Don’t Risk Your Network: Use Inline Bypass

Gigamon just released a new whitepaper, “The Surprising Ways That Inline Bypass Helps Protect Network Operations.” The title’s pretty self-explanatory, but it’s had me trying to think of a good metaphor for explaining the inline bypass concept to newcomers.

I’m thinking sports.

Imagine a pro basketball team, with each player adept at a specific role. Offense, defense, three-pointers, foul shots. Everyone’s talented, but that in itself won’t make them champions. In fact, this team’s not going to win many games at all if they don’t have a strong coaching organization coordinating their play and planning strategies to make the most of each player’s abilities.

Inline network security devices, too, are often very specialized. Each performs a specific task very well, and because they’re inline, they sit right on the production network, all the better to do whatever they do best.

Inline, Not Invincible

But as our new whitepaper points out, that key advantage of being located inline can turn into an Achilles’ heel. For example, any given inline security tool might not have the capacity or performance to keep up with increased traffic when you upgrade network bandwidth, suddenly turning the tool into a bottleneck.

Similarly, if an inline tool loses power, crashes or goes offline for maintenance or the like, serious consequences may ensue. At the very least your infrastructure is no longer benefiting from whatever the tool is supposed to do. Network performance may also decrease. Worst case, security could be compromised, or critical applications might suddenly go dead in the water.

What’s the solution? Upgrading the infrastructure can help solve lowered performance, but that’s a brute-force approach that isn’t likely to be super effective, much less cost-efficient. And actually performing upgrades or adding new devices can be disruptive, requiring complex interdepartmental coordination.

In case you’re wondering, no, I didn’t forget about the metaphor. What our hypothetical beleaguered network needs isn’t an endless series of stopgap upgrades. No, it just needs a good coach.

Networks Need Good Game Plans

And by coach, of course, I mean a next-generation network packet broker (NGNPB) that can perform inline bypass. (Go team!) Much like a strong coaching staff might supervise, advise and optimize a winning team, an NGNPB will monitor the network, note changing conditions and use techniques like inline bypass to orchestrate the real-time flow of traffic to ensure the infrastructure’s humming along as efficiently as it can.

Inline bypass, for example, is a great way to mitigate that scenario I mentioned where an inline tool becomes overwhelmed by traffic. If a tool goes offline, inline bypass lets the NGNPB simply send traffic around it. When the tool comes back, traffic to it automatically resumes. The failure point is bypassed, network operations continue apace.

Beyond the Basics

But that’s just one way an NGNPB can help keep you up and running. As the whitepaper details, Head Coach NGNPB (that really rolls off the tongue) can also help out by:

1. Optimizing tool performance and maximizing security: Inline bypass isn’t just for when stuff breaks. You can also use it to distribute specific traffic across specific tools. If one tool doesn’t need to look at web traffic, spare it the trouble of processing all those packets by sending that traffic to the tools that should be looking at it. The whitepaper goes deeper, but the gist is that inline bypass is great for intelligently sharing load across only relevant infrastructure.

2. Balancing network performance and security: The more granular traffic control afforded by the NGNPB lets you make intelligent trade-offs between performance and security. For example, you might use your security tools out of band while scanning for threats, and when one’s detected, instantly switch them back to inline protection mode until any malicious traffic is cleared.

3. Maintaining network traffic continuity: An NGNPB believes the game must always go on. With logical bypass, the NGNPB constantly gauges the health of inline tools using bi-directional heartbeat packets. Whether the tool fails because it loses power or stops forwarding traffic, the NGNPB can bypass the failing tool and maintain network uptime.

And even if the NGNPB itself loses power (“Coach, wake up!”). In that case a physical switch can bypass the NGNPB itself; when power returns, the device can resume performing inline bypass services for the rest of the infrastructure.

Learn More in the Whitepaper

Inline bypass is also very helpful for testing and deploying new tools, but I’ll stop there.

I’ll leave those details, should you be interested, to the whitepaper. You can read the full paper — “The Surprising Ways That Inline Bypass Helps Protect Network Operations” — to get the full story on how the Gigamon Visibility Fabric™ with inline bypass can help your own network win.