Why integrated bypass switches should not be used within an NPB for inline deployments?
"Who will guard the guards?"
It's a very valid question in situations where bypass switches 'protect' Network Packet Brokers (NPBs). In many inline applications, NPBs are used to load balance or pass traffic through to downstream security tools. In such cases, bypass switches are used to protect the NPB (or security tools).
The NPB can be switched out of the inline flow of network data for many reasons:
· upgrading of the NPB (or security tool)
· software or scheduled maintenance,
· or even to configure and deploy new security appliances
There are two main ways that bypass switches can be deployed:
As independent, stand-alone appliances - KEYSIGHT, a leading provider of visibility solutions, belives that the separation of bypass switches and NPBs is the better and more robust solution for complex network architectures.
As integrated by pass option - Keysight does not provide the integrated bypass option. Customers sometimes ask why Keysight does not provide integrated bypass switches with NPBs? The answer is simple – it's not a sound failsafe architecture for providing true bypass capabilities. In fact, in certain use cases it can be positively dangerous.
Let's discuss the three key use cases why integrated bypass switches should not be used within an NPB for inline deployments:
Use case #1 - Imagine a situation where an NPB has 48 individual 10G connections connected to a single NPB and 2 x 40G links are being used to provide the network traffic. Let's now assume the NPB has a hardware failure. In the event of a complete hardware failure most integrated bypass switches will switch to bypass mode and bypass the failed NPB. Now what? How is the failed NPB with the integrated bypass to be replaced? A major benefit of having a separate bypass switch is to allow you to replace the security device (be it a NPB or other tool) without bringing down the network. With an integrated bypass switch its just not possible (this argument also applies to using built-in bypass switches within a firewall/IPS as well) to swap out the NPB without disrupting live network traffic. You also must be careful to not disturb any of the live network links when performing maintenance on the NPB. Removing the 48 x 10G cables whilst a Bypass module is 'suspended' in thin air is not a professional approach in this scenario. A bypass switch is an excellent solution that keeps traffic flowing, for failsafe implementation of inline security tools. The White paper External Bypass Switches: A Better Inline Security Tool examines the value of an external bypass switch, over and above that of an internal bypass switch. Bypass switches improve the overall solution reliability, increase application availability, provide better instrumentation, and add the convenience and cost savings of remote monitoring and control.
Now where is that live network connection among the NPB ports?
Use case #2 - With built-in bypass switches, the management interface is common between the NPB and the bypass switch the can become a major single point of failure. What happens if the NPB management interface 'freezes"? You may wish to switch the NPB out of the circuit while further diagnostic work is undertaken. How do you do this? It's the same management interface used for both the bypass and the NPB. The two devices should be independent, but they are not.
Well it's a good thing I have one management I/F for the Bypass and one for the device it's protecting!
Use case #3 – Around 75% of all bypass deployments do not involve NPBs. NPBs are great for large complex environments, but in many deployments, they are "overkill." Vendors including bypass switches that are built-in with an NPB are "forcing" customers to adopt overly complex expensive solutions in all network locations. This is inefficient and a waste of scarce resources and budgets. Stand-alone bypass switches often cost one third or even less the price of an integrated NPB/bypass switch solution.
Let's optimize the costs of providing bypass capabilities. Why have a NPB when it's not needed?
SUMMARY
When a network monitoring device such as an Intrusion Protection Solution (IPS) is deployed inline in a network, it is vital to ensure that traffic continues to flow in all circumstances, even if the IPS loses power, so that mission-critical business applications remain available. Bypass Switches are in-line devices that provide fail-safe protection for in-line security and monitoring devices, such as an intrusion prevention system (IPS), web application firewalls (WAFs), and many others. Keysight offers a wide array of iBypass switch products to support user requirements for high availability, failure modes, speeds, and different media types.
- |
- +1 赞 0
- 收藏
- 评论 0
本文由翊翊所思转载自Keysight,原文标题为:Bypass Switches - "Quis custodiet ipsos custodes?",本站所有转载文章系出于传递更多信息之目的,且明确注明来源,不希望被转载的媒体或个人可与我们联系,我们将立即进行删除处理。
相关研发服务和供应服务
相关推荐
What Can You Do to Strengthen Your Network?
This blog suggested a simple 3-point plan that can strengthen your network, Keysight offers many solutions that could be beneficial.
How Can I Reduce Network Security Risk – Part 2
This blog Keysight examines step 2 of reducing network security risk. Step 2 is about finding intrusions on your network and quickly remediating those issues.
