Bypass Combo Modules

Security tools such as firewall and intrusion detection/protection systems are often connected inline on production networks, with traffic flowing from the network segment through the tool and then back onto the production network.

The GigaVUE‑HC2 offers physical and logical inline bypass. Physical bypass provides automatic failover protection in the case of a power failure. The bypass combo modules provide the physical bypass function. As it applies to a single pair of inline network ports, the physical bypass function is as follows:

■   When the module is not powered, (either the entire node is powered down or the module is removed from the node), the inline network port pair is in the physical bypass mode. That means that traffic is exchanged directly between network Port A and network Port B of the inline network pair.
■   When the module is powered, the mode (inline or bypass) of the inline network port pair is controlled through software. In the physical bypass mode, the inline network port pair behaves exactly as if the module was not powered. In the inline mode, the inline network port pair behaves as any other inline network port pair configured for working with an inline tool.

The GigaVUE‑HC2 supports the following 10Gb and 40Gb bypass combo modules:

■   10Gb Bypass Combo Modules
■   40Gb Bypass Combo Module

10Gb Bypass Combo Modules

There are three 10Gb bypass combo modules as follows:

■   Bypass Combo Module with four SX/SR (50/125μm multimode) inline network port pairs and sixteen regular SFP+ port cages (BPS-HC0-D25A4G) (Figure 1 Bypass Combo Module BPS-HC0-D25A4G)
■   Bypass Combo Module with four SX/SR (62.5/125μm multimode) inline network port pairs and sixteen regular SFP+ port cages (BPS-HC0-D25B4G) (Figure 2 Bypass Combo Module BPS-HC0-D25B4G)
■   Bypass Combo Module with four LX/LR (singlemode) inline network port pairs and sixteen regular SFP+ port cages (BPS-HC0-D35C4G) (Figure 3 Bypass Combo Module BPS-HC0-D35C4G)

Before installing any of the 10Gb bypass combo modules, the GigaVUE‑HC2 must be running software version 4.1 or higher.

For internal transceiver and loss summary specifications, refer to Bypass Combo Module Specifications.

Features of 10Gb Bypass Combo Modules

The 10Gb bypass combo modules have the following features:

■   Four inline network port pairs that pass traffic bi-directionally.
■   Port pairs that offer optical protection switch for physical bypass.
■   Sixteen regular SFP ports that can operate at 1Gb, SFP+, and SFP+ Copper ports that can operate at 10Gb. These ports can be configured as any port type.
■   A mode to select either bypass or inline.
■   A module that is hot swappable. Refer to procedures in Module Removal and Replacement Procedure (Hot Removal).

Figure 13 Bypass Combo Module BPS-HC0-D25A4G

Figure 14 Bypass Combo Module BPS-HC0-D25B4G

 

Figure 15 Bypass Combo Module BPS-HC0-D35C4G

Module Status LEDs

The following module status LEDs are located on the front of the bypass combo modules:

■   Rdy is the Ready LED. It has the following states:
o   RED indicates system booting or module down
o   GREEN indicates normal condition
■   Pwr is the Power LED. It has the following state:
o   GREEN indicates the module is receiving power

Port Status LEDs

The port status LEDs have the following states:

■   Off indicates that the port is disabled or the link is down
■   GREEN indicates that the link is established

Ports

You can configure any two of the sixteen ports as an inline tool port pair and connect an inline tool to them.

For tool ports, you can also use ports on any module in the chassis, including ports on other bypass combo modules or ports on other GigaVUE‑HC2 modules.

Ports have the following labels: X1 to X16. In the CLI, these ports are referred to as: x1 to x16.

Inline Network Ports

Connect inline networks to the inline network ports. The inline network ports have built-in protection for power down.

The inline network ports have the following labels:

■   A—Inline network port A (for network 1 through network 4)
■   B—Inline network port B (for network 1 through network 4)

Note:  In the CLI, these ports are referred to as: x17 to x24.

The inline network ports on BPS-HC0-D25A4G and BPS-HC0-D25B4G are colored yellow to indicate short range. The inline network ports on BPS-HC0-D35C4G are colored blue to indicate long range.

The inline network port status LEDs have the following states:

■   Off indicates that the port is disabled or the link is down
■   GREEN indicates that the link is established

Note:  In HC2 BPS cards, the power level of an inline-network port will stay close to zero even when it is brought down by Link Fail Propagation (LFP). In such circumstances, since the power-level of the inline network port is high, the connected port may also continue to stay up.

