NEOX PacketRaven 100M Portable Copper SFP & Fiber Network TAPs User Guide

NEOX PacketRaven 100M Portable Copper SFP & Fiber Network TAPs

NEOXPacketRaven 100M/1000M SFP TAP

Product Information

The NEOXPacketRaven 100M/1000M SFP TAP is a unidirectional network device that ensures information security and protects critical digital systems such as industrial control systems or production networks from cyber attacks. The TAP works like a data diode and does not allow access to the network via the monitoring ports for security reasons. It adds an extra layer of security to prevent network connection compromise and ensure the productive network’s safety. The TAP has front panel options for mobile or mounting kit/mounting frame versions, and it supports power supply redundancy with up to 2 power supply units.

Product Usage Instructions

• When configuring the TAP speed, ensure that all devices connected to the NETWORK port are set to the same network speed.
• This ensures smooth and transparent operation of the TAP. The TAP supports 100M and 1G modes, and the LEDs light up in different combinations depending on the configuration of the TAP speed. Once the TAP displays the desired or configured link speed via the LEDs, proper operation of the TAP is ensured.
• The front view of the TAP has ports and LEDs. The LLD LED detects a non-existent link on one of its network ports and shuts down the other network port in response. This state is indicated by the LLD LED lighting up. The SFP Network Ports and Status LEDs indicate different states, depending on the configuration of the TAP speed. The Power LEDs indicate power supply status, while the SFP Monitoring Port and Status LEDs indicate different states based on the configuration of the TAP speed. The Aggregation mode LED lights up if the Aggregation mode is activated instead of the standard Breakout mode.
• The TAP is available with a front panel for mobile use, as well as with mounting frames for permanent installation in the PRP-1U3 server cabinet mounting frame. The mounting frame provides space for three portable TAPs each. The TAP also supports power supply redundancy with up to 2 power supply units.
• The back view of the TAP has a DIP switch for LLD on/off, TAP mode, and speed. The TAP also has a connection for 12-48V DC voltage. The polarity at the DC connection does not matter since the TAP automatically detects the live line and passes the power
  supply to the TAP accordingly in the required form.

• Our SFP TAPs are decoupling elements for the secure and reliable tapping of network data in optical and copper-based networks. These TAPs are looped into the network line to be monitored and forward the entire data traffic without interruption and without packet loss, while maintaining data integrity.
• Using conventional SPAN ports, also known as mirror ports, on the other hand, can distort the result, as this copying process works in store-and-forward mode and, for example, discards FCS/CRC faulty packets on OSI layer 2 instead of providing these Ethernet frames to the security or monitoring tool.
• Our Network TAPs do not have a MAC or IP address, but work entirely on OSI Layer 1 and cannot be traced in the network without special and expensive measuring equipment. Hackers and at-tackers therefore have no chance. As the integrity of the outgoing data remains unaltered due to this tapping method, our Network TAPs are increasingly used in the areas of network forensics, security and monitoring.
• The great advantage of SFP TAPs is that they can be used extremely flexibly in different network types and for different media types due to the simple interchangeability of their SFP transceivers.
• Furthermore, SFP TAPs work like a data diode and the monitoring ports are physically isolated from the network ports, which prevents access to the network via the monitoring ports on the hardware side for security reasons. Therefore, our SFP TAPs guarantee a reliable network analysis or security investigation without compromise.
• To ensure the highest possible reliability, our SFP TAPs have redundant power supplies, but can also be additionally operated or fused with 12-48V DC voltage.
• PacketRaven SFP Network TAPs are designed as portable TAPs, but can also be installed in a 19“ mounting frame in data centres using a mounting kit and support network speeds of 100M and 1G.
• With PacketRaven Network TAPs you get permanent network access without risk and provide e.g. your monitoring tools with 100% reliable network data – without introducing a single point of failure.