Keysight(是德科技)网络可视化产品选型指南
目录- Network Visibility Products Introduction Network Packet Brokers Bypass Switche Network Taps Cloud Visibility Visibility Central Management
型号- VISION EDGE OS,VISION 400,VISION EDGE 1S,VISION EDGE 10S,VISION EDGE 100,IBYPASS 100G,VISION 7816,VISION EDGE 40,VISION X,VISION ONE,VISION E400S,IBYPASS VHD,IBYPASS DUO,TRADEVISION,IBYPASS 4 COPPER
Keysight‘s Taps, Bypass Switches, And NPBs Can Help Find Your Security Vulnerability Before Hackers
Keysight Technologies has taps, bypass switches, and NPBs provide the visibility and confidence you need that you are seeing EVERYTHING in your network. They can find your security vulnerability before hackers find it for you.
TAPS快速参考指南
描述- 本资料为网络测试设备Ixia的快速参考指南,主要介绍了网络测试中的网络分路器(Taps)和旁路开关(Bypass Switches)。网络分路器提供对网络流量的永久访问,而旁路开关则在工具故障时提供安全保护,自动重定向网络流量。资料详细列出了不同型号的分路器和旁路开关的规格、性能参数和订购信息,并提供了相关链接以便用户获取更多信息。
型号- 705-0014-001,IBPDUO-1X10-LR,TP-100-LR-85-60,IBP-8000,DUO-PWRAC,TPX-10-SR-50-60,TPVHD-100-LR-85-50,TP-PSM4-85-70-MTP,TP-1-SX-50-50,TPPCH-100-LR-85-70,TP-1-SX-50-90,IBP100G-DCPS,IBPVHD-CH-DC,RK-FLEX-ID-24,TPPCH-10-SR-50-70,DBM-250,TPVHD-10-SR-50-50,TPX-40-SR-50-50-MTP,IBPVHD-PWR-DC,MIBP100G-LR4,IBPDUO-1X10-SR,705-0012-0001,705-0012-001,DBM-100,RK-8V2-BPL,DUO10G-VHD-FAN-ASSY,TPVHD-100-LR-85-60,DBM-300,TPX-10-SR-50-50,I2BP-40G-SR-50-Q,TPX-40-SR-50-70-MTP,TP-1-SX-50-80,IBP100G-CH-AC,TP-100-LR-85-70,TPVHD-10-SR-50-60,TPX-40-SR-50-50-BD,IBPVHD-PWR-AC,RK-FLEX-24,IM-21-BYP,TPX-10-SR-50-80,TPPCH-100-LR-85-50,IBPDUO-2X10-SR,TP-1-SX-50-70,TPVHD-100-LR-85-70,IBP100G-CH-DC,LIC-IM-21-AR,TPPCH-10-SR-50-50,TPX-100-SR-50-50-MTP,TP-100-LR-85-80,TPVHD-10-SR-50-70,IBP-8000-DC,IBPDUO-2X10-LR,RK-8V2,TP-100-LR-85-50,TP-40-SR-50-70-MR4,RK-FLEX-8,IBP100G-ACPS,TPS-100-LR-85-50,TPX-10-SR-50-70,MIBP100G-SR4,TP-1-SX-50-60,IM-21-BATT,DBM-200,MTP-SM-Y- CBL,IBP100G-FAN-ASSY,TP-100-LR-85-90,IBPVHD-CHONLY-AC,TPX-100-SR-50-70-MTP,IBPVHD-CH-AC
Keysight机电旁路交换机产品介绍
描述- Keysight Technologies公司提供的电磁机械旁路开关在信号路由、开关矩阵和ATE系统中提供可靠的切换功能。这些开关在40 GHz频率下保证小于0.03 dB的插入损耗重复性,寿命长达1000万次循环(典型值为1000万次),在67 GHz频率下隔离度通常大于70 dB,适用于DC至67 GHz的频率范围。
型号- N1812UL,N1811TL,8763B,8764C,8763C,8764A,8763A,8764B
网络可见性产品目录