Mode

Mode (M) has the following labels:

■   Off—Bypass
■   On—Inline

The Mode LED has the following states:

■   RED indicates that physical bypass is disabled
■   Off indicates that physical bypass is enabled

Using Bypass Combo Modules for Gigamon Resiliency for Inline Protection

Gigamon Resiliency for Inline Protection (GRIP)™ is an inline bypass solution that connects two GigaVUE‑HC2 nodes together so that one node provides high availability to the other node when there is a loss of power. This redundant arrangement of two GigaVUE‑HC2 nodes maintains traffic monitoring by inline tools when one of the nodes is down.

GRIP™ makes use of the bypass protection switch relays for protected inline networks on GigaVUE‑HC2 nodes. The bypass combo modules can provide physical protection for protected pairs of optical inline network ports required by the GRIP solution.

To configure the GRIP solution, the GigaVUE‑HC2 must be running GigaVUE‑OS version 4.4 or higher. For solution and configuration information, refer to the chapter “Configuring Inline Bypass Solutions” in the GigaVUE-OS CLI Reference Guide.

40Gb Bypass Combo Module

There is one 40Gb Bypass Combo Module as follows:

■   Bypass Combo Module with two SR4 (50/125μm multimode) inline network port pairs and eight regular SFP+ port cages (BPS-HC0-Q25A28). The module also supports 4x10Gb breakout mode which when configured will support eight inline network port pairs. Refer to Figure 4 Bypass Combo Module BPS-HC0-Q25A28.

Before installing the bypass combo module, the GigaVUE‑HC2 must be running software version 5.0 or higher.

For internal transceiver and loss summary specifications, refer to Bypass Combo Module Specifications.

Note:  The BPS-HC0-Q25A28 can only be used on a GigaVUE‑HC2 node equipped with GigaVUE‑HC2 Control Card version 2 (HC2 CCv2).

Features of the 40Gb Bypass Combo Module

The 40Gb Bypass Combo Module has the following features:

■   Two 40Gb inline network port pairs that pass traffic bi-directionally.
■   Port pairs that offer optical protection switch for physical bypass.
■   Eight regular SFP+ ports that can operate at 1Gb or 10Gb and that can be configured as any port type.
■   A mode to select either bypass or inline.
■   A module that is hot swappable. Refer to procedures in Module Removal and Replacement Procedure (Hot Removal).

Figure 16 Bypass Combo Module BPS-HC0-Q25A28

Module Status LEDs

The following module status LEDs are located on the front of the bypass combo module:

■   Rdy is the Ready LED. It has the following states:
o   RED indicates system booting or module down
o   GREEN indicates normal condition
■   Pwr is the Power LED. It has the following state:
o   GREEN indicates the module is receiving power

Port Status LEDs

The port status LEDs have the following states:

■   Off indicates that the port is disabled or the link is down
■   GREEN indicates that the link is established

Ports

You can configure any two of the eight 10Gb ports as an inline tool port pair and connect an inline tool to them.

For tool ports, you can also use ports on any module in the chassis, including ports on other bypass combo modules or ports on other GigaVUE‑HC2 modules.

Ports have the following labels: X1 to X8. In the CLI, these ports are referred to as: x1 to x8.

Inline Network Ports

Connect inline networks to the inline network ports. The inline network ports have built-in protection for power down.

The inline network port status LEDs have the following labels:

■   A—Inline network LED A (for network 1 through network 2)
■   B—Inline network LED B (for network 1 through network 2)
■   M—Inline network Mode LED (on is inline and off is bypass)

The inline network port status LEDs have the following states:

■   Off indicates that the port is disabled or the link is down
■   GREEN indicates that the link is established

Note:  In the CLI, the inline network ports are referred to as q1 to q4.

Using Bypass Combo Modules for Gigamon Resiliency for Inline Protection

Gigamon Resiliency for Inline Protection (GRIP)™ is an inline bypass solution that connects two GigaVUE‑HC2 nodes together so that one node provides high availability to the other node when there is a loss of power. This redundant arrangement of two GigaVUE‑HC2 nodes maintains traffic monitoring by inline tools when one of the nodes is down.

GRIP™ makes use of the bypass protection switch relays for protected inline networks on GigaVUE‑HC2 nodes. The bypass combo modules can provide physical protection for protected pairs of optical inline network ports required by the GRIP solution.

To configure the GRIP solution, the GigaVUE‑HC2 must be running GigaVUE‑OS version 5.1 or higher. For solution and configuration information, refer to the chapter "Configuring Inline Bypass Solutions" in the GigaVUE-OS CLI User’s Guide.