Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Optical & Electrical Bypass
with any Packetmaster EX
Advantage of Bypass Solution
Cubro offers bypass
solutions from 10 Mbit
up to 100 Gbit
Cubro bypass solution is
flexible i...
General function
Bypass Switches provide fail-safe Inline tool protection for
your security and monitoring devices.
General function
The last software upgrade gives every Cubro Packetmaster
the ability to work as a bypass switch with hear...
Cubro Bypass Concept
Any Cubro Packetmaster hase the ability to
work as a bypass switch with heartbeat
functionality, on a...
Each Packetmaster EX can work as Bypass Switch
Bypass links copper link fibre link 1 Gbit fibre link 10 Gbit fibre link 40...
Gbit Copper Bypass with EX2
normal function Device fail mode
Gbit Copper Bypass with EX2
Monitoring option Spare device option
1 or 10 Gbit fiber bypass with EX2
• User defined heartbeat
• Changes of interface type (SM/MM)
only by changing the switc...
1 or 10 Gbit fibre bypass with EX2
function diagram
working mode heart beat path
1 or 10 Gbit fibre bypass with EX2
function diagram
working mode non heart beat pass
1 or 10 Gbit fibre bypass with EX2
function diagram
device failure mode
Even in failure mode the EX is still checking
the ...
1 or 10 Gbit fibre bypass with EX2
function diagram
Power outage failure mode
The optical switch is automatically closing
...
1 or 10 Gbit fibre bypass with EX2
feature set
 User defined heart beat traffic
 Monitoring capability's
 Multiple bypa...
1 or 10 Gbit fibre bypass with EX2
technical data
 Switching time < 100 ms (power out)
 Detection time on device failure...
1 or 10 Gbit fibre bypass with EX2
The kit comes with all parts what you need for bypass optical 1 link
CUB.HTB-BY-SM-1G-K...
1 or 10 Gbit fibre bypass with EX2
The kit comes with all parts what you need for bypass an copper link
CUB.HTB-BY-RJ45-1G...
3 link MM or SM solution
The Cubro Bypass for 100 Gbit per link in
multimode is realized with optical MEMS
switches. Each ...
Advantage
 Cheaper than old solution
 Up to 3 links in 1 U
 MM and SM and Copper combination
 More flexebilty in case ...
Bypass standalone function
live mode passive mode
The bypass switch can be controlled via RS232 or Ethernet interface, the...
Option 1 multimode (SR) solution
The Cubro bypass for 40 and 100 Gbit
multimode a link is realized with a mems
optical swi...
Packetmaster EX12
Packetload 176 Gbit
Ports Gbit 8 SFP or 8 Base-T
Ports 10 Gbit 12 SFP/SFP+
Ports 40 Gbit none
GUI CLI/WE...
Old and new Bypass switch
New modular concept
• 3 links in one U or 20 links in 3 U (Flex module – similar like flex tap)
...
General Function
10 Gbit firewall bypass with monitoring output
monitoring before and after firewall !
General Function
10 Gbit firewall bypass with monitoring output
monitoring before and after firewall !
Normal Operation
The traffic passes the optical bypass with no delay, then the traffic is passing
the EX 12 with a very sm...
Firewall fail
If the heart beat packets are not detected by the EX12, the Packetmaster
goes in bypass mode and bypasses th...
Firewall fail and re-route to spare
In the case a spare firewall is available the
Packetmaster can also re-route the traff...
PM fail
In the theoretical case that the Packetmaster fails, the optical bypass will
bypass the Packetmaster to ensure the...
Monitoring Function
The monitoring function is available in any
operation mode. It supports layer 4 filtering
and port agg...
Security Function 1/3
This solution also provides a security option. The
EX12 offers 12000 filter rules, these rules can b...
Security Function 2/3
Security Function 3/3
DDoS detection through a dedicated probe, example Cubro Probe, probe is net
flow probe which can det...
Packetmaster EX20400
 64000 Filters Layer 4
 MPLS tag/detag
 VLAN tag/detag / Q in Q
 Header modification Layer 4
 Lo...
Normal Operation 100 Gbit (LR4) Bypass
100 Gbit (LR4) Bypass
100 Gbit bypass
and load
balancing for
active probes
100 Gbit (LR4) Bypass
Application: In line 100 Gbit link, session aware load
balance the traffic to several 10 Gbit live p...
Multi link multi device application with EX32
1 traffic from protecting
optical bypass switch
2 traffic is sent from input...
EX32 with 2 link bypass switch
Multi link multi device application with EX32
To integrate spare units
there are two options.
1) Add the spare units to
th...
Multilink bypass solution
16 link bypass solution
16 optical bypass switches in a 19”
Cubro flex frame
2 x EX32 for heart ...
If you have any additional question or need help
contact us.
Support / Additional Questions
EMEA North America APAC
Cubro ...
End
www.cubro.net
Upcoming SlideShare
Loading in …5
×

