As the Internet has become much more prevalent in our day-to-day lives, the need for constant, reliable internet connectivity is evermore critical. Organizations such as hospitals, department stores, high-speed trading and banking establishments cannot tolerate even a few minutes of network downtime without having a possible negative effect on their business. Luckily, companies can utilize a network bypass switch as part of their network infrastructure to ensure the network has maximum uptime.
A Network Bypass Switch is a hardware device, typically in a 1U form factor, which provides fail-over or fail-safe capabilities for an inline networking appliance. In this article, we will provide an overview of the functionality and use cases for the network bypass, while focusing mainly on the Intelligent Network Bypass product category.
Read more about:
- Bypass Application
- Passive Bypass Switch
- Active Bypass Switch
Bypass Application
Inline network appliances are appliances that are located in the path of the main network link and all network traffic will pass through the appliance. These networking appliances can provide functionality and services in the areas of security, monitoring, traffic policing, content cashing, and content inspection, and address applications like intrusion prevention systems (IPS), data loss prevention (DLP), content delivery, WAN optimization, deep packet inspection (DPI), and unified threat management. Inline networking appliances are single points of failure in computer networks, which means that if the appliance loses power, experiences system hang-ups or software failure, or is removed from the network, traffic cannot flow through the network link. The network bypass switch eliminates this point of failure by automatically bypassing traffic around the network appliance whenever the appliance is incapable of processing or passing the traffic.
Passive Bypass vs Active Bypass:
Bypass functionality can be embedded in the inline appliance or the functionality can be contained externally. When the bypass is embedded inside the appliance, it is called a bypass network interface card (NIC) and the bypass functionality is controlled by the host CPU. When placed outside the network appliance as an independent network device, it acts as an external bypass and it is called a bypass switch. The external bypass comes in two main flavors, the passive bypass switch and the active bypass switch.
The passive bypass automatically switches the network traffic when an attached inline device has a power failure, which preserves network connectivity. On the other hand, the intelligent active bypass is a standalone, managed appliance that senses the health and behavior of the inline appliance and fails to wire (allowing the two sides of the network to talk directly to each other through the bypass switch) depending on its setup and configuration.
Figure 1: 100G Inline Device — Normal Operation
Active Bypass Switch
A bypass switch consists of single or multiple bypass network segments where each segment consists of four ports. Two network ports create an inline connection to the network link that is set to be monitored. This connection is the critical path that is being protected in active bypass or passive bypass mode. If the bypass switch receives power, the traffic will be handled by the device in active bypass mode, whereas if the bypass switch itself loses power, the passive bypass component will take action and network traffic will continue to flow without interruption.
The other two appliance ports are used to connect the inline monitoring appliance to the network link. During normal operation, the bypass switch passes all network traffic from one side of the network through the inline appliance, back to the bypass switch, and out to the other side of the network. The network bypass switch then generates heartbeats (HB) via the two appliance ports to monitor the health of the inline appliance. As long as the HBs are returned, the traffic will continue to flow through the inline appliance for inspection. In case the HB is not received back by the bypass switch, or in the event that the inline appliance loses power, is disconnected, or otherwise fails, the bypass switch will pass the traffic directly between its network ports, bypassing the appliance, and ensuring that traffic continues to flow on the network link. The action of switching to bypass mode and enabling the connectivity of traffic flow is called “Fail Open”.
The two network ports in a bypass switch create a fully passive inline connection that maintains traffic flow even in the absence of power. For fiber links, a normally closed optical switch creates a path for light to flow unimpeded through the device when power is absent. For copper links, micro-relays connect the two ports when power is absent.
Multi-segment network bypass switches provide multiple independent bypass segments in a single chassis, offering higher density in the equipment rack. The highest-density bypass switch available today supports up to 16 segments of 10G. This high-density bypass switch consists of a common switch fabric that allows the network segments to access all the appliance ports, therefore enabling be session-based load balancing of asymmetric traffic.
Figure 2: 100G Inline Device — Bypass Mode
Active Bypass Switches can be managed through a number of interfaces, such as a command-line interface (CLI), a Web browser-based interface, or a platform-based Simple Network Management Protocol (SNMP) tool*. The following management functions are available:
- Setting the segment operation mode
- Setting the bypass criteria
- Setting and configuring the heartbeat packet, heartbeat frequency and policy
- Configuring SNMP and Syslog for traps and logs
- Configuring TACACS+ and Radius for authentication
- Configuring NTP
- Configuring e-mail notification
- Retrieving RMON statistics* and setting hearbeat packet parameters, such as packet contents, timing, and retry counts
Summary
External Network Bypass provides the following features and benefits:
- Plug-and-Play installation; no software development is required
- Remote control capabilities and Web management
- Keeps network traffic flowing when an inline appliance fails
- Rremoval of inline appliances for servicing without impacting network traffic
- Ensures high reliability and maximum network uptime
*some of the Niagara Bypass Systems, contact us for more information