SCENARIO
Along with increased security threats and tighter regulatory compliance requirements, today’s networks are delivering more services and carrying greater amounts of multi-protocol traffic at higher data rates. Monitoring and security tools need to be deployed inline to inspect every packet and block incoming threats before they affect the network and potentially disrupt business.
Deployment of any inline tool in the network carries the risk of the tool becoming a point of failure. Should the inline tool become unavailable, it can bring the network link down, making a critical segment of the network unavailable and affecting uptime. To avoid this risk, customers need a fail-safe solution that can protect the network from tool failures while allowing inline tools to protect the network from incoming threats.
A bypass switch is a specialized network device that provides fail-safe inline tool protection for security and monitoring devices. It uses a heartbeat packet to protect the network link from application, link, or power failure on the attached monitoring device.
Specialized packet brokers can then take this inline traffic and filter it at line rate to groom the data quickly and efficiently for the specific inline tools being deployed (IDS, IPS, threat prevention, etc.).
Key benefits of packets brokers used in this scenario include:
• provides highly available active-active inline security.
• tool-sharing reduces costs by allowing multiple departments in an organization to use the same monitoring tool to monitor multiple links throughout the organization.
• filtering increases efficiency and maximizes tool use by sending each tool only the traffic it needs
IXIA SOLUTIONS
Ixia offers many solutions for inline security as part of an inline security architecture, including both bypass switches and packet brokers. For bypass switches, this includes a combination of copper or optical interfaces and a range of different network speeds.
The iBypass switch continuously checks the responsiveness of the inline tool by sending it heartbeat packets, expecting to receive those packets back. It augments network monitoring capability through the use of microsecond resolution heartbeat packets, SNMP traps, field-upgradeable software, and an easy-touse Web-based user interface. If the iBypass switch detects that the tool is not responding, it will bypass the inline tool, allowing network traffic to flow without interruption. Should that happen, the iBypass switch issues an alert to indicate that the tool became unavailable, allowing network or security personnel to take appropriate actions.
The iBypass switch continues to send heartbeat packets to the inline tool even after the tool stopped responding. As soon as the tool becomes operational again, the iBypass reroutes traffic back through the tool to ensure that the tool is continuing to monitor and protect the network.
Vision ONE, Vision E100, Vision E40, and Vision X are NPBs used for monitoring high-speed network traffic, letting you share the network’s rapidly increasing traffic load among multiple tools. The need to record and inspect all traffic on high-volume 10G and 40G networks puts pressure on organizations to invest heavily in new 10G and 40G tools or risk oversubscribing their current tools. These solutions enable the deployment of multiple tools in parallel, with traffic balanced between them that allows you to use inline tools more efficiently. The solution also offers a comprehensive set of HA features that are critical for fail-safe inline security tool deployment.