More Highlights

• Supports 100Base-FX, 100Base-TX, 1000Base-T, 1000Base-LX, 1000Base-SX and 1000Base-ZX
• Plug-n-Play, no complex configuration necessary
• Data diode function, does not allow access to the network via the monitoring ports
• Very flexible thanks to exchangeable SFP transceivers
• Secure, rock-solid FPGA-based design
• Support for up to 16k jumbo frames
• Supports Breakout, Aggregation and Regeneration modes
• Mirrors 100% of traffic including FCS/CRC errored packets that may be discarded by discarded by SPANs
• Easy configuration via DIP switches
• Can be powered by redundant AC/DC power supplies (5V) or 12-48V DC
• Designed, assembled, certified and tested in Germany

Data Diode Function

• Data diodes ensure unidirectional communication and ensure that data traffic can only flow in one direction.
• Unidirectional network devices are typically used to ensure information security or the protection of critical digital systems, such as industrial control systems or production networks from cyber attacks.
• Our TAPs work like a diode and do not allow access to the network via the monitoring ports for security reasons.
• By adding this further layer of security, it is therefore not possible to compromise the network connection and the productive network.

Front View – Ports and LEDs

• (A) Link Loss Detection* (LLD) LED (see section 5.1): LLD detects a non-existent link on one of its network ports and shuts down the other network port in response.
  This state is indicated by the LLD LED lighting up.

• (B) SFP Network Ports and Status LEDs

• (see section 3.1)

• 2 Power LEDs for AC/DC 5V (see section 4.)
  It is possible to connect up to 2 power supply units to ensure power supply redundancy.

• SFP Monitoring Port and Status LEDs (see section 3.1)

• DC Power LED for 12-48V DC (see section 4.)
  If power is supplied via the 12-48V DC connection, this LED lights up.

• Aggregation mode LED (see section 5.2)
  If the Aggregation mode is activated instead of the standard Breakout mode, this LED lights up.

• LLD only works with transceivers that support the „Link Indicator on RX_LOS Pin“!

Front view – meaning of the port LED s

Depending on the configuration of the TAP speed (see section 5.3), the LEDs light up in different combinations.
It must be ensured that all devices connected to the NETWORK port are set to the same network speed when configuring the TAP speed. This is the only way to ensure smooth and transparent operation of the TAP.
As soon as the TAP displays the desired or configured link speed via the LEDs, proper operation of the TAP is ensured.

Front panel – mobile or mounting kit / mounting frame version

Our TAPs are available with a front panel for mobile use – as well as with mounting frames (-ERW versions) for permanent installation in our PRP-1U3 server cabinet mounting frame, which provides space for three of our portable TAPs each.

Of course, TAPs with mounting frames can also be used in mobile applications!

Back view

• (A) DIP switch for LLD on/off, TAP mode and speed (see section 5.)

• (B) Connection for 12-48V DC voltage
  The polarity at the DC connection does not matter, as the TAP automatically detects the live line and passes the power supply to the TAP accordingly in the required form!

• (C) Redundant connections for 2 AC/DC power supplies (5V)
  For reasons of compatibility and EMC protection, our TAPS may only be operated with the supplied pow-er supply units certified together with the TAP.
  If the TAP is nevertheless operated with power supplies other than those supplied, any warranty claim that was granted for the TAP will be voided!

Configuration by means of DIP switch

• As shown in the figure on the left, the first switch is used as the LLD on/off switch, the second and third are used to select the operating mode, and the fourth and fifth are used to select the speed.

• The switches numbered 6, 7 and 8 are ignored and left for future use.

• The desired configuration should be set before plugging in the power cable.

• If an invalid configuration has been selected, all LEDs on the unit light up and the relay switches are not acti-vated. In this case, switch off the unit and check the DIP switches.

• When changing the configuration by means of DIP switches, it is always necessary to perform a restart by disconnecting the power supply so that the new settings are activated!

Link Loss Detection (LLD)

Link Loss Detection is a function that checks whether the link has failed on either Network port A or Net-work port B. If the link has failed on Network port A when LLD is activated, the TAP also shuts down the link on Network port B, and vice versa.
When the LLD function is selected (switch 1), the configuration is as follows:

• Activate LLD: Switch value 1
• Deactivate LLD: Switch value 0

Operating mode configuration

When selecting the operating mode (switches 2 & 3), the configuration is as follows:

• Breakout: Each Ethernet packet transmitted via the network line is mirrored separately in this mode while maintaining data integrity in the TAP. The send and receive directions are output separately on the two monitoring ports so that the network traffic can be analysed per data direction in this case. Another great advantage of the Breakout mode is the visibility of the network traffic even with a fully loaded network connection. In this mode, the set network speed is transferred to the monitoring ports.
  For example, if the TAP is configured for 100Base-FX, then both monitoring ports will also communicate on 100Base-FX. Switch value 00

• Aggregation: In this mode, the data streams are bundled and output aggregated on both of the monitoring ports. This allows you to evaluate the network data of a full duplex line simul-taneously with a single network interface on your analyzer. Due to the aggregation in hard-ware (FPGA), faulty packet sequences during recording are a thing of the past in this mode. For example, you can analyse the entire data traffic aggregated in 100Base-Tx lines without loss.
  The monitoring ports will boot the link with 100Base-FX, 100Base-TX, 1000Base-T, LX, SX or ZX depending on which speed or speed combination (see section 5.3) is selected for the aggre-gation mode. Switch value 01

• Regeneration: Regeneration is used to capture 100% full duplex traffic that can be sent to multiple monitoring devices (up to 3 in this case) for analysis of your network. In this mode, the network speed settings are synchronised as in Breakout mode and the setting on the DIP switch is applied to all ports. Switch value 10

Speed configuration

In Breakout and Regeneration mode monitoring speed must be the same as networking port speed. In 100Mbit Breakout mode all SFP-s should support either 100Base-T or 100Base-FX, mixing those SFPs is also supported. In Aggregation mode with 100Mbit passthrough it´s possible to have monitoring in either 100Mbit or 1000Mbit mode. Where in 100Mbit mode there is no packet loss even with 100% speed utilization on networking ports.
The following constellation results for the speed selection (switches 4 & 5):

SFP Transceiver

The NEOXPacketRaven SFP TAP basically supports all MSA-compliant SFP transceivers. Please note that the TAP may have to be restarted after replacing a transceiver!
A list of transceivers that have been explicitly tested can be found at:
https://www.neox-networks.com/sfp-tap-transceiver-en
The transceivers offered by NEOX can be found in this QUG on the last page.

Technical specifications

SFP NETWORK TAPS

Dimensions:| 10.60 cm x 3.50 cm x 16.40 cm| Storage temperature:| -40° to 70°C
Weight:| 460g| Operating temperature:| 0° to 40°C
Consumption:| max. 3 Watt at 5V/0.6A| Certifications:| CE, FCC, RoHS, WEEE, EN55032 KL. A/B, EN55035, EN61000-3-2, EN61000-3-3, EN61000-6-2

POWER SUPPLIES

Input voltage:| 110V-240V AC 50-60Hz| Power:| max. 10 Watt
Output voltage:| 5V DC| Power plug:| with interchangeable plug head
Output current:| 2A| 5V Cable| with ferrite ring
 | 5V Connector| –  Screwable hollow plug

–  5.5 mm outer diameter

–  2.1 mm inner diameter

Item numbers – TAPs & Accessories

of up to 100 m
NX-SFP-FX-100M| 100Base-FX SFP transceiver, Multimode, 1310nm, supports connection lengths of up to 2 km
NX-SFP-SX-1G| 1000Base-SX SFP transceiver, Multimode, 850nm, supports connection lengths of up to 550 m
NX-SFP-LX10-1G| 1000Base-LX SFP transceiver, Singlemode, 1310nm, supports connection lengths of up to 10 km
NX-SFP-LX20-1G| 1000Base-LX SFP transceiver, Singlemode, 1310nm, supports connection lengths of up to 20 km
NX-SFP-LX40-1G| 1000Base-LX SFP transceiver, Singlemode, 1310nm, supports connection lengths of up to 40 km
NX-SFP-ZX80-1G| 1000Base-ZX SFP transceiver, Singlemode, 1550nm, supports connection lengths of up to 80 km
NX-SFP-ZX120-1G| 1000Base-ZX SFP transceiver, Singlemode, 1550nm, supports connection lengths of up to 120 km
NX-SFP-ZX160-1G| 1000Base-ZX SFP transceiver, Singlemode, 1550nm, supports connection lengths of up to 160 km

NEOX NETWORKS GmbH
Monzastr. 4 · D-63225 Langen · Germany
+49 6103 / 37 215 910
solutions@neox-networks.com · www.neox- networks.com

References

• NEOX NETWORKS - Solution Provider für Netzwerk-Monitoring & -Security Lösungen
• PacketRaven SFP TAP - Offizially supported SFP Transceiver

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>