描述- 本资料介绍了Keysight Technologies提供的网络可见性产品,包括网络数据包交换机(NPBs)、旁路交换机和网络分线器。NPBs通过应用感知的流量过滤、解密和去重,提高安全和网络监控工具的效率。旁路交换机如iBypass确保网络可用性和维护便利性。网络分线器提供对网络流量的无编辑视图,是动态网络智能的基础。资料还介绍了Keysight的Ixia Fabric Controller Centralized Manager,用于管理网络可见性系统。
iBypass快速参考指南
描述- 本资料为iBypass系列跳线开关的快速参考指南,介绍了不同型号的产品特点。包括系统高度、最大单元数量、网络端口和监控端口数量、媒体转换、关键功能如内置Tap模式、心跳、高可用性工具模式、流量统计等。此外,还涵盖了管理功能、电源选项、关键部件编号等信息。
型号- IBP-8000-DC,IBPDUO-2X10-LR,IBPDUO-1X10-SR,IBPDUO-1X10-LR,IM-21-BYP,IBP-8000,DBM-100,IBPDUO-2X10-SR,DBM-300,DBM-200,IBPVHD-CH-DC,DBM-250,I2BP-40G-SR-50-QSFP,I3BP-CU3,IBPVHD-CH-AC
全球500强航空航天和安防公司
描述- 本案例研究基于2016年8月TechValidate对Ixia可见性解决方案客户的调查。一家全球500强的航空航天和国防公司采用了Ixia的解决方案,以解决网络诊断不足的挑战。公司利用Ixia的测试平台,包括PerfectStorm/FireStorm,以及网络Taps、Bypass Switches、网络数据包代理和应用威胁智能处理器等工具,实现了网络性能管理、安全监控和主动监控等功能。通过实施Ixia的可见性解决方案,公司达到了合规性要求,提高了整体安全态势,改善了网络和应用的可靠性和性能,并将监控或安全工具的流量负载减少了近40%。
从技术原理、显示效果、能耗和寿命四方面对比IPS屏幕和LED屏幕
IPS屏幕和LED屏幕是两种不同的技术。IPS屏幕是一种液晶显示技术,而LED屏幕是一种发光二极管(LED)背光技术。本文TOPPOWER从技术原理、显示效果、能耗和寿命四方面对二者进行了对比介绍。
IPS型号REACH合规性声明
描述- Delta Electronics, Inc. 的产品符合欧盟法规(EC)1907/2006 关于化学品注册、评估、授权和限制(REACH)的要求。声明中提到某些高度关注物质(SVHCs)存在于其产品中,浓度可能超过0.1%。此外,还列出了多个型号的产品及其化学成分和含量信息。
型号- DRS-24V100W1AZ,MEA-160A15C GAA,PMT-12V35W2BA,PMB-24V50W1AH,DRS-24V100W1AR,PMB-24V50W1AG,DRC-12V060W1RZ,PMB-24V50W1AA,DRC-12V30W1BZ,PJB-24V240WBNJ,LNV-36V320WAAA,DRF-24V480W1GTA,ADT-090A24AA F-A,MDS-100APS18 BA,LNE-36V100WDAA,DRR-40N,DRN-24V7AAEN,PJU-27V60WCBA,MDS-350AD701 AA,PJU-27V60WCBB,PJU-27V60WCBC,LNE-12V185WDAA,PMT-D2V100W1AAPZ,PMT-36V350W2BM,PJL-48V200WBAA,PMT-15V350W1AR,DRC-12V30W1AZ,PMT-15V350W1AK,PJ-5V50WLNA,PMT-12V35W2BG,PMT-36V350W2BR,PMR-5V320WCAA,MDS-100BPS15 BA,PJT-12V100WBAA,PMC-12V600W1BA,LNE-12V100WAAA,LNE-48V120WDAA,PMF-4V320WCGB,PMT-D2V75W2CA,DRL-24V480W1ENN,DRF-48V480W3GTA,DRS-24V30W1AZD,PJ-24V30WCNA,MDS-300ADB48 AB,PJ-5V30WCNA,DRL-48V480W1EN,LNE-36V150WACA,DRR-20A,PMC-12V600W1BY,PJ-12V150WBRA,PMC-12V100W1AA,ADT-060A15AB B-A,PJT-12V100WBBA,DRP048V480W1BN,PMR-12V320W1AT,PMT-12V100W1AA,MDS-060AAS19 B,PMT-12V350W2BRC,PMT-12V350W2BRB,LNE-24V150WDAA,MEU-650A24T AAA,PMC-12V100W1AH,PMC-12V100W1AJ,PJT-12V65WBAA,MEB-750A48B AAA,PMC-12V100W1AL,PMT-12V350W1ARZ,PJB-24V300WLNA,PJB-24V240WBRA,PML-24V150W1AA,PML-24V150W1AH,PML-24V150W1AG,MDS-300ADB48 