Bypass switch

Bypass switch

A Bypass Switch is a hardware device that provides a fail-safe access port for an in-line monitoring appliance such as an intrusion prevention system (IPS), firewall, WAN optimization device or unified threat management system. In-line monitoring appliances are single points of failure in computer networks because if the appliance loses power, experiences a software failure, or is removed, traffic can no longer flow through the link. The Bypass Switch removes this point of failure by automatically shunting traffic around the appliance whenever the appliance is incapable of passing traffic.

A Bypass Switch has four ports. Two network ports create an in-line connection in the network link that is to be monitored. This connection is fully passive; if the Bypass Switch itself loses power, traffic continues to flow unimpeded through the link. Two monitor ports are used to connect the in-line monitoring appliance. During normal operation, the Bypass Switch passes all network traffic through the appliance as if it were directly in-line itself. But when the in-line appliance loses power, is disconnected, or otherwise fails, the Bypass Switch passes traffic directly between its network ports, bypassing the appliance, and ensuring that traffic continues to flow on the network link.

In some products, when the Bypass Switch is shunting traffic around the monitoring appliance, the monitor ports revert to acting like a Network tap, mirroring the half-duplex traffic received at the network ports to the monitor ports. In this mode, an attached IPS appliance can be used as an intrusion detection system (IDS) to passively monitor the traffic without affecting it. This mode is useful for analyzing the effectiveness of a signature set before switching to IPS mode and potentially disrupting network traffic.

Multi-segment Bypass Switches provide a number of independent Bypass Switches in a single chassis, providing higher density in the equipment rack.


When the Bypass Switch is passing traffic through the attached in-line appliance, it is said to be in Bypass Off mode.

When the Bypass Switch is passing traffic directly between the network ports, and bypassing the attached in-line appliance, it is said to be in Bypass On mode.


Using an external Bypass Switch to connect an in-line appliance such as an IPS has several benefits. [ [ Sys-Con - Net Optics, Inc. Introduces iBypass for Fail-Safe IPS Security Deployments] ]

It keeps network traffic flowing when the in-line appliance fails.

It allows the in-line appliance to be removed or serviced without impacting network traffic. For example, an IPS can be taken offline to upgrade signatures, software, or hardware.

The in-line appliance can be moved from one network segment to another without impacting network traffic.

Note that the latter two advantages are not provided by internal bypass switch functionality that may be integrated within some IPS appliances.


Bypass Switches add acquisition cost to the monitoring solution, although they may save cost in the long run by increasing network uptime.

Bypass Switches move the single point of failure from the in-line monitoring appliance to the Bypass Switch itself. This should be a net gain in reliability, because the Bypass Switch is a simpler device than the monitoring appliance, and because it is designed for fault-tolerance. Nevertheless, reliability is an important criteria when evaluating Bypass Switch solutions.

Technical information

Bypass Switches increase network reliability through several mechanisms including passive in-line connections, link detection, and Heartbeat packets.

The two network ports in a Bypass Switch create a fully passive in-line connection that maintains traffic flow even in the absence of power. For fiber links, a normally closed optical switch creates a path for light to flow unimpeded through the device when power is absent. For copper links, micro-relays connect the two ports when power is absent.

The Bypass Switch monitors the status of the links between its monitor ports and the in-line appliance. If a link goes down, the Bypass Switch immediately switches into Bypass On mode. When the link come back up again, the Bypass Switch returns to Bypass Off mode and the appliance resumes receiving traffic.

Some Bypass Switches send a Heartbeat packet through the monitoring appliance in order to ensure that the appliance is passing traffic. If the Heartbeat packet does not return to the Bypass Switch, the appliance is assumed to be down, and the Switch goes into Bypass On mode, excluding the appliance from the traffic path. The Bypass Switch continues to transmit Heartbeat packets to the appliance, and when they are again returned by the appliance, the Bypass Switch changes back to Bypass Off mode and the appliance resumes receiving traffic.

Whenever the Bypass Switch transitions to Bypass On mode for any reasaon, the link may be temporarily dropped. A good Bypass Switch reconnects the link in under 1 second, [ [ The Tolly Group - Net Optics 10/100/1000 iBypass Switch Evaluation] ] but the network may take several seconds to re-establish communications on link.

Device management

Bypass Switches may be managed through any of several interfaces: a command-line interface (CLI), a Web browser-based interface, or a platform-based SNMP tool. Management functions may include configuring an IP address for SNMP traps, retrieving RMON statistics, and setting parameters for the Heartbeat packet such as packet contents, timing, and retry counts.


See also

*Intrusion-prevention system
*Net Optics
*Network intrusion detection system

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • bypass switch — gretšakės jungiklis statusas T sritis radioelektronika atitikmenys: angl. bypass switch vok. Überbrückungsschalter, m; Umgehungsschalter, m rus. обходной выключатель, m pranc. disjoncteur de shuntage, m …   Radioelektronikos terminų žodynas

  • Bypass — may refer to:Bypass (slang)(digestive), where gas is expelled through anus during the event of a voluntary fecal restriction, thus the gas bypassed through the fecal matter and released via anus. *Bypass (computing), in computing, circumventing… …   Wikipedia

  • Duodenal switch — Intervention ICD 9 CM 43.89, 45.51 …   Wikipedia

  • Gastric bypass surgery — Gastric bypass procedures (GBP) are any of a group of similar operations used to treat morbid obesity the severe accumulation of excess weight as fatty tissue and the health problems (comorbidities) it causes. Bariatric surgery is the term… …   Wikipedia

  • 1ESS switch — The Number One Electronic Switching System, the first large scale Stored Program Control (SPC) telephone exchange or Electronic Switching System in the Bell System, was introduced in Succasunna, New Jersey, in May 1965[1]. The switching fabric… …   Wikipedia

  • Lightning Switch — is a wireless and batteryless remote control switch technology manufactured by PulseSwitch Systems, a member of The Face Companies group of Norfolk, Virginia USA. It is most commonly used as a wireless light switch. Energy harvesting The… …   Wikipedia

  • Stackable switch — A stackable switch is a network switch that is fully functional operating standalone but which can also be set up to operate together with one or more other network switches, with this group of switches showing the characteristics of a single… …   Wikipedia

  • thermactor air bypass solenoid — (TAB) an electrical solenoid that switch engine manifold vacuum to bypass the atmosphere …   Dictionary of automotive terms

  • Net Optics — Net Optics, Inc. Type Private Company Founded 1996 Headquarters Santa Clara, California Key people Eldad Matityahu, Board Chairman B …   Wikipedia

  • Fender Stratocaster — Stratocaster redirects here. For the Squier Stratocaster, see Squier Stratocaster. Fender Stratocaster Manufacturer Fender …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”