<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

A Bypass Network TAP That Multitasks

February 28, 2014

bypass network TAPs multitasks garland technology

In our last bog, I hinted about a network TAP that could not only be connected to an inline appliance without introducing a point of failure, but also be connected to one or two network analyzer tools or provide a High Availability (HA) scenario for the inline appliance to provide protection to your critical link.

Well, today we are going to introduce you to the integrated 8 port inline network TAP.

I borrowed Figure 1 from our last blog on Bypass TAPs as a place to start my discussion.

Bypass TAP in In-Line Mode
Figure 1: Bypass TAP in In-Line Mode

The network TAP we will discuss today can do all the things that our inline Bypass TAP can do, also referred to as a "bypass switch."

It can provide access to an inline appliance without introducing a point of failure, as well be used as a Breakout TAP or an Aggregating TAP. Unfortunately, it can’t be a bypass TAP and a Breakout TAP at the same time. The only way to see the traffic in the critical link would be to:

  1. Disconnect the inline appliance (not a good option), or
  2. Add a Breakout TAP to the link, which is a better option because once you install the second TAP, you do not need to take the link down again.

Download Now: Network TAPs 101 - The Networking User Guide [Free eBook]

It is not the best solution because it does introduce a tiny bit more latency into the link. That’s where the INT1G8 integrated TAP enters the scene. It does away with the latency that option B introduces because the link does not have to be tapped a second time and still maintains the FailSafe that is required in case the network TAP should lose power.

Figure 2: Integrated Bypass TAP basic function, the In-Line Mode
Figure 2: Integrated Bypass TAP basic function, the In-Line Mode

Figure 2 shows that the INT8 provides the same functionality of the Bypass TAP that you see in Figure 1. But, as you can see, there are a few ports that are not needed to provide the functionality of the Bypass TAP in Figure 1. It is those few ports that provide a whole new set of solutions to safeguard your critical links that were not available until the introduction of the INT8.

 

Bypass TAP with High Availability Appliances
Figure 3: Bypass TAP with High Availability Appliances

The scenario in Figure 3 adds a second inline appliance to provide backup to the active inline appliance. If appliance A (active appliance) needs to be taken offline for software upgrades, the TAP will automatically switch over to appliance B to keep monitoring the critical network. If appliance B should lose power, while appliance A is still offline, the appliance is bypassed and the critical link is maintained. But there are still a couple more ports available. These ports can be used to attach a network analyzer or deep capture engine to provide even more visibility into the Critical Link.

Bypass TAP in HA Network with HA In-Line Appliances
Figure 4: Bypass TAP in HA Network with HA In-Line Appliances

Another Scenario using the INT8 is in a HA network with HA appliances. If Appliance A is taken off-line on the primary side, the TAP will switch over to Appliance B. Should the Primary Network fail, the Primary Network will failover to the Secondary side, where it will still rout traffic to In-Line Appliance A. As it was on the Primary side, if Appliance A is taken off line, the secondary TAP will switch over to the In-Line Appliance B. I like to call this the Bullet Proof Solution.

Notice in each figure, ports G and H are available. These ports can be used as breakout TAP monitor ports to a diagnostic tool or as two aggregated monitor ports out to two diagnostic tools. If you only need a single Bypass operation, then ports E and F are also available to become monitoring ports for yet another diagnostic tool.

So if you need a Bypass TAP that can multitask, or any of the network TAPs that were covered in this series, talk to us. I’m sure we can find a way to solve your network access problems. And don’t forget, we do all this without introducing a “Point of Failure.”

16 Quick Features of the INT1G8 TAPs:

  1. TAP once, connect up to 4 Analyzers
  2. Stateful high availability hardware solution
  3. Critical links always protected from your inline devices
  4. Adds double coverage on your Active and Secondary links
  5. Two (2) extra monitoring ports for analysis tools
  6. Inline appliances do not affect critical link
  7. Supports Aggregation, Bypass, & Regeneration Modes
  8. Passes Physical Layer Errors
  9. TAPs data before passing in-line appliances
  10. Supports Jumbo Frames
  11. Serial Management Port
  12. Supports Copper 100/1000Base-TX
  13. Supports Multi-mode Fiber 1Gigabit-SX
  14. Supports Single Mode Fiber 1Gigabit-LX
  15. Fiber to Copper Conversion
  16. 100% Network Uptime

Looking to add a bypass solution to your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

Network TAPS 101 Basics for IT Security engineers

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES