Silicom IS40 1/10/40G 旁路交換器Bypass Switch|TAP
◆本地與遠端log,SNMP MIB

Silicom IS40 1/10/40 G Bypass Switch 智慧型旁路交換器,免除inline設備因當機而造成的網路斷線風險。新一代架構新增內建黑白名單bypass與LAG功能。黑白名單可控制特定封包bypass或進入監控主機,減輕監控主機的流量負載;LAG功能可讓多segment的主機啟用port channel (LACP)架構,仍然能讓檢查封包(Heartbeat)正確通過,例如F5/Citrix WAF在LACP環境下亦可使用。全系列bypass switch智慧型旁路交換器皆具備Double Safe自我當機偵測設計,免除自己成蔚網路故障點的疑慮,port channel最低連線總數設定,IS40可讓用戶免於斷線風險之外,同時使用port channel擴充效能與線路備援,雙效兼得。
旁路交換器(Bypass Switch)的功用,是用來免除透通模式(Inline)的資安監控設備或頻寬管理器,所引起的網路斷線疑慮,從防護的效用來看,一般可分為三種等級:
- 普通級:Inline主機與自身斷電bypass
- 進階級:普通級功能加上 Inline主機當機、斷線bypass
- 最高級:進階級功能加上 旁路交換器自身當機bypass
IS40 1/10G 旁路交換器(Bypass Switch),皆屬於最高等級的防護力,具備主動與被動式旁路能力,能保護網路,不讓監控設備因維護、當機或斷電而導致網路中斷。除了可發送監控用的心跳封包(Heartbeat),監控資安主機進行旁路切換之外,也監控自己的健康狀態,自己當機或斷電也能進行旁路切換,而不會成為網路的故障點。
一般用戶的迷思,認為內聯(Inline)設備只要具備Bypass功能的網卡,發生故障時就不會造成網路中斷了,但殊不知IPS、WAF、DAM、頻寬管理器等內聯(Inline)模式設備故障,最常造成網路斷線的原因就是...當機,或者已經處於流量處理速度很慢,但卻又沒有斷線的"半死"狀態,造成用戶聯外失敗的問題;即使用了HA架構,但這種狀況發生時,卻仍需要手動切斷故障的內聯設備,才能讓全部流量順利進入HA備援機制的第二台監控設備中。此刻內聯設備內建的bypass網卡的作用,只是在設備切斷電源後,暫時讓網路流量可以通過。但如此一來,完全達不到自動化斷線防護目的,仍需要耗費人力,處理斷線的問題,且是在造成網路down time一段時間後,才能解決問題,因此越來越多用戶開始重視斷線防護等級的差異,並願意投資更有效的斷線防護方案。
Silicom IS40智慧旁路交換機採用1U標準機箱,擁有三個模組的擴充空間,可同時使用40G模組以及10G/1G模組;每個40G模組支援一對旁路端口(1 segment),每個10G/1G模組支援兩對旁路端口(2 segments)。
再介面選擇上,IS40智慧旁路交換機除了支援單模光纖(40GBase-LR4),也支援多模光纖(40GBase-SR4),每個旁路模組提供兩個MPO/LC規格的網路端口連接上下端網路,以及兩個QSFP+端口連接Inline模式的資安設備,也可支援10G/1G的單/多模光纖(10GBase-SR,1000Base-SX,10GBase-LR,1000Base-LX),每個10G/1G旁路模組提供四個LC Duplux規格的網路端口連接上下端網路,以及四個SFP+端口連接Inline模式的資安設備。
Silicom IS40智慧旁路交換機(Intelligent Bypass Switch)支援四種旁路模式:正常內聯(Normal inline)、旁路(Bypass)、分流(TAP)與斷線(Linkdrop)等模式。
- 在正常內聯模式下(Normal),IS40引導網路流量至所連接的內聯網路設備。
- 在旁路模式中(Bypass),IS40不會將流量引導到所連接的網絡監控設備(Inline appliance),而將流量直接導回到網絡中。
- 在分流模式(TAP)中,流量直接透通NET埠,但被複製到MON埠,進入NET0端口的流量會被複製到MON0端口,進入NET1端口的流量被複製到MON1端口,網路實際流量在NET0與NET1之間傳送,不會導入連接MON0與MON1的網路設備,讓設備不會影響網路,卻又能有測試流量,以利工程師偵錯。
- 在斷線模式(Linkdrop),IS40偵測到"當機"的內聯設備,則自動關閉網絡端口(NET0, NET1)的連接讓網路中斷,讓流量可以順利導入仍在HA模式中的正常監控設備,才能真正達到全時自動化監控的效用。
IS40 bypass模組可產生心跳封包(Heartbeat),心跳封包隨著網路流量到內聯式的網路監控設備的網路端口,讓心跳封包從網路端口進入設備內部,並與其他網路流量傳輸到其他端口(橋接心跳封包),送出心跳封包。IS40 bypass模組在預設時間內檢測到返回的心跳封包,則保持內聯模式。
當IS40 bypass模組未從內聯設備端檢測到返回的心跳封包,則依據預先的設定,IS40自動會被切換成旁路(Bypass)、分流(TAP)或斷線(Linkdrop)模式。當內聯監控網絡設備恢復正常並讓心跳封包在預設時間內返回bypass模組,IS40偵測到返回心跳封包,則恢復成正常內聯模式。通常,bypass模式會在內聯設備電源故障、鏈路故障、內聯軟件應用程序系統當機,或使用者要求時啟動。
IS40可以支援LAG (link aggregation group)功能;在Port Channel Mode On環境下,某些例如F5、Citrix的WAF設備,必須與上下行網路設備建立port channel通道,傳統的bypass Switch會發生heartbeat封包無法返回原來模組,而導致bypass switch誤判而切入bypass模式。IS40是新一代的旁路交換器,可以在這樣的port channel 環境下使用,而不會有誤判問題,並可偵測port channel群組內的連線數,若因斷線而使連線總數少於設定數量,則啟動bypass模式,讓用戶暨免於斷線風險,又可以兼顧線路備援,雙效兼得。

IS40能以最經濟方式,實現Service Chain:

- 簡單的CLI指令設定介面,經由序列埠console、 Telnet 或 SSH.
- 網頁圖形GUI管理介面
- SNMP Write網管自動寫入
