet Raven

NEOXPacketRaven Hybrid 100Base-FX Multimode 100Mbps Fiber TAPs
with Data Diode Function
QUICK USER GUIDE

Hybrid 100Base-FX Multimode 100Mbps Fiber TAPs

 Hybrid Fiber TAPs with media conversion and signal regeneration are decoupling elements for passive, secure and reliable tapping of network data in optical networks. These TAPs are looped into the fiber-optic line to be monitored and route out the entire data traffic while maintaining data integrity, without interruption and without packet loss.
Using conventional SPAN ports, also known as mirror ports, on the other hand, can distort the result, as this copying process works in store-and-forward mode and, for example, discards FCS/CRC faulty packets on OSI layer 2 instead of providing these Ethernet frames to the security or monitoring tool.
Our Network TAPs do not have a MAC or IP address, but work entirely on OSI Layer 1 and cannot be traced in the network without special and expensive measuring equipment. Hackers and attackers therefore have no chance. As the integrity of the outgoing data remains unaltered due to this tapping method, our Network TAPs are increasingly used in the areas of network forensics, security and monitoring.
Furthermore, our Hybrid 100Base-FX TAPs behave passively on the network side, which means that there is no interruption of network traffic in the event of a power failure.
In order to ensure the highest possible reliability on the monitoring side, our Hybrid Fiber TAPs are equipped with redundant power supplies, but can also be additionally operated or secured with 1248V DC voltage.
In addidtion, our TAPs work like a data diode and the monitoring ports are physically isolated from the network ports, which prevents access to the network via the monitoring ports on the hardware side for security reasons. Therefore, our Hybrid Fiber TAPs guarantee a reliable network analysis or security investigation without compromise.
This range of our Packet Raven TAPs are designed as portable TAPs, but can also be installed in a 19“ mounting frame in data centres via a mounting kit and support a network speed of 100Mbps (100Base-FX).
With Packet Raven Network TAPs you get permanent network access without risk and provide e.g.
your monitoring tools with 100% reliable network data – without introducing a single point of failure.

Highlights

• Safe, rock-solid FPGA-based design
• 100% feedback-free due to galvanic isolation (Data Diode Function)
• Support for up to 16k Jumbo frames
• Mirrors 100% of data traffic including FCS/CRC erroneous packets that may be discarded by SPANs
• Plug-n-Play – operating mode change via DIP switch
• No interruption of network traffic in case of TAP power failure
• Power supply via 2 redundant AC/DC power supplies (5V) possible and/or 12-48V DC voltage
• Designed, assembled, certified and tested in Germany

Front view – Connections and LEDs

(A) LC Network ports A and B
(B) RJ45 Monitoring ports A & B and Status LEDs (see section 2.1)
(C) 12-48V DC Power LED (see section 3.)
If power is supplied via the 12-48V DC connection, this LED lights up.
(D) 2 Power LEDs for AC/DC 5V (see section 3.)
It is possible to connect up to 2 power supply units to ensure power supply redundancy.
(E) Aggregation mode LED (see section 6.1)
If the Aggregation mode is activated instead of the standard Breakout mode, this LED lights up.

Front view – Meaning of the Port LEDs

Depending on the configuration of the MONITOR port speed (see section 6.3), the LEDs light up in different combinations. It must be ensured that all devices connected to the NETWORK port have the same network speed set. This is the only way to ensure smooth and transparent operation of the TAP.

Back View

(A) DIP switch for setting the operating mode and the monitoring port speed (see section 6.)
(B) Connection for 12-48V DC voltage The polarity at the DC connection does not matter, as the TAP automatically detects the live line and passes the power supply to the TAP accordingly in the required form!
(C) Redundant connections for 2 AC/DC power supplies (5V)
For reasons of compatibility and EMC protection, our TAPS may only be operated with the supplied power supplies certified together with the TAP. If the TAP is nevertheless operated with power supplies other than those supplied, any warranty claim granted for the TAP will be voided!

Split Ratios / Light Decoupling

In order to tap data from an optical network connection, it is necessary to decouple or split off a part of the available light signal.
The split ratio is the ratio of the amount of light that is still available for the fiber network connection in relation to the amount of light that is diverted or split off to the monitoring ports of the Fiber Network TAPs.
A split ratio of e.g. 70/30 means that 70% of the light is still available for the network connection and 30% is split off for the monitoring ports.
However, since our Hybrid TAPs have a copper or SFP-based monitoring output, 100% signal strength is available by means of so-called OEO conversion – i.e. conversion of the optical signal into an electrical signal – in contrast to fibre-based monitoring ports.

Data Diode Function

Data Diodes ensure unidirectional communication and ensure that data traffic can only flow in one direction.
Unidirectional network devices are typically used to ensure information security or the protection of critical digital systems, such as industrial control systems or production networks from cyber attacks.
Our active TAPs work like a diode and do not allow access to the network via the monitoring ports for security reasons.
By adding this further layer of security, it is therefore not possible to compromise the network connection and the productive network.

