Technical Insights > Network Visibility + Security

Inline Security with Packet Boi

2020-06-18  |  4 min read 

 

Inline security refers to an architecture where security tools are placed directly in the path of network data flow. One of the most common and easy to understand models would be to have a firewall between users and the internet. All traffic from users to the internet goes through the firewall and all traffic from the internet back also goes through the firewall.

This is great until you need to do something to your firewall – for example, maybe you need to reboot it so you can update the OS or apply security patches. Since the tool is inline with your data, do you take the network down or do you route around the firewall? Neither of these options is very appealing.

When you deploy a network visibility fabric with taps, bypass switches and network packet brokers, you can now do some interesting things with a combination of high availability and load balancing. For example, you can enable failover such that if one of your firewalls goes down, and this can be from unplanned failure or planned maintenance, a bypass switch and packet broker can route traffic to the remaining firewall(s). You can do active/standby, where you have hardware waiting idle in anticipation of failure – an expensive way of building networks, or you can do active/active failover with a number of firewalls in place in a configuration such that the failure of any one device will result in traffic going to the remaining devices without interruption on the network. This is a more cost effective approach, but can potentially result in degradation of performance when a member device goes down if the network is not robustly provisioned.

The ability to load balance also helps future-proof the network. So you may have 10G firewalls now, but with the right packet brokers in place you can easily add 40G tools and proportionally load balance them in. Not only can you do this, but you can also use the packet brokers to filter out traffic that doesn’t need to be inspected, thus reducing the load on your security tools and effectively extending their useful lives and enhancing your ROI while preventing unplanned downtime as well as allowing you to eliminate planned network interruptions for maintenance as well. Pretty cool stuff.

Anyway, this all becomes pretty dry in a hurry, but if you need an easier way to share the benefits of using bypass switches and packet brokers with your inline security deployments, one of our latest videos with Mike Hodge as Packet Boi might help. Check it out.

Thanks for reading.