McAfee IIP-M65K-ISAA Product Guide - Page 30

How does the fail-open function work, Cabling in fail-over mode

Get McAfee IIP-M65K-ISAA - Network Security Platform M-6050 PDF manuals and user guides View all McAfee IIP-M65K-ISAA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

4 Attaching Cables to the Sensor How does the fail-open function work Task 1 Plug the cable appropriate for use with your XFP module into port 4A of the active Sensor. 2 Connect the other end of the cable to port 4A of the standby Sensor. Figure 4-2 Cabling in fail-over mode How does the fail-open function work The standard Gigabit Fail-Open Kit and the 10 Gigabit Fail-Open Kit minimize the potential risks of in-line Sensor failure on critical network links. You need to purchase these kits separately. Both copper and optical versions of the kit are available for the one gigabit ports. A 10 Gigabit Optical Kit is available for the 10 gigabit ports. The Monitoring ports of the Sensors fail-close; thus, if the Sensor is deployed in-line, a hardware failure results in network downtime. For the Monitoring ports to fail-open, you use the optional external bypass switch provided in a Fail-Open Kit. With the bypass switch in place, normal Sensor operation supplies power to the switch through a control cable. While the Sensor is operating, the switch is "on" and routes all traffic directly through the Sensor. When the Sensor fails, the switch automatically shifts to a bypass state; in-line traffic continues to flow through the network link but is no longer routed through the Sensor. Once the Sensor resumes normal operation, the switch returns to the "on" state, once again enabling in-line monitoring. Sensor outage breaks the link connecting the devices on either side of the Sensor for a brief moment and requires the renegotiation of the network link between the two peer devices connected to the Sensor. Depending on the network equipment, this disruption introduced by the renegotiation of the link layer between the two peer devices might range from a couple of seconds to more than a minute with certain vendors' devices. A very brief link disruption might also occur while the links between the Sensor and each of the peer devices are renegotiated to place the Sensor back in in-line mode. This outage, again, varies depending on the device, and can range from a few seconds to more than a minute. You can find the installation and troubleshooting instructions for the kit in the guide that accompanies the kit. For example, for more information on the Optical kit, see the standard Gigabit Optical Fail-Open Bypass Kit Guide. 30 McAfee® Network Security Platform M-6050 Sensor Product Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
Task
1
Plug the cable appropriate for use with your XFP module into port 4A of the active Sensor.
2
Connect the other end of the cable to port 4A of the standby Sensor.
Figure 4-2
Cabling in fail-over mode
How does the fail-open function work
The standard Gigabit Fail-Open Kit and the 10 Gigabit Fail-Open Kit minimize the potential risks of
in-line Sensor failure on critical network links. You need to purchase these kits separately. Both copper
and optical versions of the kit are available for the one gigabit ports. A 10 Gigabit Optical Kit is
available for the 10 gigabit ports.
The Monitoring ports of the Sensors fail-close; thus, if the Sensor is deployed in-line, a hardware
failure results in network downtime. For the Monitoring ports to fail-open, you use the optional
external bypass switch provided in a Fail-Open Kit.
With the bypass switch in place, normal Sensor operation supplies power to the switch through a
control cable. While the Sensor is operating, the switch is "on" and routes all traffic directly through
the Sensor. When the Sensor fails, the switch automatically shifts to a bypass state; in-line traffic
continues to flow through the network link but is no longer routed through the Sensor. Once the
Sensor resumes normal operation, the switch returns to the "on" state, once again enabling in-line
monitoring.
Sensor outage breaks the link connecting the devices on either side of the Sensor for a brief moment
and requires the renegotiation of the network link between the two peer devices connected to the
Sensor. Depending on the network equipment, this disruption introduced by the renegotiation of the link
layer between the two peer devices might range from a couple of seconds to more than a minute with
certain vendors' devices.
A very brief link disruption might also occur while the links between the Sensor and each of the peer
devices are renegotiated to place the Sensor back in in-line mode. This outage, again, varies depending
on the device, and can range from a few seconds to more than a minute.
You can find the installation and troubleshooting instructions for the kit in the guide that accompanies
the kit. For example, for more information on the Optical kit, see the standard
Gigabit Optical
Fail-Open Bypass Kit Guide.
4
Attaching Cables to the Sensor
How does the fail-open function work
30
McAfee
®
Network Security Platform
M-6050 Sensor Product Guide