Connection reliability in case of power loss

With all our active Hybrid Network TAPs it is guaranteed that a loss of the TAP power supply will not lead to a failure of the active network line.
Only the devices connected to the monitoring port may no longer be supplied with data.

Advanced functions of Hardened TAPS

| Our Network TAPs with RJ45 monitoring output work like a data diode and thus physically isolate the monitoring ports from the network ports. This ensures that, for security reasons, access to the network via the monitoring ports is prevented on the hardware side.
---|---
| Packet Raven Network TAPs are therefore already in the standard version among the network components through which an attack vector is excluded.
For high-security areas according to IEC 62443 and critical infrastructures (CRITIS), however, even this is sometimes not sufficient, which is why NEOX Networks now also offers a specially hardened version of its TAPs.
| If desired, these TAPs can be delivered pre-configured and then do not allow any subsequent configuration changes.
In addition, they are secured against unwanted or unnoticed opening by special screws and security seals.
| And to round it all off, these TAPs also have a specially secured and encrypted firmware. Secureboot checks each time the TAP is started whether the firmware to be executed has a valid signature and an authorised public key. If this is not the case, the TAP cannot be put into operation.

Front Panel – mobile or mounting kit/mounting frame version

Our TAPs are available with a front panel for mobile use – as well as with mounting frames (-ERW versions) for permanent installation in our PRP-1U3 server cabinet mounting frame, which provides space for three of our portable TAPs each.

Of course, TAPs with mounting frames can also be used in mobile applications!

Configuration by means of DIP switch

As shown in the figure to the right, switches 2 and 3 are used to select the operating mode and switches 4 and 5 are used to set the monitoring port speed in aggregation mode (100Base-TX or 1000Base-T).
The switches numbered 1, 6, 7 and 8 are ignored and left for future use.
The desired configuration should be set before plugging in the power cable. If an invalid configuration has been selected, all LEDs on the unit light up and the relay switches are not activated. In this case, switch off the unit and check the DIP switches.
When changing the configuration by means of DIP switches, it is always necessary to perform a restart by disconnecting the power supply so that the new settings are activated!
In case of a restart, however, there is no interruption of the network traffic!

Operating Mode Configuration

When selecting the operating mode (switches 2 & 3), the configuration is as follows:

• Aggregation: In this mode, the data streams are bundled and output aggregated on both of the monitoring ports. This allows you to evaluate the network data of a full duplex line simultaneously with a single network interface on your analyzer. Due to the aggregation in hardware (FPGA), faulty packet sequences during recording are a thing of the past in this mode. For example, you can analyse the entire data traffic aggregated in 100Base-Tx lines without loss.
  The RJ45 monitoring ports will spin up the link at 100Base-TX or 1000Base-T, depending on which monitoring port speed has been selected. (see section 6.3).
  Switch value 01

• Breakout: Each Ethernet packet transmitted via the network line is mirrored separately in this mode while maintaining data integrity in the TAP. The send and receive directions are output separately on the two monitoring ports so that the network traffic can be analysed per data direction in this case. Another great advantage of the Breakout mode is the visibility of the network traffic even with a fully loaded network connection. In this mode, the set network speed is transferred to the monitoring ports.
  In this case with 100M (100Base-FX) on the network port – and 100M (100Base- TX) on the monitoring port.
  Switch value 00

• Regeneration: Regeneration is used to capture 100% full duplex traffic that can be sent to multiple monitoring devices (up to 3 in this case) for analysis of your network. In this mode, the network speed settings are synchronised as in Breakout mode and the setting on the DIP switch is applied to all ports.  Switch value 10

Passive/Power Off Mode

If the TAP power supply fails, the active network connection is not interrupted.
Only the devices connected to the monitoring port are no longer supplied with data.

Configuring the speed of the Monitoring Port

Only applicable in Aggregation mode!
The following constellation results for the speed selection (switches 4 & 5):

100Base-TX (100Mbit):
Switch value 01|
---|---
1000Base-T (1Gbit):
Switch value 00|

Technical Specifications

70:30:00
Multimode OM3, OM4, OM5| 3.8 dB / 3.8 dB| 2.8 dB / 4.8 dB| 2.2 dB / 6.1 dB| 1310nm

TAP

EN61000-3-2, EN61000-3-3, EN61000-6-2

POWER SUPPLY

– 5.5 mm outer diameter
– 2.1 mm inner diameter

Item Numbers – TAPs & Accessories

STANDARD MODELS

All TAPs for fiber type OM4 are also OM3 compatible!
The TAPs whose item numbers end in „-ERW“ have a special front panel to allow them to be installed in our server cabinet mounting frame!
ITEM NO.| MEDIA
TYPE| NETWORK| FIBRE
TYPE| WAVELENGTH| CONN.
NET.| CONN.
MON.| SUPPORTED
TAP MODES
PRP-OM3FX-SLC-| 100Base-FX| 100Mbps| OM3| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM3FX-SLC--ERW| 100Base-FX| 100Mbps| OM3| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM3FX-SLS-| 100Base-FX| 100Mbps| OM3| 1310 nm| LC Multimode| SFP| Aggregation, Breakout, Regeneration
PRP-OM3FX-SLS--ERW| 100Base-FX| 100Mbps| OM3| 1310 nm| LC Multimode| SFP| Aggregation, Breakout, Regeneration
PRP-OM4FX-SLC-| 100Base-FX| 100Mbps| OM4| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM4FX-SLC--ERW| 100Base-FX| 100Mbps| OM4| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM4FX-SLS-| 100Base-FX| 100Mbps| OM4| 1310 nm| LC Multimode| SFP| Aggregation, Breakout, Regeneration
PRP-OM4FX-SLS--ERW| 100Base-FX| 100Mbps| OM4| 1310 nm| LC Multimode| SFP| Aggregation, Breakout, Regeneration

