Insights > Network Visibility + Security

Bypass Switches: The ABCs of Network Visibility

2021-08-05  |  5 min read 

Ups and downs are part of life. But when it comes to your network, frequent, or long periods of downtime simply aren’t acceptable. The latest inline security tools can prevent network downtime by keeping threats at bay. Yet they come with risks too. Inline tools are single points of failure (SPOF) in your network, meaning that if they fail, the whole network fails with them. When inline tools stop working, or lose power, or get congested, network traffic can no longer flow through them. So, your network, and your business grinds to a halt. Costing you precious time and money. But bypass switches can save you from this expensive eventuality

What Is A Bypass Switch?

A bypass switch is a simple piece of hardware that allows you to connect inline security tools to your network – without the risk of network downtime. Picture the way a car accident causes road congestion and stops the flow of vehicles. Typically, the police will step in to redirect oncoming traffic, so as to avoid a huge pile up, and keep the stream of cars moving. Bypass switches prevent outages and keep network traffic moving in a similar way. When inline tools fail, bypass switches automatically kick in. They redirect network traffic so that it flows around the failed tool, instead of through it. The network traffic is able to “pass by” the blockage caused by the tool. So, your network stays up and running – even if the tool isn’t. Bypass switches can detect when an inline tool has failed or lost power through heartbeat packets. Heartbeat packets are signals sent from the bypass switch, through the inline tool at regular intervals. If a packet doesn’t make it back to the bypass switch, the inline tool is assumed to have failed, and network traffic is rerouted.

Internal vs. External Bypass Switches

Some inline security tools come with ready-to-go internal bypass switches. On the surface, this sounds ideal. Why pay for a standalone device, when you can get inline tools pre-fitted with bypass switch technology?

But external bypass switches have a number of advantages over internal bypass switches.

Simplicity and Network Reliability

At some point, your inline security tool will need to be taken offline, and physically removed from the network. This may be for planned maintenance or upgrade purposes. But it could also be due to an unplanned event. If the tool has been installed with an external bypass switch, it can be removed without impacting the flow of network traffic. The image below shows how an Intrusion Prevention System (IPS) – a type of inline security tool – can be disconnected without breaking any network links

Diagram 1 – IPS and tools with external ByPass Switch

In contrast, removing an IPS with an internal bypass switch means that network links must be broken:

Diagram 2 – IPS with internal ByPass

This creates costly downtime and service interruption for your organization.

Security

Since external bypass switches are purpose-built, they’re better equipped to keep your network safe. Internal bypass switches come as an “added extra” to inline tools. So, they may not have all the features of an external solution. For example, external bypass switches can redirect network traffic around a failed tool, while also notifying network / security teams of the blockage so swift action is taken.

An inline tool that tries to be a jack-of-all-trades (with its own bypass switch) simply won’t be as effective as specialist equipment.

For more on the benefits of external bypass switches over internal bypass switches, read our whitepaper on the topic: “External Bypass Switches: A Better Inline Security Tool”

Why it is worth considering Keysight ByPass Switches?

Please see below list of white papers and guides to educate yourself on the advantages of Keysight ByPass switches.