Juniper Networks IDP250 manual Layer 2 Bypass, Peer Port Modulation

Page 29

Chapter 1: Hardware Overview

When PPM is enabled, a PPM daemon monitors the health of IDP traffic interfaces belonging to the same virtual router. If a traffic interface loses link, the PPM process turns off any associated network interfaces in the same virtual router so that other network devices detect that the virtual router is down and route around it. For example, assume you have enabled PPM and configured IDP virtual routers as shown in Figure 8 on page 13.

Figure 8: Peer Port Modulation

Suppose there is a network problem and eth3 goes down. The PPM daemon detects this and turns off the other interface in vr0: eth2. The interfaces in vr1, vr2, and vr3 are unaffected. After the you fix the problem with eth3, the PPM daemon detects this, and turns on eth2.

NOTE: The PPM feature is independent of the bypass feature (NIC state setting). PPM is related to the status of the link, not the status of the IDP operating system. A link can be down even when the IDP operating system is healthy. Note, however, that PPM runs as a control plane process and operates only when the IDP appliance is turned on and the control plane is available. If the IDP operating system is unavailable, the PPM feature is also unavailable, regardless of the setting for the NIC state.

Layer 2 Bypass

When you configure virtual routers, you have the option of enabling Layer 2 bypass.

When the IDP appliance is turned on and is operating normally, the traffic interfaces select Layer 3 connections for inspection and process according to security policy rules.

For Layer 2 connections, the interfaces either select traffic for inspection, drop it, or pass it through (uninspected), according to the following rules:

The interfaces select address resolution protocol (ARP) and internet protocol (IPv4) traffic for inspection and process according to security policy rules.

By default, the interfaces drop all other Layer 2 traffic.

Traffic Interface Ports 13

Page 28 Page 30
Image 29
Page 28 Page 30
Contents North Mathilda Avenue Sunnyvale, California IDP250 Installation GuidePage Iii Page Page Page Table of Contents IDP250 Installation Guide Part Performing the InstallationViii Table of Contents Part Adding the IDP Appliance to NSMPart Index Part Technical Specifications and Compliance StatementsIDP250 Installation Guide Table of Contents Objectives PrefaceAudience Documentation ConventionsOn page xii defines syntax conventions used in this guide On page xii defines text conventions used in this guideText Conventions Syntax ConventionsOn page xiii lists related IDP documentation Related DocumentationOn page xiii lists related NSM documentation Related IDP DocumentationSelf-Help Online Tools and Resources Requesting Technical SupportRequesting Technical Support Opening a Case with JtacHttp//kb.juniper.net IDP250 Installation Guide Xvi Requesting Technical Support Hardware and Software Overview Hardware and Software OverviewHardware Overview on Software Overview on IDP250 Installation Guide Hardware and Software Overview IDP250 Overview Hardware OverviewIDP250 Overview Hard Drive Power SupplyFans System Status LEDsSerial Console Port USB PortManagement Interface Port Management Port LEDsHigh Availability Interface Port High Availability Interface PortHigh Availability Port LEDs Copper Ports Traffic Interface PortsOn page 8 describes copper port LED states Traffic Interface PortsOn page 9 describes fiber port LED states Fiber PortsTraffic Interface Features Deployment Mode NICs Off External Bypass Peer Port ModulationPeer Port Modulation Layer 2 BypassIDP250 Installation Guide On-Box Software Overview Software OverviewIDP On-Box Utilities Software UsageCentralized Management with NSM Overview Centralized Management with NSM OverviewSoftware Overview Security Center Updates OverviewSecurity Center Updates Overview IDP250 Installation Guide Security Center Updates Overview Performing the Installation Performing the InstallationIDP250 Installation Guide Performing the Installation Before You Begin Installation OverviewBefore You Begin Basic Steps Basic StepsRelated Topics Common Criteria EAL2 Compliance on Rack Mounting Hardware and Required Tools Rack Mounting Kits and Required ToolsHardware Description Rack Mounting Kits and Required ToolsMounting to Midmount Brackets Mounting to Midmount BracketsMounting to Rack Rails Connecting PowerRelated Topics Rack Mounting Kits and Required Tools on Mounting to Rack RailsConnecting Power Performing the Initial Configuration Performing the Initial ConfigurationGetting Started Tool You Specify Getting Started Configuration ToolsDefaults Applied Press 1 or 2 and press Enter. The following text appears Getting Started with the QuickStart Wizard Management Port Getting Started with the QuickStart Wizard Management PortType Y and press Enter. The following text appears Getting Started with the ACM Wizard Management Port Getting Started with the ACM Wizard Management PortInstalling the Product License Key Installing the Product License KeyRun the following scio command to add the license key Related Topics Basic Steps on IDP250 Installation Guide Installing the Product License Key Port Cable Connection Guidelines Interface Connection GuidelinesChoosing Cables for Traffic Interfaces Copper Ports Connecting Devices That Support Auto-MDIXChoosing Cables for Traffic Interfaces Copper Ports Connecting Devices to Support Internal Bypass Connecting Devices That Do Not Support Auto-MDIXConnecting and Disconnecting Fiber Cables Connecting and Disconnecting Fiber CablesVerifying Traffic Flow Verifying Traffic FlowAdding the IDP Appliance to NSM Adding the IDP Appliance to NSMAdding the IDP Appliance to NSM on IDP250 Installation Guide Adding the IDP Appliance to NSM Reviewing Compatibility with NSM Reviewing Compatibility with NSMAdding a Reachable IDP Device to NSM NSM Add Device Wizard Add Device NSM Add Device Wizard Connection SettingsNSM Add Device Wizard SSH Key Fingerprint Information NSM Add Device Wizard Inventory Information Command generates output similar to the followingNSM Add Device Wizard Add Device Confirmation NSM Device Manager Viewing Device Status Upgrading Software and Installing Field Replaceable Units Upgrading Software and Installing Field Replaceable UnitsPage Updating Software NSM Procedure Updating Software NSM ProcedureUpgrading Software From the Select OS Name list, select ScreenOS/IDPIDP250 Installation Guide Upgrading Software Upgrading Software CLI ProcedureUpgrading Software CLI Procedure NSM, select Devices Configuration Update Device Config Replacing a Power Supply Installing Field Replaceable UnitsReplacing a Power Supply IDP250 Installation Guide Reimaging and Relicensing an Appliance Reimaging the ApplianceReimaging and Relicensing an Appliance Page Technical Specifications and Compliance Statements Technical Specifications and Compliance StatementsPage IDP250 Technical Specifications Technical SpecificationsOn page 59 lists physical specifications On page 59 lists power specificationsPower Cord Specifications On page 60 list environmental specificationsEnvironmental Specifications Heat Dissipation GuidelinesCategory Standards Compliance Compliance StatementsStandards Compliance IDP250 Installation Guide Standards Compliance Common Criteria EAL2 Compliance Common Criteria EAL2 ComplianceRelated Topics Standards Compliance on Common Criteria EAL2 ComplianceIDP250 Installation Guide Common Criteria EAL2 Compliance Index IndexIndex on IDP250 Installation Guide Index Symbols Mdix NSM
Related manuals
Manual 68 pages 1.06 Kb
Top Page Image Contents