Easy Ways to Improve Network Reliability and Performance
December 01, 2017

Keith Bromley
Ixia

Share this

There was a recent blog on APMdigest by Pete Goldin — Protecting Network Performance is as Essential as Securing the Network — that I wanted to follow up on.

As mentioned in the blog, performance issues and outages are possible when security tools (like an IPS, WAF, etc.) are inserted inline. However, one easy way to mitigate this concern is to deploy a bypass switch before the inline tool. This creates a fail-over mechanism to let traffic continue to flow downstream, should there be a tool failure. Heartbeat signals between the bypass switch and the tool can create a self-healing architecture that restores normal traffic inspection protocols once the security tool comes back online.

While some tools have internal bypass switches, these internal bypass switches can actually lower the mean time between failure (MTBF) for that type of deployment scenario. External bypass switches deliver an improved confidence in network and application reliability without costing an arm and a leg.

In addition, should you want to remove the tool from service altogether (or perform maintenance upgrades), the bypass switch can accommodate that with minimal (on the order of milliseconds) service disruption.

Another concern raised from the SANS report referenced in the blog was that some of features do not get activated on inline tools because of the performance hit associated with many of those features (e.g., SSL decryption, deduplication). A quick solution to this is deploy a network packet broker (NPB). The best place to insert the NPB is between the bypass switch and the security tool(s), as this can provide an even stronger level of network reliability, especially if traffic load balancing or high availability features are deployed on the NPB.

From a performance perspective though, this is where you can really see a benefit. Instead of activating SSL decryption on your firewall and slowing the throughput to a crawl, perform the decryption/encryption functionality on the NPB (which should have dedicated resources to perform the function). Now you can perform the decryption functions you need to inspect for encrypted malware and also maintain the level of network performance that your internal and external customers demand.

Keith Bromley is Senior Manager, Solutions Marketing at Ixia Solutions Group, a Keysight Technologies business
Share this

The Latest

April 24, 2018

Managing emerging technologies such as Cloud, microservices and containers and SDx are driving organizations to redefine their IT monitoring strategies, according to a new study titled 17 Areas Shaping the Information Technology Operations Market in 2018 from Digital Enterprise Journal (DEJ) ...

April 23, 2018

Balancing digital innovation with security is critical to helping businesses deliver strong digital experiences, influencing factors such maintaining a competitive edge, customer satisfaction, customer trust, and risk mitigation. But some businesses struggle to meet that balance according to new data ...

April 19, 2018

In the course of researching, documenting and advising on user experience management needs and directions for more than a decade, I've found myself waging a quiet (and sometimes not so quiet) war with several industry assumptions. Chief among these is the notion that user experience management (UEM) is purely a subset of application performance management (APM). This APM-centricity misses some of UEM's most critical value points, and in a basic sense fails to recognize what UEM is truly about ...

April 18, 2018

We now live in the kind of connected world where established businesses that are not evolving digitally are in jeopardy of becoming extinct. New research shows companies are preparing to make digital transformation a priority in the near future. However most of them have a long way to go before achieving any kind of mastery over the multiple disciples required to effectively innovate ...

April 17, 2018

IT Transformation can result in bottom-line benefits that drive business differentiation, innovation and growth, according to new research conducted by Enterprise Strategy Group (ESG) ...

April 16, 2018

While regulatory compliance is an important activity for medium to large businesses, easy and cost-effective solutions can be difficult to find. Network visibility is an often overlooked, but critically important, activity that can help lower costs and make life easier for IT personnel that are responsible for these regulatory compliance solutions ...

April 12, 2018

This is the third in a series of three blogs directed at recent EMA research on the digital war room. In this blog, we'll look at three areas that have emerged in a spotlight in and of themselves — as signs of changing times — let alone as they may impact digital war room decision making. They are the growing focus on development and agile/DevOps; the impacts of cloud; and the growing need for security and operations (SecOps) to team more effectively ...

April 11, 2018

As we've seen, hardware is at the root of a large proportion of data center outages, and the costs and consequences are often exacerbated when VMs are affected. The best answer, therefore, is for IT pros to get back to basics ...

April 10, 2018

Risk is relative. The Peltzman Effect describes how humans change behavior when risk factors are reduced. They often act more recklessly and drive risk right back up. The phenomenon is recognized by many economists, its effects have been studied in the field of medicine, and I'd argue it is at the root of an interesting trend in IT — namely the increasing cost of downtime despite our more reliable virtualized environments ...

April 09, 2018

How do enterprises prepare for the future that our Cloud Vision 2020 survey forecasts? I see three immediate takeaways to focus on ...