A system and a method to provide High Availability to an in-line network processing system
Publication Date: 2014-Sep-04
The IP.com Prior Art Database
A system and a method to provide High Availability (HA) to an in-line network processing system is disclosed.
Page 01 of 1
A system and a method to provide High Availability to an in -line network processing system
Disclosed is a system and a method to provide High Availability (HA) to an in-line network processing system.
Network Intrusion Prevention Systems (IPS) need to provide uninterrupted network protection in a High Availability (HA) network configuration, including support for Active/Active (including asymmetrically routed traffic) and Active/Passive HA networks, while also monitoring non-redundant networks. The network protection for the HA networks must be maintained during and after an HA network fail-over.
The disclosed method has flexible protection of both HA and non-redundant networks. To provide uninterrupted network protection, each IPS system in an HA configuration maintains complete state of all network connections on both segments of the HA network. This is achieved by inspecting all network traffic on each segment of the HA network. Groups of four adapters are configured as an HA group, which can coexist with groups of two adapters for non-redundant network segments. This allows flexible deployments of high port density network IPS systems.
Groups of four adapters are configured as an HA group in each IPS system in an HA configuration. Two adapters in the group are designated as in-line adapters, and the other two adapters are designated as mirroring adapters. Each mirror adapter is used to forward the traffic received on an in-line adapter directly to the paire...