Jonathan Petkevich, Product Manager at Ixia
Product Manager at Ixia
Blog

Heartbeats Stop Heart Attacks, for Inline Security

March 23, 2017 by Jonathan Petkevich

Deploying inline security architectures are time consuming and complex. At any point a small mistake can add time and headaches to the rollout, whether it is in a lab or production environment. This is especially frustrating when the mistake occurs on a device like a bypass switch, these are devices that should be easy to use and simple to deploy. Ixia bypass switches are chuck full of headache and time saving features to make life easier and I will cover these in a new series of blogs specifically on this topic.

Critical to a bypass switches function is the ability to proactively detect issues on the inline security tool. This is accomplished with the Heartbeat packet, a fully customizable packet that is injected into the data path on the monitor side. This packet needs to be tailored specifically to work with the inline security tool that the bypass will be deployed with to ensure that the packet is able to pass through the appliance and accurately report its status.

With the possibility of having many different vendors in a single deployment and the potential complexity of configuring the right packet. Attempting to then configure a packet by modifying the HEX values is error prone and can lead to cycles trying to resolve, what should be a simple task. Seen below, values need to carefully changed to make sure that the packet is still valid, but also will pass through the tool without being blocked. 

Screenshot of HEX Heartbeat Editing
This screenshot depicts the traditional method of changing the contents of a HB packet via the HEX code via the iBypass VHD web interface.

 

We at Ixia have resolved this issue, by implementing preset heartbeat values.

Preset heartbeat screenshot
This screenshot depicts the preset Heartbeat values populated in the bypass interface, shown in the iBypass VHD web interface.

 

This feature enables a user to select a tool vendor and it will then automatically populate the Heartbeat content without having to edit any of the pesky HEX values and to configure this is a two step process. First the user needs to match the tool connected to the bypass to the appropriate manufacturer and model in the drop down menu on the bypass user interface. Second, the user must apply the selection and set the appropriate interval and retries for your network. Once these are set and the bypass is deployed actively with the tool it, the heartbeats will pass and proactively monitor the health of the data path through the tool, saving many headaches.