<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Bypass vs Failsafe: What's the Difference?

December 20, 2018

bypass tap failsafe network garland technology

Computer networking terminology can become overly fickle once vendor products get into the mix. To help alleviate some confusion, we’re going to go over some common terms that often throw customers for a loop and hopefully clear up some misunderstandings about our Network TAPs.

“Bypass” vs “Failsafe"

We often see the term “Bypass” used to define the TAP’s ability keep the network link up and running if the Network TAP stops working. Now, the rationale behind this understanding of the term makes sense: If the TAP goes down, the network link bypasses the TAP, causing the TAP to Fail Open and the network to continue functioning. At Garland Technology, we take what causes the need to fail open into context and provided a fitting name: Failsafe.


Failsafe

If a Network TAP ever needs to fail open, it’s because the TAP experienced a significant failure. If the situation arises where a TAP fails, we want to make sure that the TAP does so as gracefully and safely as possible. Hence, “Failsafe”.

Download Now: 3 Keys to Network Resiliency - A Security Engineer's Go-to Guide to Avoiding Network Downtime [Free whitepaper]



Garland Technology also makes an Inline Network TAP called the “Bypass TAP.

Modes-Bypass1

This type of TAP sits on a network link just like a normal TAP, but instead of sending copies of traffic to an out-of-band tool, it redirects the production traffic over to an appliance that is physically placed out-of-band, logically bringing it in line with the production network.



The Bypass TAP provides additional functionality: the redirected traffic has heartbeats added to it, allowing the Bypass TAP to be aware of the health of the inline appliance. If the inline tool fails or becomes unresponsive for any reason, the Bypass TAP Bypasses the failed tool by allowing the production network traffic to flow through the TAP without being redirected toward the now unresponsive appliance. This process effectively removes points of failures from the production network, increasing network resiliency.

If something causes the Bypass TAP to fail, it will still Failsafe, keeping the network up and running.

While all our TAPs have failsafe, only the Bypass TAP will bypass failed inline tools. Garland Technology focuses on network uptime, ensuring that if a failure should occur, it will have the least amount of impact to the production network as possible. When looking to add inline tools or visibility to your network, being aware of terminology like this is an important step in making sure you’re network monitoring solution is the correct one.

Looking to add a bypass solution to your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

New call-to-action

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES