Hi, Although not an expert let me share my experiences. Even in a transparent mode the IDP works the packets through different buffers and memory spaces to subject the traffic to whatever you configured in NSM. In a rare occasion my customer managed to trigger a bug that caused a buffer to fill up but not release any traffic causing the IDP to crash. Which in its turn did not trigger the fail open ( act like a wire if broken or out of power ). Then you will notice something similar to what you are experiencing.
The challenge is to reproduce the crash and have juniper's TAC assess what's wrong. Only if you are also a customer running a very rare bug of course. Good luck. Barry Hofland Op 26 okt. 2010 om 18:29 heeft Maqbool Hashim <[email protected]> het volgende geschreven: > Hi, > > I recently saw an outage in a network that had a Juniper IPS device deployed. > The outage consisted of tcp sessions timing out for users, ping connectivity > was not confirmed. The IPS is deployed in transparent mode and Internal > Bypass is enabled on the ingress and egress interface pair that make up the > virtual router. My understanding of the internal bypass feature is as > follows as per the Juniper documentation: > > In bypass mode, traffic enters the IDP ingress port and is forwarded out of > the egress interface without being passed to the IDP engine. The ingress and > egress interface join mechanically to form a circuit in order to continue > passing traffic through the IPS device. Effectively the interfaces become a > piece of wire. Bypass mode is triggered by a timing mechanism during system > failure or shutdown. This feature has been enabled to optimise availability > and ensure that network outages do not occur because the IDS crashes/fails/ > or cannot process packets fast enough. > > I'm trying to determine the cause of the outage we suffered, which is why I > wanted a deeper understanding of internal bypass and the effects it may or > may not have on the surrounding network architecture. The outage I saw > occurred at around the same time the IPS box rebooted and consequently > entered bypass mode. Bypass mode was only activated for a minute from the > syslog entries, however the outage we saw lasted for approximately half an > hour. > > So my questions regarding bypass mode are: > > 1) During bypass mode the link status on the IPS interfaces will be down. > Will the switch interfaces connected to the IPS device remain up as they are > now connected to each other through the IPS (piece of wire) rather than to > the IPS interfaces? > > 2) If the switch interfaces are now connected to each other rather than the > IPS what about mac forwarding tables? Is it possible that the forwarding > tables on the switches get confused? > > 3) Any specific session based issues that could be caused by the IPS device > engaging and disengaging internal bypass mode? > > My feeling is that the issues might be caused by how the network environment > responds to the IPS engaging/disengaging internal bypass mode rather than an > issue with the IPS device. I'm just looking for some guidance on any gotchas > that I should be aware of with regards to the network environment when the > IPS device triggers bypass mode. > > Thanks > > Maq > > > > ---------------------------------------------------------------------- > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you are not an intended recipient, please delete this e-mail immediately and > notify NTS(UK) Ltd on 0844 815 5925 > This e-mail does not necessarily reflect the Company's opinion and should not > be interpreted as such. > This message was scanned by Proofpoint Protection Server - please contact NTS > for further information. > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. > A guide to understanding SSL certificates, how they operate and their > application. By making use of an SSL certificate on your web server, you can > securely collect sensitive information online, and increase business by > giving your customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