AA,DRP048V480W1BA,LNE-12V185WDCA,PMT-12V350W1AK,PJB-24V300WLNJ,ADT-060A24AB BE,PJ-5V15WCNA,PMT-12V350W1AR,PMF-4V320WCGR,PJB-24V300WLNT,DRL-24V480W1ENA,PMT-12V100W1AH,PMT-12V100W1AG,DRP-24V100W1NN,MEP-120A15J BNA,ADT-120A19AA F-A,MDS-100APS28 BA,PJT-15V100WBBA,PMT-12V350W1ART,PMT-15V50W2BA,LNE-36V150WAAA,MEA-160A24C GAA,DRC-24V100W1AZT,LNE-36V320WABA,PJ-24V150WLRA,PMT-12V350W1ARBZ,PMT-30V100W2BA,PMT-5V50W1AAF,LNE-24V150WDCA,MDS-300ADB12 AA,DRL-12V240W1EN,PMT-D2V75W2BA,PMT-12V35W2BAW,PMT-12V35W2BAB,MEP-200B12J CNA,PJB-24V150WBNA,LNE-36V320WACA,PMR-24V1K5W1BTB,PMR-24V600W1BT,PMT-12V35W2BAE,PMT-12V35W2BAC,PJT-18V100WBBA,MDS-065APS15 BA,DRC-12V30W1AG,PMT-12V100W1DG,DRF-48V120W1GBA,PMT-12V100W1DA,ADT-060A15AA B-A,MEB-750A24B AAA,MDS-005AAS06 AR,PMT-12V35W1AAT,PMT-12V35W1AAA,DRR-40A,PMT-12V35W1AAB,PJ-12V30WBNA,PJ-12V150WBNA,PJT-18V100WBAA,PMB-24V35W1AG,LNE-54V150WDCA,PMB-24V35W1AH,PMB-24V35W1AA,LNE-36V100WDCA,MEA-065A12C 6-A,DRC-12V100W1AZT,PJB-24V240WBNC,PJB-24V240WBNA,PJT-15V100WBAA,DRL-48V240W1EN,MDS-300ADB24 AA,MDS-300ADB24 AB,MDS-090BAS24 A,PJ-12V100WCNA,DRL-24V480W1AAT,DRL-15V240W1EN,PMT-24V150W2AA,PJ-24V150WLNA,PMU-13V155WCCAB,PMT-15V35W2BA,LNE-48V185WDAA,PMS-24V750W1BTD,LNE-24V320WBBA,PJU-13V60WCAC,PJU-13V60WCAB,MDS-005BAS05 BR,PJU-13V60WCAA,DRF-48V480W1GTA,PMT-12V150W2CA,PMR-12V240W1AT,PMT-24V200W1AM,PMT-48V200W2BNJ,ADT-060A12AA E-A,DRL-48V75W1AZR,PMT-24V200W1AN,PMT-D1V100W1AGB,MDS-060BAS19 AB,ADT-150A24AA K-A,MDS-060BAS19 AA,PJT-27V150WBNA,LNE-54V185WDCA,LNE-36V600WBGA,PJ-24V100WBNA,DRF-12V120W1GBA,LNE-24V320WBAA,PJ-12V50WCNA,PJB-24V300WCRJ,MEP-120A24J BNA,PJ-24V100WBNN,MEP-200A12J BNA,PJB-24V300WCRT,PJB-24V150WBRA,PMT-D1V100W1AHB,PMT-36V100W2BA,PML-5V50W1AAF,PMT-36V200W2BM,DRP-24V480W1CBN,LNE-48V185WDCA,PMH-12V100WCLT,LNE-12V320WBCA,PMH-12V100WCLU,DRC-24V100W1RZ,PMH-12V100WCLS,PMH-12V100WCLV,PMC-27V150W2AJ,PJ-5V75WCNA,MDS-400AUS24 B,PMH-24V200WCBV,DRF-24V480W3GTA,PMT-12V150W2CAB,PMT-12V150W2CAC,DRC-24V10W1AZ,MDS-150AAS12 BA,MEA-065A24B A-A,PMH-24V200WCBH,LNE-24V120WACA,LNE-54V185WDAA,PMH-24V200WCBL,PJ-48V50WLNA,DRP-24V480W1CAN,PMC-05V035W1AA,PMH-24V200WCBJ,DRC-12V15W1BZ,PMT-12V50W2BG,MDS-150AAS24 