Filter
Top Products
When PPM is enabled, a PPM daemon monitors the health of IDP traffic interfaces
belonging to the same virtual router. If a traffic interface loses link, the PPM process
turns off any associated network interfaces in the same virtual router so that other
network devices detect that the virtual router is down and route around it. For
example, assume you have enabled PPM and configured IDP virtual routers as shown
in Figure 8 on page 13.
Figure 8: Peer Port Modulation
Suppose there is a network problem and eth3 goes down. The PPM daemon detects
this and turns off the other interface in vr0: eth2. The interfaces in vr1, vr2, and vr3
are unaffected. After the you fix the problem with eth3, the PPM daemon detects
this, and turns on eth2.
NOTE: The PPM feature is independent of the bypass feature (NIC state setting). PPM
is related to the status of the link, not the status of the IDP operating system. A link
can be down even when the IDP operating system is healthy. Note, however, that
PPM runs as a control plane process and operates only when the IDP appliance is
turned on and the control plane is available. If the IDP operating system is unavailable,
the PPM feature is also unavailable, regardless of the setting for the NIC state.
Layer 2 Bypass
When you configure virtual routers, you have the option of enabling Layer 2 bypass.
When the IDP appliance is turned on and is operating normally, the traffic interfaces
select Layer 3 connections for inspection and process according to security policy
rules.
For Layer 2 connections, the interfaces either select traffic for inspection, drop it, or
pass it through (uninspected), according to the following rules:
■ The interfaces select address resolution protocol (ARP) and internet protocol
(IPv4) traffic for inspection and process according to security policy rules.
■ By default, the interfaces drop all other Layer 2 traffic.
Traffic Interface Ports ■ 13
Chapter 1: Hardware Overview