General bypass application v1.4 2016

2,559 views

Published on

The last software upgrade gives every Cubro Packetmaster the ability to work as a bypass switch with heartbeat functionality. The Cubro Bypass solution supports data rates from 1 to 100 Gbit .

Special Features:
Multilink support
Multiple heartbeats for multiple service testing
Input output traffic compare option
Monitoring support
Switch to spare support
Packet Broker and Bypass in one unit support
Flexibility
Security feature DDoS protection

Published in: Technology
  • Be the first to comment

General bypass application v1.4 2016

  1. 1. Optical & Electrical Bypass with any Packetmaster EX
  2. 2. Advantage of Bypass Solution Cubro offers bypass solutions from 10 Mbit up to 100 Gbit Cubro bypass solution is flexible in terms of changing interface type Cubro bypass solution offers integrated monitoring function Available on all Packetmaster EX models Cubro bypass solution is flexible in terms of changing bandwidth Best price performance relation per link 2 Years warranty, no port activation fee, no add on software fees. Full Rest api for easy integration and script language support on all units CUSTOMER SATISFACTION
  3. 3. General function Bypass Switches provide fail-safe Inline tool protection for your security and monitoring devices.
  4. 4. General function The last software upgrade gives every Cubro Packetmaster the ability to work as a bypass switch with heartbeat functionality. The Cubro Bypass solution supports data rates from 1 to 100 Gbit .  Special Features:  Multilink support  Multiple heartbeats for multiple service testing  Input output traffic compare option  Monitoring support  Switch to spare support  Packet Broker and Bypass in one unit support  Flexibility  Security feature DDoS protection
  5. 5. Cubro Bypass Concept Any Cubro Packetmaster hase the ability to work as a bypass switch with heartbeat functionality, on any port at any port speed. But the Packetmaster is not failsafe ! This is the reason we need the external bypass switch to make the Packetmaster failsafe ! This modular concept reduce the cost and bring a lot flexibility. & Managementconnection
  6. 6. Each Packetmaster EX can work as Bypass Switch Bypass links copper link fibre link 1 Gbit fibre link 10 Gbit fibre link 40 Gbit fibre link 100 Gbit EX2 1 1** 1** 0 0 EX5-2 12 1 0 0 EX6 0 12 1 0 0 EX12 4 2 3 0 0 EX32 0 8* 8* 0 0 EX32+ 0 8* 8* 0 0 EX484-3 0 12* 12* 1 0 EX48400 0 12* 12* 1 1 EX20400 0 0 20* 12* 1 * alternative usage ** with external optical switch Each Packetmaster can produce heart beat packets and with his inline switching function he function as a bypass switch combined as NPB. The table below show the amount of links what every EX can support. By using a external optical or copper switch the amount of links can be doubled.
  7. 7. Gbit Copper Bypass with EX2 normal function Device fail mode
  8. 8. Gbit Copper Bypass with EX2 Monitoring option Spare device option
  9. 9. 1 or 10 Gbit fiber bypass with EX2 • User defined heartbeat • Changes of interface type (SM/MM) only by changing the switch and the SFP in the EX2 • Separate working mode in EX2 • Web UI configuration with EX2 GU • Monitoring function
  10. 10. 1 or 10 Gbit fibre bypass with EX2 function diagram working mode heart beat path
  11. 11. 1 or 10 Gbit fibre bypass with EX2 function diagram working mode non heart beat pass
  12. 12. 1 or 10 Gbit fibre bypass with EX2 function diagram device failure mode Even in failure mode the EX is still checking the bypassed device for recovery
  13. 13. 1 or 10 Gbit fibre bypass with EX2 function diagram Power outage failure mode The optical switch is automatically closing the connection.
  14. 14. 1 or 10 Gbit fibre bypass with EX2 feature set  User defined heart beat traffic  Monitoring capability's  Multiple bypass trigger options  Heart beat  Port down  Management port ping  Inline port ping  Rest Api active device checking via management port  External Web or SSH trigger  Time trigger  Inline bandwidth check  In port black list filter