• jeweiliges Split Ratio- z.B. „70“ für ein Split Ratio von 70:30, „60“ für 60:40, „50“ für 50:50

HARDENED MODELS

All TAPs for fiber type OM4 are also OM3 compatible!
The TAPs whose item numbers end in „-ERW“ have a special front panel to allow them to be installed in our server cabinet mounting frame!
ITEM
NO.| MEDIA
TYPE| NETWORK| FIBRE
TYPE| WAVELENGTH| CONN.
NET.| CONN.
MON.| SUPPORTED
TAP MODES
PRP-OM3FX-SLC--100MA-S| 100Base-FX| 100M| OM3| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM3FX-SLC--100MA-S-ERW| 100Base-FX| 100M| OM3| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM3FX-SLC--100MAO-S| 100Base-FX| 100M| OM3| 1310 nm| LC Multimode| RJ45| Aggregation
PRP-OM3FX-SLC--100MAO-S-ERW| 100Base-FX| 100M| OM3| 1310 nm| LC Multimode| RJ45| Aggregation
PRP-OM3FX-SLC--100MBO-S| 100Base-FX| 100M| OM3| 1310 nm| LC Multimode| RJ45| Breakout
PRP-OM3FX-SLC--100MBO-S-ERW| 100Base-FX| 100M| OM3| 1310 nm| LC Multimode| RJ45| Breakout
PRP-OM4FX-SLC--100MA-S| 100Base-FX| 100M| OM4| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM4FX-SLC--100MA-S-ERW| 100Base-FX| 100M| OM4| 1310 nm| LC Multimode| RJ45| Aggregation, Breakout, Regeneration
PRP-OM4FX-SLC--100MAO-S| 100Base-FX| 100M| OM4| 1310 nm| LC Multimode| RJ45| Aggregation
PRP-OM4FX-SLC--100MAO-S-ERW| 100Base-FX| 100M| OM4| 1310 nm| LC Multimode| RJ45| Aggregation
PRP-OM4FX-SLC--100MBO-S| 100Base-FX| 100M| OM4| 1310 nm| LC Multimode| RJ45| Breakout
PRP-OM4FX-SLC--100MBO-S-ERW| 100Base-FX| 100M| OM4| 1310 nm| LC Multimode| RJ45| Breakout

• respective split ratio – e.g. „70“ for a split ratio of 70:30, „60“ for 60:40, and „50“ for 50:50

plate for mounting frame PRP-1U3

ITEM NO.| POWER SUPPLIES & ACC.| ITEM NO.| POWER SUPPLIES & ACC.
---|---|---|---
PRP-PS-INT| PSU with EU, UK, and US plug head| PRP-PS-UK| Power supply unit with UK plug (head)
PRP-PS--A| Plug head EU, UK or US| PRP-PS-US| Power supply unit with US plug (head)
PRP-PS-EU| Power supply unit with EU plug (head)| |

of up to 100 m
NX-SFP-FX-100M| 100Base-FX SFP transceiver, Multimode, 1310nm, supports connection lengths of up to 2 km
NX-SFP-SX-1G| 1000Base-SX SFP transceiver, Multimode, 850nm, supports connection lengths of up to 550 m
NX-SFP-LX10-1G| 1000Base-LX SFP transceiver, Singlemode, 1310nm, supports connection lengths of up to 10 km
NX-SFP-LX20-1G| 1000Base-LX SFP transceiver, Singlemode, 1310nm, supports connection lengths of up to 20 km
NX-SFP-LX40-1G| 1000Base-LX SFP transceiver, Singlemode, 1310nm, supports connection lengths of up to 40 km
NX-SFP-ZX80-1G| 1000Base-ZX SFP transceiver, Singlemode, 1550nm, supports connection lengths of up to 80 km
NX-SFP-ZX120-1G| 1000Base-ZX SFP transceiver, Singlemode, 1550nm, supports connection lengths of up to 120 km
NX-SFP-ZX160-1G| 1000Base-ZX SFP transceiver, Singlemode, 1550nm, supports connection lengths of up to 160 km

NEOX NETWORKS GmbH
Monzastr. 4 · 63225 Langen · Germany
+49 6103 / 37 215 910
solutions@neox-networks.com
www.neox-networks.com

References

• NEOX NETWORKS - Solution Provider für Netzwerk-Monitoring & -Security Lösungen

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>