External bypass, Nics off – Juniper Networks IDP SERIES IDP250 User Manual

NOTE:

The bypass and PPM features are applied independently. The

Internal

Bypass

setting is related to the status of the IDP operating system. The peer

port modulation setting is related to the status of the link. It is possible to
have a healthy operating system and a link with status down, or a failed
operating system and a link with status up.

External Bypass

The External Bypass setting supports third-party external bypass units. Deployments
with external bypass units depend on the functionality of the external bypass unit to
check the status of the IDP Series appliance and make the determination whether to
send packets through or around the IDP Series device. Most external bypass units test
for availability by sending heartbeat packets through the device. If the packets reach the
expected destination, the external bypass unit allows the traffic to continue through the
IDP Series appliance. If the packets fail to reach the expected destination, the external
bypass unit determines the IDP Series is unavailable, so it forwards traffic around the
IDP Series device. The IDP Series supports external bypass solutions by allowing the
heartbeat traffic to pass through the device regardless of the Layer 2 Bypass setting. In
other words, if you disable Layer 2 Bypass and enable External Bypass, most Layer 2
traffic will be dropped but the heartbeat traffic used in the external bypass deployment
will be passed through.

Figure 7 on page 12

compares the data path when External Bypass

is enabled but not activated with the data path when External Bypass is activated.

Figure 7: External Bypass

NICs Off

The NICs Off setting is intended to support network security policies that privilege security
over availability—you want the network path to be unavailable if the IDP Series device

Copyright © 2012, Juniper Networks, Inc.

12

IDP250 Installation Guide