Juniper Networks IDP8200 Network Card User Manual


  Open as PDF
of 68
 
Traffic Ports (Forwarding Interfaces) 11
Chapter 2: Hardware Overview
Normal State
When the IDP is active and NICs are in the normal state, NICs only pass Layer 2
traffic if in transparent mode and if Layer 2 bypass is enabled. NSRP packets are
not passed, so external bypass units do not behave correctly.
NIC Bypass State
Ethernet copper ports on the IDP 75, 250, 800, and 8200 sensors all have built-in
port bypass with crossover. Port bypass only works if the sensor is configured for
transparent mode. If a sensor fails or is shut down while in transparent mode, the
pair of copper ports will automatically fail into a crossover “connected” state, and
traffic will flow through them to and from the rest of the network without being
analyzed.
NIC bypass works using a watchdog timer. Each port pair has a timer. The sensor
sends each timer a reset signal every second. If a timer does not receive a reset
signal for three seconds (or the configured time period), the bypass is activated.
After the bypass is activated, the timer continues listening for a reset signal. When
IDP becomes active again, it sends a reset signal. When the timer receives the reset
signal, the bypass deactivates automatically and the sensor goes back to normal
operation.
When NICs are in NIC bypass state prior to shutdown or failure, they only pass
Layer 2 traffic if in transparent mode and if Layer 2 bypass is enabled. NSRP
packets are not passed.
Table 4: NIC State Options
ACM
Settings
Modes Availability Description
NIC bypass Transparent
mode only
Sensor failure
Graceful
shutdown
While sensor is active, it does not pass
NSRP packets unless Layer 2 bypass is
enabled.
When sensor becomes unavailable, ports
mechanically join in a crossover. Traffic
continues to flow, but sensor does not
examine traffic.
External
bypass unit
Transparent
mode only
Sensor failure only While sensor is active, it passes NSRP
packets even if Layer 2 bypass is disabled.
On failure, external bypass unit passes
traffic around the sensor.
Note: This is a global setting. If set for any
NIC, NSRP packets are allowed for all NICs.
NICS off All inline
modes
Sensor failure
Graceful
shutdown
While sensor is active, it does not pass
NSRP packets unless Layer 2 bypass is
enabled for transparent mode.
When sensor fails or when the sensor
software is shut down, NICs turn off even if
sensor still has power.
 previous next