The proper way to bypass inline services for critical infrastructure
Use Cases and Deployment Scope
We currently use Ixia Bypass switches to allow us to add FireEye devices inline to our network on a Layer 2 path. FireEye does not support link state propagation from the upstream and downstream links inline, so if we have an outage of a FireEye box then we would lose that layer two link and a fail-over would not occur without link state propagation. The Ixia Bypass handles this for us and allows a fail-close setup should the monitored device go down in this case the FireEye
Pros
- Link state monitoring
- Service monitoring of the stub devices
- Link state propagation
- Battery backup for power loss
Cons
- Setup is pretty complex
- Alerting is minimal unless you also purchase the Ixia management server software.
Likelihood to Recommend
Well suited for layer two networks where you need physical link monitoring as well as service monitoring. In our case, we monitor the ports and services for FireEye by looping traffic via FireEye, and if that packet is not received on the Ixia after sent it will mark the FireEye down. Not suited for any type of "normal" switching or load-balancing.