FA,PMT-12V50W2BA,LNE-24V320WBCA,LNE-12V120WDAA,PMH-24V200WCBT,PMH-24V200WCBU,PMC-05V035W1AJ,PMH-24V200WCBS,LNE-12V320WBBA,DRC-24V10W1BZ,PMT-36V200W2BR,PMH-24V200WCBA,LNE-36V320WAAA,LNE-48V100WAAA,MEA-090A15B V-A,PJ-12V100WCRA,PJ-5V15WLNA,PMC-24V075W1AJ,PJU-27V60WLAB,PMT-D1V100W1AG,PJU-27V60WLAA,PMT-D1V100W1AH,LNE-48V120WDCA,PMT-D1V100W1AA,PMT-24V100W2AZ,MDS-030AAC15 ZC,LNE-24V320WDBA,DRL-24V120W1EN,PMT-24V100W2BA,MDS-030AAC12 BB,MEA-090A15C V-A,PMT-24V100W2BG,MDS-030AAC24 AA,PMT-48V200W2BM,LNE-12V320WBAA,ADT-060A12AA C-A,MDS-030AAC15 A,PJU-27V60WLAC,MDS-030AAC24 AC,LNE-12V100WACA,DRP048V060W1BN,PMT-24V75W2BA,LNE-24V120WAAA,MDS-100APS48 BA,PJ-24V100WBRA,PMT-48V350W1AR,PJB-24V300WCNA,PMT-36V350W1ARZ,PMT-24V75W2BG,PMR-24V240W1AT,PMT-24V200W1AMB,PJB-24V300WCNJ,MDS-030AAC12 AB,LNE-24V320WDAA,MEB-2K5A24T RAA,DRV-24V120W1PN,PMT-24V100W2AA,PJT-15V65WBAA,PMT-48V350W1AK,LNE-36V185WACA,DRF-48V240W1GBA,PJB-24V300WCNT,DRC-24V10W1HZ,PJT-24V40WBAB,DRS-24V100W1NZ,PJT-24V40WBAA,PJT-15V65WBAK,LNE-12V120WDCA,LNE-48V100WACA,DRS-24V100W1NR,LNE-24V185WACA,PMC-24V075W1AA,PMT-24V200W1AMZ,PJ-12V15WBNA,PMS-48V1K2W1BTD,PMT-24V200W2BMA,PMT-24V200W1ANB,MEU-650A48T AAA,DRP012V060W1AA,PMT-24V200W2BMB,DRP048V240W1BA,PMT-24V150W2CA,DRP048V060W1BA,MDS-080AAS12 AD,LNE-12V320WDCA,MDS-080AAS12 AB,PMU-13V155WLCA,PJB-24V300WCRA,DRP048V240W1BN,PJU-27V60WLBA,PMT-24V150W2BA,DRP-24V120W2BN,PJU-27V60WLBC,PJU-27V60WLBB,PJU-13V60WCBA,PJB-24V100WBRA,PMT-48V150W1AA,PMT-24V150W2BG,MEA-090A15C 6-A,PJU-13V60WCBC,PJU-13V60WCBB,LNE-24V320WDCA,MDS-150AAS24 BA,PMT-24V200W2BNJ,LNE-36V185WAAA,PMT-30V75W2BA,PMT-12V150W2BA,MDS-150CAB19 AA,MDS-250ADB12 AB,MDS-250ADB12 AA,LNE-12V320WDBA,PMT-48V35W2BA,PMT-12V150W2BG,PJ-5V150WLRA,PMT-48V150W1AG,ADT-150A24AC K-A,PMT-48V150W1AH,LNE-24V185WAAA,DRC-12V10W1AZ,DRL-24V120W1AA,P
TB070-I4021E30A-00 7寸IPS液晶显示屏
描述- 该资料为深圳市新天源电子有限公司提供的7寸IPS液晶显示屏模块的技术规格书。内容包括产品概述、特性、机械规格、电气特性、背光特性、模块功能描述、光学特性、可靠性测试、检验标准和包装说明。
型号- TB070-I4021E30A-00
现货市场
服务
提供是德(Keysight),罗德(R&S)测试测量仪器租赁服务,包括网络分析仪、无线通讯综测仪、信号发生器、频谱分析仪、信号分析仪、电源等仪器租赁服务;租赁费用按月计算,租赁价格按仪器配置而定。
提交需求>
朗能泛亚提供是德(Keysight),罗德(R&S)等品牌的测试测量仪器维修服务,包括网络分析仪、无线通讯综测仪、信号发生器、频谱分析仪、信号分析仪、电源等仪器维修,支持一台仪器即可维修。
提交需求>
授权代理品牌:集成电路
授权代理品牌:分立元件
授权代理品牌:接插件及结构件
授权代理品牌:部件、组件及配件
授权代理品牌:电源及模块
授权代理品牌:电子材料
授权代理品牌:仪器仪表及测试配组件
授权代理品牌:电工工具及材料
授权代理品牌:机械电子元件
授权代理品牌:加工与定制
我要提问
登录 | 立即注册
提交评论