Active / Standby Resilient Inline SSL Solution using GRIP (5.10.01)


A stable network with high uptime and security inspections with very less downtime is in demand and is an absolute need for most enterprises, data centers and service providers. Gigamon's protected inline bypass functionality, provides network level sub-second failover resiliency and meets highest level of SLAs for network up time requirements. However in a failure mode, the inline network pairs get into a physical bypass triggering a bump in the wire mode and bypassing the security inspections leaving blind spots. To overcome some of these gaps, active/standby inline arrangement using GRIP can be leveraged, this arrangement provides resiliency during power outages to the active Gigamon devices. The secondary device immediately takes over the active role and continues with the security inspections, allowing the NetOps and SecOps teams to have high levels of network up times along with security inspections. This solution here also addresses the need to inline decrypt / encrypt traffic and feed the decrypted traffic to the attached inline tools and at the same time provides high network uptime with security inspections.

Design Overview


Figure 1: A stable state, where the primary node is decrypting and feeding the decrypted traffic to the attached inline tools. The secondary node bypasses the traffic. 


Figure 2: The primary node is in failed state and bypassing the inline traffic, and the secondary node is active, decrypting/encrypting and feeding the the attached inline tools.


Figure 3: When both the primary & standby chassis are in a power-failure mode or the attached inline tools to both the chassis are in a failed mode.

To learn more about this solution, read complete details on the Gigamon Community: Active-Standby-Resilient-Inline-SSL-Solution-using-GRIP-5-10-01.