Item: Keysight Bypass Switches
Rating: 10
Author: Alan Matson, CCNA:S, MCP

Use Cases and Deployment Scope

We currently use Ixia Bypass switches to allow us to add FireEye devices inline to our network on a Layer 2 path. FireEye does not support link state propagation from the upstream and downstream links inline, so if we have an outage of a FireEye box then we would lose that layer two link and a fail-over would not occur without link state propagation. The Ixia Bypass handles this for us and allows a fail-close setup should the monitored device go down in this case the FireEye

Pros and Cons

Link state monitoring
Service monitoring of the stub devices
Link state propagation
Battery backup for power loss

Setup is pretty complex
Alerting is minimal unless you also purchase the Ixia management server software.

Return on Investment

While expensive, it has reduced our downtime due to the FireEYE outages and upgrades
Increased our cost for the FireEye which is really a negative of the FireEye and not the Ixia.

Alternatives Considered

F5 BIG-IP

F5 while allows the load balancing aspect would not propagate link state as well.

Other Software Used

F5 BIG-IP, VMware ESXi, Ubuntu Linux

Likelihood to Recommend

Well suited for layer two networks where you need physical link monitoring as well as service monitoring. In our case, we monitor the ports and services for FireEye by looping traffic via FireEye, and if that packet is not received on the Ixia after sent it will mark the FireEye down. Not suited for any type of "normal" switching or load-balancing.

The proper way to bypass inline services for critical infrastructure

Overall Satisfaction with Ixia Bypass Switches