IS40是一款1U主機系統,最多可支援三個bypass模組,最多3個40G bypass segments、或6個10G/1G bypass Segments,主機包含兩個備援110 - 220 V AC電源或兩個備援-48直流電源。
- 自我產生心跳測試封包 - 無需在內聯設備上安裝驅動程式或管理端口產生Heartbeat。
- 設置成旁路狀態,當檢測到內聯系統出現故障時
- 設置成旁路狀態,當檢測到內聯系統鏈路故障時
- 設置成旁路狀態,當檢測到內聯軟件應用程序系統當機
- 設置成旁路狀態,當電源故障
- 設置為正常內聯狀態,當檢測到內聯的網路監控系統復原時
- 雙重安全旁路架構,具有雙路由電路設計
- Centralized managements
- 內建兩個板載”看門狗定時器”(WDT,Watch Dog Timer)控制器
- 軟體可編程的超時時間間隔
- Software Programmable WDT Enable / Disable
- 每一個模組都有獨立的旁路(Bypass)/正常(Normal)/分流(TAP)/斷線(Linkdrop)操作
- 在1U機箱內支援多達三個40G模組
- 在1U機箱內最高支援6個10G/1G的模組
- 支援TAP運作模式
- 通過序列端口簡單的CLI配置管理
- 通過網絡管理端口(MGMT),Telnet遠端登錄管理界面
- 通過網絡管理端口,使用SSH管理界面
- 支援SNMP版本1,2C,3(SHA,AES)
- 支援遠程日誌
- 支援 NTP
- 支援時區
- 支援多重保存/備份的配置
- 支持兩個端口連動功能 - 如果網絡中的一個端口鏈路發生故障時,會關閉另一個網路端口上的鏈接。
- 雙備援電源
- 可選-48V直流電源
- 支援LAG功能,在同一LAG群組內的bypass模組,可以同時inline或bypass,並允許bypass模組發出的heartbeat封包,可以被群組內其他模組偵測。
- 支援Selective Bypass Filter黑白名單過濾功能,能預先Bypass特定MAC、MPLS、VLAN、IP、TCP、Protocol Number,可設定讓BGP、OSPF、 LACP白名單bypass,或是讓UDP 443白名單bypass以降低進入IPS流量,或只讓TCP 80 Http等流量進入WAF檢查,而其餘則白名單bypass。
- 更換模組可單獨關機取出,而不需整台機箱斷電而影響其他模組運作
- 可同時產生五個不同IP、VLAN型態的heartbeat,針對ESXi server內部多個inline架構虛擬機(如virtual IPS、WAF),進行健康狀態偵測與bypass
IS40M40G4BP-QS4 | Supports Short Range Fiber 40 Gigabit Ethernet (40GBase-SR4 50um) |
IS40M40G4BP-QL4 | Supports Long Reach Fiber 40 Gigabit Ethernet (40GBase-LR4) |
IS40M108BP-SRD | Supports Short Range Fiber 10 Gigabit Ethernet (10GBase-SR) Supports Short Range Fiber Gigabit Ethernet (1000Base-SX) |
IS40M108BP-LRD | Supports Long Reach Fiber 10 Gigabit Ethernet (10GBase-LR) |
IS40 Bypass Switch
Silicom 40G/10G Intelligent Bypass Switch
Bypass Specifications | |
WDT Interval (Software Programmable) |
Routing Transmit heart beat packet every 3mS – 10Sec. Default 5mS Verification packets received every 10mS – 50Sec. Default 20mSec Double Bypass Transmit heart beat packet every 300mS – 60Sec. Default 7Sec Verification packets received every 1S – 253Sec. Default 20Sec |
Production Default configuration | |
Mode at Power up | Bypass |
Heartbeat | Activated |
Bypass Switch is ready and in-line device responds to heartbeat | Change to Normal |
In-line device responds to heartbeat | Normal |
In-line device does not respond heartbeat | Bypass |
Mode at Power 0ff | Bypass |
Heartbeat Packet | Internetwork Packet Exchange |
IS401U: Bypass Switch 1U Host System Technical Specifications | |
Dockings | Front holders |
Voltage Input | AC: 90-240 VAC Auto-Select -48 (-75 – -36) VDC |
Size | 435mm x 586 mm x 44 mm ( 17.12” x 23.07” x 1.73”) Wide x Depth X Height |
Operating Humidity | 0%–90%, non-condensing |
Operating Temperature | 0°C – 40°C (32°F – 104°F) |
Storage Temperature | -20°C–65°C (-4°F–149°F) |
Fans | 4 hot swap Fans 4 wires connections on each fan (12V,GND,TACH and PWM) Specifications (maximum operation condition) of one Fan SPL- 61dB(A) Current – 0.92A Air flow – 28.6 CFM |
