Browse Prior Art Database

A system and a method to provide High Availability to an in-line network processing system

IP.com Disclosure Number: IPCOM000238580D
Publication Date: 2014-Sep-04
Document File: 1 page(s) / 24K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and a method to provide High Availability (HA) to an in-line network processing system is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 82% of the total text.

Page 01 of 1

A system and a method to provide High Availability to an in -line network processing system

Disclosed is a system and a method to provide High Availability (HA) to an in-line network processing system.

Network Intrusion Prevention Systems (IPS) need to provide uninterrupted network protection in a High Availability (HA) network configuration, including support for Active/Active (including asymmetrically routed traffic) and Active/Passive HA networks, while also monitoring non-redundant networks. The network protection for the HA networks must be maintained during and after an HA network fail-over.

The disclosed method has flexible protection of both HA and non-redundant networks. To provide uninterrupted network protection, each IPS system in an HA configuration maintains complete state of all network connections on both segments of the HA network. This is achieved by inspecting all network traffic on each segment of the HA network. Groups of four adapters are configured as an HA group, which can coexist with groups of two adapters for non-redundant network segments. This allows flexible deployments of high port density network IPS systems.

Groups of four adapters are configured as an HA group in each IPS system in an HA configuration. Two adapters in the group are designated as in-line adapters, and the other two adapters are designated as mirroring adapters. Each mirror adapter is used to forward the traffic received on an in-line adapter directly to the paire...