A Network Bypass Switch ensures failover or fail-safe capabilities for an inline networking device or a network security tool such as a firewall, NGFW, IDS/IPS, WAF, DDOS and many other flavours of threat detection platforms. If the network or security appliance fails or needs to be taken off-line for whatever reason, its traffic is automatically rerouted, ensuring uninterrupted traffic flow on the network.
What is a Network Bypass Switch?
Redundancy is essential and highly critical aspect for any network that needs to operate all the time. Bypass Switches sometimes also referred to as a bypass tap, the network bypass switch, is a special type of active tap. It is used to connect a network segment at a specific network access point (TAP) where there is an active, inline device (such as a security tool that is there for inspection and monitoring purposes).
Functionally, it can reroute traffic automatically by monitoring the tool’s health or can manually be made to redirect traffic (such as when disconnecting the monitoring tool for maintenance or other motives). Since the inline network devices are essential to the overall functioning of the enterprise network – any issue with them can critically affects network performance.
Each network device that is placed inline is a potential single point of failure in the computer network. If the device should experience even the shortest period of system hang-up or failure (that takes time for a reboot or any kind of troubleshooting), then traffic flow will be discontinued. Even for maintenance or replacement purposes, disconnecting the device will interrupt normal traffic flow at that point.
Any dropped data packet is a potential cause of error or inaccuracy in the processes and applications that depend on receiving those data packets. Thus, the network bypass switch – that can circumvent any and all interruptions at that critical AP or network link – is an essential element of the network infrastructure. The network bypass switch eliminates this point of failure by redirecting the network data traffic to bypass around the network device at that point, whenever that device is incapable of processing or passing the traffic.
In case the bypass switch itself is somehow compromised, it contains a relay switch that is designed to close and go to 'bypass mode' and allow the traffic to seamlessly flow through its cable to maintain an uninterrupted and open link with the rest of the network. This is especially important with regards to security devices that need to continuously defend the network against malevolent attacks and security breaches.
Inline Bypass - Advanced Carrier-Grade Bypass Switches
- Our signature Bypass offers carrier-grade double-protection bypass technology for all network speeds up to 100Gbps.
- Bypass is available in multiple bypass segment options, supporting a range of electrical and optical network interfaces up to 100Gb.
- Each Bypass segment comprises two network ports and two appliance ports.
- A fail-safe / fail-open optical/copper relay on network ports, and user-configurable heartbeat-generated packets on appliance ports.
- All products based on Bypass can be user-configured as active network TAPs as well.
Understanding Bypass Switch
Normal Mode:
Application Failure:
Bypass Switch Failure:
Failsafe Protection - Protecting network traffic flow in case of BypassP2 failure
When power fails, the optical-relays in the bypass switch ensure that the network flow continues uninterrupted. The optical relays can be configured fail open or fail close to meet specific deployment needs. This ensures uninterrupted network services under all conditions.
Heartbeat Protection - Protecting network traffic flow in case of appliance failures
The Bypass transmits a user-configurable heartbeat on the appliance ports. In the event of an appliance malfunction (such as a software crash, system failure or loss of power), the failure is detected, and the Bypass redirects the traffic intended for the inline appliance to the network ports, allowing it to continue to flow through the network link. This feature also enables the network appliances or network security tools to be removed and replaced without network downtime. Once the system is backed up, or the power is restored to the appliance, it is detected by the Bypass heartbeat mechanism, and network traffic is seamlessly diverted back to the inline device, allowing it to resume its critical functions.
Extensive Bypass Solution for Any Use Case