Heartbeat bypass forced bypass on, Tap mode during bypass, Bypass on – Net Optics iBypass HD User Manual

Page 9

Advertising
background image

5

iBypass HD

Heartbeat Bypass
The bypass switch protects against both physical link failure and application failure on the IPS. The bypass switch

checks the path through the IPS by sending a packet at a predetermined rate—for example, once every second—to the

IPS from monitor port 1. When the bypass switch receives the packet on monitor port 2, having passed through the IPS,

it knows the path is valid. If the bypass switch does not receive the packet as expected, three times in a row, the bypass

switch automatically enters Bypass On mode. The switch continues to send Heartbeat packets, and it returns to Bypass

Off mode when it receives a Heartbeat packet on monitor port 2.

The contents of the Heartbeat packet, the interval at which it is sent, and the number of retries that trigger Bypass On

are configurable through the CLI. Another option enables Heartbeat packets to be sent in both directions, from port 1 to

port 2, and from port 2 to port 1.

Forced Bypass On
A command can be issued over the management interface to force a bypass switch into Bypass On mode. For example,

the CLI command switch set sw=1 mode=bp_on forces switch 1 into Bypass On mode. This feature is useful if you

want to manually take the IPS offline at any time.

Tap Mode During Bypass

When a bypass switch is in Bypass On mode, it operates as a normal network Tap by copying the traffic received at

network port A to monitor port 1, and traffic received at network port B to monitor port 2. This function enables the

attached device to monitor network traffic out-of-band, for instance, to baseline the system prior to putting the device

in-line. The only difference from a normal network Tap is that Heartbeat packets continue to be transmitted (if the

Switch is not in Manual Bypass mode) in order to detect when the monitoring tool comes back online. If desired,

passing of traffic during Bypass On mode can be disabled through the CLI.

Note: __________________________________________________________________________________________________

When using the bypass switch as a network Tap, be sure to set the Bypass Detect Feature to "OFF" so the ports remain

on constantly.

________________________________________________________________________________________________________

IPS

Bypass On

Traffic bypasses the IPS

Traffic is also copied
to the monitor ports

Figure 4: Bypass On mode showing Tap mointoring traffic

Advertising
Popular Brands
Popular manuals