  15. 15. 1 or 10 Gbit fibre bypass with EX2 technical data  Switching time < 100 ms (power out)  Detection time on device failure <1 Sec  Insertion Loss: Network Port: 1.25 dB, Monitoring Port: 1.25dB  Management via WEB or SSH ore Rest API
  16. 16. 1 or 10 Gbit fibre bypass with EX2 The kit comes with all parts what you need for bypass optical 1 link CUB.HTB-BY-SM-1G-KIT CUB.HTB-BY-MM-1G-KIT CUB.HTB-BY-SM-10G-KIT CUB.HTB-BY-MM-10G-KIT
  17. 17. 1 or 10 Gbit fibre bypass with EX2 The kit comes with all parts what you need for bypass an copper link CUB.HTB-BY-RJ45-1G-KIT
  18. 18. 3 link MM or SM solution The Cubro Bypass for 100 Gbit per link in multimode is realized with optical MEMS switches. Each link uses2 switches combined into one module. The switching mechanism offers the reliability of a solid state device. By implementing latched optical switches power is only needed during switching. Even if the power fails the optical switches stay in the programmed state. Options to activate the bypass: 1. manually via SSH or HTTP 2. power fail 3. smart detection of the bypassed device optical output power Optical Parameters SM: Wavelength 1260 - 1700 nm Insertion Loss 1 - 2 dB Crosstalk 75 dB Return loss 55 dB Polarisation Dependent Loss 0.03 dB Optic Parameters: MM Wavelength 850 nm Insertion Loss 1 – 2,5 dB Crosstalk 75 dB Return loss 55 dB Polarisation Dependent Loss 0.03 dB Switching Time 0.4 ms Durability cycles No wear
  19. 19. Advantage  Cheaper than old solution  Up to 3 links in 1 U  MM and SM and Copper combination  More flexebilty in case of change mm to sm  Works for 100/1 Gbit/10 Gbit/100 Gbit 2 links in 1 U
  20. 20. Bypass standalone function live mode passive mode The bypass switch can be controlled via RS232 or Ethernet interface, the configuration can be manual or fully automated (example a Packetmaster)
  21. 21. Option 1 multimode (SR) solution The Cubro bypass for 40 and 100 Gbit multimode a link is realized with a mems optical switch per link 16 switches are uses, this 16 switches are combined to one module. The switching mechanism offers the reliability of a solid state device. The optical switch is a latched version, this means it needs only power during switching. Even when power fails the optical switch stays in the programmed state. Options to activate the bypass: 1) manually via SSH or HTTP 2) power fail 3) smart detection of the bypassed device Optic Parameters: Wavelength 850 nm Insertion Loss 1 – 2,5 dB Crosstalk 75 dB Return loss 55 dB Polarisation Dependent Loss 0.03 dB Switching Time ms 0.4 Durability cycles No Wear
  22. 22. Packetmaster EX12 Packetload 176 Gbit Ports Gbit 8 SFP or 8 Base-T Ports 10 Gbit 12 SFP/SFP+ Ports 40 Gbit none GUI CLI/WEB/GUI Packetbuffer YES Delay 2 µs Dual Power YES  12000 Filters Layer 4  MPLS tag/detag  VLAN tag/detag  Header modification Layer 4  Load balancing Layer 3  GRE de/encapsualtion  All ports activated  All software activated  Low power design
  23. 23. Old and new Bypass switch New modular concept • 3 links in one U or 20 links in 3 U (Flex module – similar like flex tap) • SM MM Copper mixed configuration • Easy expandable • Cheaper
  24. 24. General Function 10 Gbit firewall bypass with monitoring output monitoring before and after firewall !
  25. 25. General Function 10 Gbit firewall bypass with monitoring output monitoring before and after firewall !
  26. 26. Normal Operation The traffic passes the optical bypass with no delay, then the traffic is passing the EX 12 with a very small delay < 1 µs. The EX12 adds a heart beat traffic. These heart beat packets pass the firewall and the EX12 detects them again. If the amount of heart beats per second is correct the EX12 knows the firewall is working properly. 1 2 8 7 6 5 3 4
  27. 27. Firewall fail If the heart beat packets are not detected by the EX12, the Packetmaster goes in bypass mode and bypasses the firewall. The switching time is in range of 3 µs. 1 2 4 3
