As a network professional, you rely on your instrumentation tools to maintain network security, performance and availability. To achieve these goals, organizations use Intrusion Prevention Systems (IPS) that monitor and actively intervene they detect malicious traffic and threats.

Manage Network Downtime and Points of Failure when Deploying Inline Tools

When deploying inline IPS or IDS monitoring tools, it is important to understand how they may introduce a potential failure point in your network. If the device needs to be taken offline at any time for scheduled or unscheduled maintenance; or if it loses power or becomes non-responsive due to oversubscription or excessive load, the network link will be broken and network traffic will cease to flow. IPSs are designed for maximum reliability, with features such as redundant configurability, link down synchronization, and hardware watchdogs. However, any internal fail-open capability is susceptible to the failure of the IPS device itself. Utilizing a Net Optics Bypass Switch provides an external and independent solution to maintain network uptime.

How Does an External Bypass Switch Failover Operation Work?

In normal operation, the bypass switch routes all network traffic through the IPS, and the IPS then performs its inspection and filtering function. The bypass switch, however, has the ability to take the IPS out of the traffic flow and send traffic directly through the network link.

One scenario in which the bypass switch would take the IPS out of the flow of traffic is if the IPS loses power and cannot process network traffic. The Bypass Switch monitors the links between its ports and the IPS using power loss detection, link loss detection, and Heartbeat packets. If a link is dropped, the switch immediately enters “bypass on” mode, which takes the IPS out of the traffic flow and enables traffic to move unimpeded through the network link.

Another event that will trigger the “bypass on” mode is when the Bypass Switch remains powered and the links to the IPS remain up, but network traffic sent to the IPS does not return to the Bypass Switch. This condition might occur when traffic exceeds the capacity of the IPS; it is indicated by increases in latency. To detect this condition, the Bypass Switch periodically sends small Heartbeat Packets through the IPS to confirm that it is operational. If the packet does not arrive, the Bypass Switch assumes the IPS is having a problem and will either fail-open or fail-closed, based on your selected configuration.

Thanks to Net Optics for the article.