Designing complete network visibility solutions takes more than just Network TAPs and Network Packet Brokers at key points in the access and aggregation layers of the network. With network security being more important than ever before, today’s network visibility fabrics also must supply traffic to inline security tools such as a next-gen firewall, WAF, or IPS to protect critical parts of the network.
In order to get production network traffic to inline security tools, the network visibility fabric must make use of bypass technology. Unlike SPAN ports, Bypass TAPs provide complete network visibility by passing all live wire data to the active, inline security tools, while monitoring the health of the appliance. According to the researchers at EMA, inline security tools are the most popular analysis tool connected to a visibility fabric. 55% of enterprises have firewalls connected to their fabrics, 50% have WAFs connected, and 50% also have data loss prevention systems (DLP) connected to their network visibility fabrics.
Depending on the network size and design, there are two different methods to using bypass technology as part of the network visibility fabric: at the access layer in bypass TAPs or at the aggregation/core layer by using hybrid NPBs with inline capabilities.
Using Bypass TAPs at the Access Layer
The Bypass TAP was specifically designed to resolve the problem of an inline security appliance introducing a point of failure in the network. By placing the Bypass TAP inline, traffic flows to the security tool where it can be inspected and acted on if necessary. Once the security tools have inspected the data, allowable traffic then flows back through the bypass TAPs before returning to the production network. If your security tool goes off-line for any reason, the bypass TAP, like Garland Technology’s EdgeSafe™: Bypass TAPs automatically switches to bypass mode, keeping your network link up while you resolve the issue.
Hybrid NPB with Inline Capabilities
Networks with higher speeds or more links at the aggregation or core layers can make use of hybrid Network Packet Brokers with inline capabilities, like Garland Technology’s EdgeLens® for complete management of the edge of the network. A benefit to using the hybrid NPB approach is that the same traffic that’s being sent through the inline security tools, can also be sent to out-of-band monitoring tools for analysis via the additional ports on the hybrid NPB.
While failure of the tools and appliances in a network visibility fabric is something that you want to minimize the risk of actually happening; when you’re talking about the bypass technology either in bypass TAPs, bypass switches, or hybrid NPBs, reliable functionality is critical. The use of these tools in your network visibility fabric does inherently create a point of failure, since they are inline, rather than out-of-band. If the security tool fails for any reason, traffic must be able to continue flowing, unless corporate security policies prevent traffic to pass uninspected. In some network visibility fabrics, a bypass device may be configured in a high availability scenario, where traffic is forwarded to an alternative security system if the primary solution fails, creating additional redundancy and ensuring that your network protected at all times.
[If you’re interested in learning more about the principles behind a well-designed network visibility fabric, download Garland’s latest whitepaper from the analysts at EMA: Best Practices for Building a Network Visibility Fabric.]