Expert Commentary on SPAN and RSPAN Weaknesses
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL2Z5-ZF25Twq_p3ez7aZ8HqO33jKfPSF9KArVetmokfBiVQmhYM9FvVX5U6DM3FE-S2GS6vPmrQxEg5JW8ywj5DdROLPLKag_t28SygaVf1i-GmTmBMx6MF2Kyrxgi6GAyx3b/s400/lovemytool_logo.gif)
Both of these were written by Tim O'Neill, an independent consultant.
This is the simplest way for me to compare SPAN ports to taps: a SPAN port is a girlfriend, but a tap is a wife. It takes a real level of institutional commitment to install a tap, and the rewards are long-lasting. A SPAN port is a temporary fling subject to break-up (i.e., deactivation).
Furthermore, I really liked the blog post's emphasis on SPAN configuration as a change that must be allowed by the change control board in any semi-mature IT shop. The only CCB action needed for a tap is the initial installation. Any change to a SPAN port configuration should be authorized by the CCB. This is one of the reasons why very mature (and well-funded) IT shops use matrix switches for on-demand visibility, as a mentioned last year in Notes on Net Optics Think Tank.
Comments