Easy Ways to Improve Network Reliability and Performance
December 01, 2017

Keith Bromley
Ixia

Share this

There was a recent blog on APMdigest by Pete Goldin — Protecting Network Performance is as Essential as Securing the Network — that I wanted to follow up on.

As mentioned in the blog, performance issues and outages are possible when security tools (like an IPS, WAF, etc.) are inserted inline. However, one easy way to mitigate this concern is to deploy a bypass switch before the inline tool. This creates a fail-over mechanism to let traffic continue to flow downstream, should there be a tool failure. Heartbeat signals between the bypass switch and the tool can create a self-healing architecture that restores normal traffic inspection protocols once the security tool comes back online.

While some tools have internal bypass switches, these internal bypass switches can actually lower the mean time between failure (MTBF) for that type of deployment scenario. External bypass switches deliver an improved confidence in network and application reliability without costing an arm and a leg.

In addition, should you want to remove the tool from service altogether (or perform maintenance upgrades), the bypass switch can accommodate that with minimal (on the order of milliseconds) service disruption.

Another concern raised from the SANS report referenced in the blog was that some of features do not get activated on inline tools because of the performance hit associated with many of those features (e.g., SSL decryption, deduplication). A quick solution to this is deploy a network packet broker (NPB). The best place to insert the NPB is between the bypass switch and the security tool(s), as this can provide an even stronger level of network reliability, especially if traffic load balancing or high availability features are deployed on the NPB.

From a performance perspective though, this is where you can really see a benefit. Instead of activating SSL decryption on your firewall and slowing the throughput to a crawl, perform the decryption/encryption functionality on the NPB (which should have dedicated resources to perform the function). Now you can perform the decryption functions you need to inspect for encrypted malware and also maintain the level of network performance that your internal and external customers demand.

Keith Bromley is Senior Manager, Solutions Marketing at Ixia Solutions Group, a Keysight Technologies business
Share this

The Latest

July 19, 2018

According to a recent survey, critical IT incidents cost the average organization upwards of $6 million per year. This infographic outlines 4 easy steps to automate incident management, reducing downtime and costs to organizations ...

July 17, 2018

The essential value resulting from data-driven processes has become progressively linked with analytics. Once considered a desired complement to intuitive decision-making, analytics has developed into a main focus of mission-critical applications across industries for any number of use cases ...

July 16, 2018

The question of SaaS-based technology over the past decade has quickly changed from "should we?" to "how soon can we?" even for the most customized and regulated of industries. This macro move toward SaaS has also encouraged a series of IT "best practices" that have potential impacts on the employee digital experience, organizational risk and ultimately, productivity ...

July 11, 2018

Optimization means improving the performance of your human and technology resources while keeping a watchful eye. To accomplish this, we must have clear, crisp visibility into the metrics relevant to the delivery of workspace applications to your end users and to the devices – the endpoints – they use to be productive ...

July 09, 2018

As tech headlines flash across my email, the CMDB, and its federated equivalent, the CMS, are almost never mentioned. And yet when I do research, dialog with IT, or support our consulting team, the CMDB/CMS many times still remains paramount ...

June 28, 2018

Given the size and complexity of today's IT networks it can be almost impossible to detect just when and where a security breach or network failure might occur. It's critical, therefore, that businesses have complete visibility over their IT networks, and any applications and services that run on those networks, in order to protect their customers' information, assure uninterrupted service delivery and, of course, comply with the GDPR ...

June 27, 2018

A new breed of solution has been born that simultaneously provides the precision of packet-based analytics with the speed of flow-based monitoring (at a reasonable cost). Here are more reasons to use these new NPM/APM analytics solutions ...

June 26, 2018

A new breed of solution has been born that simultaneously provides the precision of packet-based analytics with the speed of flow-based monitoring (at a reasonable cost). Here are 6 reasons to use these new NPM/APM analytics solutions ...

June 21, 2018

There’s no doubt that digital innovations are transforming industries, and business leaders are left with little or no choice – either embrace digital processes or suffer the consequences and get left behind ...

June 20, 2018

Looking ahead to the rest of 2018 and beyond, it seems like many of the trends that shaped 2017 are set to continue, with the key difference being in how they evolve and shift as they become mainstream. Five key factors defining the progression of the digital transformation movement are ...