Optical & Electrical Bypass

with any Packetmaster EX

Advantage of Bypass Solution

Cubro offers bypass solutions from 10 Mbit up to 100 Gbit

Cubro bypass solution is flexible in terms of changing interface type

Cubro bypass solution offers integrated monitoring function

Available on all Packetmaster EX models

Cubro bypass solution is flexible in terms of changing bandwidth

Best price performance relation per link

2 Years warranty, no port activation fee, no add on software fees.

Full Rest api for easy integration and script language support on all units

CUSTOMER SATISFACTION

General function

Bypass Switches provide fail-safe Inline tool protection for your security and monitoring devices. 

General function

The last software upgrade gives every Cubro Packetmaster the ability to work as a bypass switch with heartbeat functionality. The Cubro Bypass solution supports data rates from 1 to 100 Gbit . Special Features: Multilink support Multiple heartbeats for multiple service testing Input output traffic compare option Monitoring support Switch to spare support Packet Broker and Bypass in one unit support Flexibility Security feature DDoS protection

Cubro Bypass Concept

Any Cubro Packetmaster hase the ability to work as a bypass switch with heartbeat functionality, on any port at any port speed.

But the Packetmaster is not failsafe !

This is the reason we need the external bypass switch to make the Packetmaster failsafe !

This modular concept reduce the cost and bring a lot flexibility.

&

Man

agem

ent c

onne

ctio

n

Each Packetmaster EX can work as Bypass Switch

Bypass links copper link fibre link 1 Gbit fibre link 10 Gbit fibre link 40 Gbit fibre link 100 Gbit

   

EX2 1 1** 1** 0 0

EX5-2 12   1 0 0EX6 0 12 1 0 0

EX12 4 2 3 0 0EX32 0 8* 8* 0 0

EX32+ 0 8* 8* 0 0

EX484-3 0 12* 12* 1 0

EX48400 0 12* 12* 1 1

EX20400 0 0 20* 12* 1

* alternative usage ** with external optical switch

Each Packetmaster can produce heart beat packets and with his inline switching function he function as a bypass switch combined as NPB. The table below show the amount of links what every EX can support. By using a external optical or copper switch the amount of links can be doubled.

Gbit Copper Bypass with EX2

normal function Device fail mode

Gbit Copper Bypass with EX2

Monitoring option Spare device option

1 or 10 Gbit fiber bypass with EX2

• User defined heartbeat • Changes of interface type (SM/MM)

only by changing the switch and the SFP in the EX2

• Separate working mode in EX2 • Web UI configuration with EX2 GU• Monitoring function

1 or 10 Gbit fibre bypass with EX2 function diagram

working mode heart beat path

1 or 10 Gbit fibre bypass with EX2 function diagram

working mode non heart beat pass

1 or 10 Gbit fibre bypass with EX2 function diagram

device failure mode

Even in failure mode the EX is still checking the bypassed device for recovery

1 or 10 Gbit fibre bypass with EX2 function diagram

Power outage failure mode

The optical switch is automatically closing the connection.

1 or 10 Gbit fibre bypass with EX2feature set

User defined heart beat traffic Monitoring capability's Multiple bypass trigger options

Heart beat Port down Management port ping Inline port ping Rest Api active device checking via management port External Web or SSH trigger Time trigger Inline bandwidth check

In port black list filter

1 or 10 Gbit fibre bypass with EX2 technical data

Switching time < 100 ms (power out)

Detection time on device failure <1 Sec

Insertion Loss: Network Port: 1.25 dB, Monitoring Port: 1.25dB

Management via WEB or SSH ore Rest API

1 or 10 Gbit fibre bypass with EX2

The kit comes with all parts what you need for bypass optical 1 link

CUB.HTB-BY-SM-1G-KITCUB.HTB-BY-MM-1G-KITCUB.HTB-BY-SM-10G-KITCUB.HTB-BY-MM-10G-KIT

1 or 10 Gbit fibre bypass with EX2

The kit comes with all parts what you need for bypass an copper link

CUB.HTB-BY-RJ45-1G-KIT

3 link MM or SM solution

The Cubro Bypass for 100 Gbit per link in multimode is realized with optical MEMS switches. Each link uses2 switches combined into one module. The switching mechanism offers the reliability of a solid state device. By implementing latched optical switches power is only needed during switching. Even if the power fails the optical switches stay in the programmed state.

Options to activate the bypass:1. manually via SSH or HTTP2. power fail3. smart detection of the bypassed device

optical output power

Optical Parameters SM:

Wavelength 1260 - 1700 nmInsertion Loss 1 - 2 dBCrosstalk 75 dBReturn loss 55 dBPolarisation Dependent Loss 0.03 dB

Optic Parameters: MM

Wavelength 850 nmInsertion Loss 1 – 2,5 dBCrosstalk 75 dBReturn loss 55 dBPolarisation Dependent Loss 0.03 dB

Switching Time 0.4 ms Durability cycles No wear

Advantage

Cheaper than old solution Up to 3 links in 1 U MM and SM and Copper combination More flexebilty in case of change mm to sm Works for 100/1 Gbit/10 Gbit/100 Gbit

2 links in 1 U

Bypass standalone function

live mode passive mode

The bypass switch can be controlled via RS232 or Ethernet interface, the configuration can be manual or fully automated (example a Packetmaster)

Option 1 multimode (SR) solution

The Cubro bypass for 40 and 100 Gbit multimode a link is realized with a mems optical switch per link 16 switches are uses, this 16 switches are combined to one module. The switching mechanism offers the reliability of a solid state device. The optical switch is a latched version, this means it needs only power during switching. Even when power fails the optical switch stays in the programmed state.

