ABCs of Network Visibility: Heartbeats
In technology, a heartbeat is a repeating signal generated by a piece of hardware or software used to indicate it is alive and operating normally. Typically, a heartbeat is sent at regular intervals of two or more per second. If the endpoint does not receive a heartbeat signal for more than a couple heartbeat intervals, the machine is assumed to have failed and corrective action is triggered.
FUNCTION OF A NETWORK HEARTBEAT
In network security, a very small heartbeat packet can be used to proactively detect when a security appliance is able to receive data traffic. The heartbeat is initiated from a device that listens for the return of the heartbeat from the monitoring device. This process proactively identifies when a monitoring solution is not available so traffic flow can be switched to another route to avoid an outage. This is critical during inline monitoring when live network traffic is being monitored, instead of copies of network packets. The most important characteristic of heartbeats is the frequency at which they are sent since this will determine how fast a failover or bypass can be executed. Another important factor is that heartbeats be sent from a device with a very long mean-time-between.
TYPICAL USE CASES AND BENEFITS
Protection of network availability
Inline tools are deployed directly in the flow of live network traffic in order to prevent malicious traffic from impacting an enterprise. If, however, an inline security appliance stops working and is unable to forward packets on, the network can suffer an unexpected outage and disrupt services. Heartbeat packets ensure that live traffic does not stop flowing while an outage in a security device is resolved. This is important to protecting against business disruption and/or impact on quality-of-service.
Total security resilience
In environments where there is zero tolerance for an outage of the security system, heartbeats ensure that the system is configured to failover as fast as possible. With sub-second heartbeats, a bypass switch can route traffic through an alternate network segment or a backup security appliance nearly instantaneously to ensure traffic is always inspected.
Maintenance and automatic recovery
Some bypass switches continue sending and monitoring heartbeat packets when a tool is offline in order to know when the tool comes back online. These ‘negative heartbeats’ help minimize downtime since normal workflow is reestablished without manual intervention once the offline condition has been corrected. The most common use case is during an unplanned maintenance event. In order to complete an emergency fix or upgrade, a monitoring tool must be temporarily taken offline. If the device is protected by an external bypass switch, the switch will automatically begin sending traffic through the tool once it goes back online. In cases where it is cost-prohibitive to have a backup device, a negative heartbeat can minimize the amount of traffic that is bypassed around an offline device.
Faster, more accurate solution deployments
When administrators install a new security solution behind a preconfigured bypass switch, traffic will start flowing immediately to that device, which simplifies the deployment and eliminates the chance of configuration errors delaying the security benefits.
Here are some features to look for when evaluating heartbeat technology:
While heartbeats are common to many bypass technologies, Ixia’s heartbeat technology allows administrators to specify a very high frequency for heartbeat packets—down to one nanosecond. This guarantees that if an inline security device fails, the bypass will know nearly instantaneously and react.
Heartbeat packets must be tailored to work specifically with each monitoring device to ensure the heartbeat can pass through the appliance without being blocked. Manually configuring a heartbeat is subject to errors that can take time to resolve. Ixia addresses this issue by providing preset heartbeat values for most available security monitoring solutions. The administrator simply selects the monitoring solution from a drop-down menu to properly configure the heartbeat, eliminating the time and risk related to manual configuration.
Some bypass switches continue sending and listening for heartbeat packets when a tool is inactive in order to know when the tool comes back online. Negative heartbeats (heartbeats that do not come back) can establish a self-healing system in which normal processing is automatically restored once an inactive device comes back online.