Bypass network taps

Bypass Network TAPs

Maintain your network's performance

Without maintaining your network monitoring and security performance, your speed, cost and efficiency will become compromised. Bypass TAPs are reliable and easy-to-use solutions to ensure your network is performing well, 365 days a year.

 

What is a Bypass TAP?

A bypass TAP, sometimes referred to as a Bypass Switch, has consistent heartbeats that are sent to an Inline security appliance. These heartbeats indicate the functionality of the security appliance: regular beats means the bypass TAP is functioning well. If the beats are not returned to the bypass TAP (see below) the TAP automatically bypasses the appliance to allow the packets to be sent through, no matter how high the traffic is. It is also able to detect the status of the appliance, so when it comes back online, this is detected by the TAP and traffic is once again directed through the appliance.

When an IPS or other Inline Appliance is installed behind a V-Line TAP, the TAP continually checks the status of the appliance and if it is online, will direct traffic through it. If the appliance goes for maintenance or update, or any reason, the TAP will automatically bypass the appliance and direct traffic straight through to the network.

Bypass Network TAP diagram

How does the TAP detect if the appliance is online?

  1. Heartbeat packets are injected into the traffic stream and are directed to the monitoring device.
     

  2. If the heartbeat packets are not detected, when the traffic is passed back through the V-Line™ TAP on their way back to the network, the TAP enters Bypass mode and bypasses the appliance.
     

  3. Heartbeats are configurable for maximum flexibility and Heartbeat packets are NEVER sent on to the live network.

Network Critical: Bypass TAP

This reliable and easy-to-use technology allows you to have confidence in maintaining your network security and performance because our TAPs have failsafe technology and support inline security tools, such as advanced threat protection (ATP), intrusion prevention systems (IPS) and web application firewall (WAF). Therefore, the Network Critical Inline Bypass is the first layer of defence needed to protect your network against attacks.

The Network Critical Inline bypass TAP solution enables our customers to:
 

  • Keep pace with increasing network traffic volumes by enhancing Inline security tool performance.

  • Remove single points of tool failure by providing multiple layers of resiliency.

  • Packet filter

  • Sharing traffic with passive tools as well as the IPS

V-Line Single Tool Bypass: Active

V-Line Single tool bypass

This mode allows a bidirectional flow of live network traffic to be passed through a single Inline tool. The tool throughput status is monitored via heartbeat packets. While heartbeat flow is present the tool is considered Active and network traffic is sent to it for inspection.
 

V-Line Single Tool Bypass: InActive

V-Line Single tool Bypass inactive

When heartbeat flow is blocked, due to link failure or throughput latency, the tool is considered InActive, and is Bypassed. Live network traffic continues to pass uninterrupted across the TAP, and the tool continues to be monitored by heartbeats. When heartbeat flow is restored the tool is considered Active again and is placed back Inline.

Breakout/Aggregation TAP Mode

V-Line TAP mode.png

If V-Line functionality is not required, the module also offers some basic breakout and aggregation capabilities. 
 

One port pair on the V-Line module can function as a TAP pair to monitor a live network link, and the remaining ports may then be independently used for traffic output to Off-line monitoring tools. This mode supports optional packet slicing between 16-9216 bytes before output to the tools.

V-Line Dual Tools in Parallel

V-Line Dual Parallel Inline.png

This mode allows a bidirectional flow of live network traffic to be passed through two identical Inline tools, in parallel, in an Active/Standby configuration. The throughput status of each tool is monitored independently via heartbeat packets. While heartbeat flow is present the tool is considered Active and network traffic is sent to it for inspection. Only one tool is required at any one time so the second Active tool is held in Standby.

V-Line Dual Tools in Parallel

V-Line Dual Parallel Bypass1.png

When heartbeat flow is blocked, due to link failure or throughput latency, the tool is considered InActive, and is Bypassed, and the Standby tool takes over. 

V-Line Dual Tools in Parallel

V-Line Dual Parallel Bypass2.png

The InActive tool continues to be monitored by heartbeats. When heartbeat flow is restored the tool is considered Active again and is held in Standby.

V-Line Dual Tools in Series

V-Line Dual Series Inline.png

This mode allows a bidirectional flow of live network traffic to be passed through two different Inline tools, in series. The throughput status of each tool is monitored independently via heartbeat packets. While heartbeat flow is present the tool is considered Active and network traffic is sent to it for inspection. 

V-Line Dual Tools in Series

V-Line Dual Series Bypass2.png

When heartbeat flow is blocked, due to link failure or throughput latency, the tool is considered InActive, and is Bypassed. Live network traffic continues to pass uninterrupted across the other tool, and both tools continue to be monitored by heartbeats. When heartbeat flow is restored the tool is considered Active again and is placed back Inline. 

Egress Mode

V-Line Egress mode.png

When heartbeat flow is blocked, due to link failure or throughput latency, the tool is considered InActive, and is Bypassed. Live network traffic continues to pass uninterrupted across the other tool, and both tools continue to be monitored by heartbeats. When heartbeat flow is restored the tool is considered Active again and is placed back Inline. 

Technology Partnerships

Cisco is a global leader in telecommunications, security, network infrastructure and IT applications. As an official Cisco Solution Partner, Network Critical helps provide visibility and access for Cisco security and performance monitoring solutions.

Cisco network security
network critical success stories

Customer Use Cases

Network Critical’s solutions are used in global networks across a wide range of sectors including Telco, Government and Energy

MLB
US Government
Vodafone
BP
The Stars Group
network visibility white paper

4D Visibility: The four pillars of Network Visibility
and how to develop a robust strategy

HEARTBEAT.png

Compare The Products

Compare the entire Network TAP, Hybrid TAP and Packet Broker Range

ethernet taps

SPEAK TO AN EXPERT

Together, we can find the perfect solution for your network

We understand your privacy is important. Network Critical does not share your personal information with any unauthorized parties. For more information on how we use your personal data, please review our Privacy Policy.