  28. 28. Firewall fail and re-route to spare In the case a spare firewall is available the Packetmaster can also re-route the traffic to this unit. This feature is also available as manual function for software testing and upgrades. 1 2 6 5 3 4
  29. 29. PM fail In the theoretical case that the Packetmaster fails, the optical bypass will bypass the Packetmaster to ensure the firewall works normal. The Packetmaster sends keep alive massages to the Bypass switch so that the Bypass knows the status of the Packetmaster. 1 432
  30. 30. Monitoring Function The monitoring function is available in any operation mode. It supports layer 4 filtering and port aggregation to any monitoring device. 1 2 8 7 6 5 3 4
  31. 31. Security Function 1/3 This solution also provides a security option. The EX12 offers 12000 filter rules, these rules can be used to block unwanted traffic by hardware filters, based on blacklists, for example per country. The EX12 is immune against DoS attacks because there is no software stack. The Packetmaster can also provide a bandwidth meter function that can limit the incoming traffic to protect the firewall.
  32. 32. Security Function 2/3
  33. 33. Security Function 3/3 DDoS detection through a dedicated probe, example Cubro Probe, probe is net flow probe which can detected fraud and send this information to the Packetmaster, where this traffic can be blocked.
  34. 34. Packetmaster EX20400  64000 Filters Layer 4  MPLS tag/detag  VLAN tag/detag / Q in Q  Header modification Layer 4  Load balancing Layer 4  GRE de/encapsulation  VXLAN de/encapsulation  All ports activated  All software activated  Low power design  Jumbo Frames 12000 Bytes Packetload 2,4 Tbps Ports 40 Gbit 20 Ports 100 Gbit 4 GUI CLI/WEB/GUI Packetbuffer YES Delay 1 µs Dual Power YES 4 x 10 Gbit 20 x 40 Gbit + 4 x 100 Gbit 84 x 10 Gbit (with breakout cable) + 4 x 100 Gbit
  35. 35. Normal Operation 100 Gbit (LR4) Bypass
  36. 36. 100 Gbit (LR4) Bypass 100 Gbit bypass and load balancing for active probes
  37. 37. 100 Gbit (LR4) Bypass Application: In line 100 Gbit link, session aware load balance the traffic to several 10 Gbit live probes. The probes process the traffic and the PM is aggregating the traffic back to the live link. I case of an probe failure the PM is rebalancing the traffic to the remaining Probes. In case of an PM error the optical switch by pass the full solution.
  38. 38. Multi link multi device application with EX32 1 traffic from protecting optical bypass switch 2 traffic is sent from input to the LB group1 and 3 (2a) 3 received traffic from IPS is filtered port 80 and 8080 is sent to WAF all traffic is sent to 6 and inserted in the live link 4 all http/https traffic is forwarded to the WAF the received traffic from WAF 5 is reinserted to the live link 6
  39. 39. EX32 with 2 link bypass switch
  40. 40. Multi link multi device application with EX32 To integrate spare units there are two options. 1) Add the spare units to the LB group, this spare port are shutdown. In case of a failure the original ports are shutdown and the spar ports get up and start working. 2) Configure 6 load balancing groups and move the traffic by changing the rules. Option 1 is faster in terms of service recover.
  41. 41. Multilink bypass solution 16 link bypass solution 16 optical bypass switches in a 19” Cubro flex frame 2 x EX32 for heart beat detection.
  42. 42. If you have any additional question or need help contact us. Support / Additional Questions EMEA North America APAC Cubro Acronet GesmbH Geiselbergstr. 17 Floor 5 & 6 1110 Vienna Austria Tel.: +43 1 29826660 Fax: +43 1 2982666399 Email: support@cubro.net Cubro US 337 West Chocolate Ave Hershey, PA 17033 Tel.:717-576-9050 Fax.: 866-735-9232 Sam Reed Email: sreed@cubro.us Cubro Asia Pacific 175A, Bencoolen Street #08-06/07, Burlington Square, Singapore - 189650 Tel.: +65-97255386 Joe Lim Email: jl@cubro.net www.cubro.net
  43. 43. End www.cubro.net

×