As more tools move from an out-of-band detection mode to an inline active protection mode, network resiliency becomes a particular concern. Redundant network architectures are designed to be fault-resilient, but they present their own challenges when it comes to inline inspection of traffic. Gigamon has developed a resilient inline architecture that utilizes the GigaVUE-HC2 to address these concerns as part of the GigaSECURE® Security Delivery Platform—Gigamon Resilient Inline Protection (GRIP™). Inline security appliances represent potential points of failure in the network. Whether due to a power outage, software malfunction, or processing bottleneck, failing inline tools can disrupt the very applications and services they are meant to protect. This problem is addressed on two fronts: deploying redundant inline tools and utilizing bypass protection.
Redundant inline tools address resiliency with the simple principle that if one tool fails, the redundant tool takes over. This is also known as 1+1 protection. An inline visibility node is required to detect the failure of the active tool and redirect traffic to the standby tool. The health of an inline tools is determined by monitoring the state of the link and optionally sending bidirectional heartbeat packets that verify the tool is passing traffic. The parameters of the heartbeat packets can also be re- tuned to trigger a failover to the standby tool when the latency of the active tool becomes too great. Rather than have an active/standby arrangement, the visibility node can distribute traffic across multiple inline tools. Not only does this allow security monitoring to scale up to the speed of the network, but also in the event of a tool failure, the traffic can be redistributed to the remaining healthy tools. In addition, a dedicated standby tool can be deployed to provide N+1 protection.