The proper way to bypass inline services for critical infrastructure
Updated February 11, 2020

The proper way to bypass inline services for critical infrastructure

Alan Matson, CCNA:S, MCP | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Ixia Bypass Switches

We currently use Ixia Bypass switches to allow us to add FireEye devices inline to our network on a Layer 2 path. FireEye does not support link state propagation from the upstream and downstream links inline, so if we have an outage of a FireEye box then we would lose that layer two link and a fail-over would not occur without link state propagation. The Ixia Bypass handles this for us and allows a fail-close setup should the monitored device go down in this case the FireEye

Pros

  • Link state monitoring
  • Service monitoring of the stub devices
  • Link state propagation
  • Battery backup for power loss

Cons

  • Setup is pretty complex
  • Alerting is minimal unless you also purchase the Ixia management server software.
  • While expensive, it has reduced our downtime due to the FireEYE outages and upgrades
  • Increased our cost for the FireEye which is really a negative of the FireEye and not the Ixia.
F5 while allows the load balancing aspect would not propagate link state as well.
Well suited for layer two networks where you need physical link monitoring as well as service monitoring. In our case, we monitor the ports and services for FireEye by looping traffic via FireEye, and if that packet is not received on the Ixia after sent it will mark the FireEye down. Not suited for any type of "normal" switching or load-balancing.

Comments

More Reviews of Keysight Bypass Switches