Options to activate the bypass:

1) manually via SSH or HTTP2) power fail3) smart detection of the bypassed device

Optic Parameters:

Wavelength 850 nmInsertion Loss 1 – 2,5 dBCrosstalk 75 dBReturn loss 55 dBPolarisation Dependent Loss 0.03 dBSwitching Time ms 0.4 Durability cycles No Wear

Packetmaster EX12

Packetload 176 GbitPorts Gbit 8 SFP or 8 Base-T

Ports 10 Gbit 12 SFP/SFP+

Ports 40 Gbit none

GUI CLI/WEB/GUI

Packetbuffer YES

Delay 2 µs

Dual Power YES

12000 Filters Layer 4 MPLS tag/detag VLAN tag/detag Header modification Layer 4 Load balancing Layer 3 GRE de/encapsualtion All ports activated All software activated Low power design

Old and new Bypass switch

New modular concept

• 3 links in one U or 20 links in 3 U (Flex module – similar like flex tap)

• SM MM Copper mixed configuration

• Easy expandable

• Cheaper

General Function

10 Gbit firewall bypass with monitoring output

monitoring before and after firewall !

General Function

10 Gbit firewall bypass with monitoring output

monitoring before and after firewall !

Normal Operation

The traffic passes the optical bypass with no delay, then the traffic is passing the EX 12 with a very small delay < 1 µs. The EX12 adds a heart beat traffic. These heart beat packets pass the firewall and the EX12 detects them again. If the amount of heart beats per second is correct the EX12 knows the firewall is working properly.

1

2

8

7

6

5

3

4

Firewall fail

If the heart beat packets are not detected by the EX12, the Packetmaster goes in bypass mode and bypasses the firewall. The switching time is in range of 3 µs.

1

2

4

3

Firewall fail and re-route to spare

In the case a spare firewall is available the Packetmaster can also re-route the traffic to this unit. This feature is also available as manual function for software testing and upgrades.

1

2

6

5

3

4

PM fail

In the theoretical case that the Packetmaster fails, the optical bypass will bypass the Packetmaster to ensure the firewall works normal.

The Packetmaster sends keep alive massages to the Bypass switch so thatthe Bypass knows the status of the Packetmaster.

1 432

Monitoring Function

The monitoring function is available in any operation mode. It supports layer 4 filtering and port aggregation to any monitoring device.

1

2

8

7

6

5

3

4

Security Function 1/3

This solution also provides a security option. The EX12 offers 12000 filter rules, these rules can be used to block unwanted traffic by hardware filters, based on blacklists, for example per country.

The EX12 is immune against DoS attacks because there is no software stack. The Packetmaster can also provide a bandwidth meter function that can limit the incoming traffic to protect the firewall.

Security Function 2/3

Security Function 3/3

DDoS detection through a dedicated probe, example Cubro Probe, probe is net flow probe which can detected fraud and send this information to the Packetmaster, where this traffic can be blocked.

Packetmaster EX20400

64000 Filters Layer 4 MPLS tag/detag VLAN tag/detag / Q in Q Header modification Layer 4 Load balancing Layer 4 GRE de/encapsulation VXLAN de/encapsulation All ports activated All software activated Low power design Jumbo Frames 12000 Bytes

Packetload 2,4 TbpsPorts 40 Gbit 20

Ports 100 Gbit 4

GUI CLI/WEB/GUI

Packetbuffer YES

Delay 1 µs

Dual Power YES

4 x 10 Gbit 20 x 40 Gbit + 4 x 100 Gbit 84 x 10 Gbit (with breakout cable) + 4 x 100 Gbit

100 Gbit

Normal Operation 100 Gbit (LR4) Bypass

100 Gbit (LR4) Bypass

100 Gbit bypass and load balancing for active probes

100 Gbit (LR4) Bypass

Application: In line 100 Gbit link, session aware load balance the traffic to several 10 Gbit live probes.

The probes process the traffic and the PM is aggregating the traffic back to the live link.

I case of an probe failure the PM is rebalancing thetraffic to the remainingProbes.

In case of an PM errorthe optical switch by passthe full solution.

Multi link multi device application with EX32

1 traffic from protecting optical bypass switch

2 traffic is sent from input to the LB group1 and 3 (2a)

3 received traffic from IPS is filtered port 80 and 8080 is sent to WAF all traffic is sent to 6 and inserted in the live link

4 all http/https traffic is forwarded to the WAF the received traffic from WAF 5 is reinserted to the live link 6

EX32 with 2 link bypass switch

Multi link multi device application with EX32

To integrate spare units there are two options.

1) Add the spare units to the LB group, this spare port are shutdown. In case of a failure the original ports are shutdown and the spar ports get up and start working.

2) Configure 6 load balancing groups and move the traffic by changing the rules.

Option 1 is faster in terms of service recover.

Multilink bypass solution

16 link bypass solution

16 optical bypass switches in a 19” Cubro flex frame

2 x EX32 for heart beat detection.

If you have any additional question or need help contact us.

Support / Additional Questions

EMEA North America APAC

Cubro Acronet GesmbHGeiselbergstr. 17 Floor 5 & 61110 ViennaAustria

Tel.: +43 1 29826660Fax: +43 1 2982666399

Email: support@cubro.net

Cubro US337 West Chocolate AveHershey, PA  17033

Tel.:717-576-9050Fax.: 866-735-9232

Sam ReedEmail: sreed@cubro.us

Cubro Asia Pacific 175A, Bencoolen Street #08-06/07, Burlington Square, Singapore - 189650

Tel.: +65-97255386

Joe LimEmail: jl@cubro.net

www.cubro.net

End

www.cubro.net