EMC Certifications | Class B FCC / CE / VCCI |
MTBF* | > 150,000 hours |
IS401U: Bypass Switch 1U Host System LEDs Specifications | |
LEDs | FRONT Two Power LEDs: PS1, PS2 PS1: Green LED will light when power is on and off if there is a failer in power supply module or when extracrting the power supply module from the system. PS2: Green LED will light when power is on and off if there is a failer in power supply module or when extracrting the power supply module from the system. System Status LEDs: 3 LEDs Sys OK: System Normal Operation – Light Green. Who I’m: in rack identification – Blinking Green. Sys UP: System Init during power up and during shutdown – Light Yellow. ALM: System Alarm – Light Red. Module Power LEDs:
BACK One bi-color LED indication that integrated on each power supply module: Power Switch On – Geern color. Standby(AC/DC In,Only +5VSB output) – Blinking Green color. Power Fail – Red color. Internal Fan Fail – Blinking Red. |
Switches | Push button to power the system (PWR). From ON to OFF – Press and hold this push button during 4 second will perform firmware shutdown press and hold this push button during 8second will perform power shoutdown. From OFF to ON – simple push will turn system on. Reset (RST): Small micro-switch stand behind hidden hole : Press and hold for more than 1 sec will perform restart to the system. |
Connectors | Management Ports: RJ-45 Ethernet (MGNT ETH) RJ-45 serial port (RS-232) USB port (RS-232) |
IS40M40G4BP-QS4 (50um) | |
Fiber Gigabit Ethernet Technical Specifications – (40GBase-SR4) Adapters: | |
IEEE Standard / Network topology | Fiber Gigabit Ethernet, 40GBase-SR4 (850nM) |
Data Transfer Rate | 40G per port |
Cables and Operating distance | Multimode fiber:50um *50m maximum on OM3 MMF *75m maximum on OM4 MMF Theoretical Distance – Defined as half a distance |
Size | 102.2mm x161.9 mm x 40.5 mm (4.02” x 6.37” x 2”) Wide x Depth x Height |
Operating Humidity | 0%–90%, non-condensing |
Operating Temperature | 0°C – 40°C (32°F – 104°F) |
Storage Temperature | -20°C–65°C (-4°F–149°F) |
EMC Certifications | Class B / FCC / CE / VCCI |
MTBF* | > 150,000 hours |
IS40M40G4BP-QS4 and : LED and Connector Specifications | |
LEDs | Green LED per port (Network / Monitor) Activity:LED will blink. Link:LED will turn on. Two LED: Inline Mode – Green LED. Non Inline Mode:Bypass, TAP, Disconnect – Yellow (Orange) LED. HB Status LED Blinking Green LED – HB is active. LED is off – HB not active |
Connectors | Network:2 MPO Monitor: 2 QSFP+ |
IS40M40G4BP-QL4 | |
Fiber 40Gigabit Ethernet Technical Specifications – (40GBase-LR4) Adapters: | |
IEEE Standard / Network topology |
Fiber Gigabit Ethernet, 40GBase-LR4 (1310nM) |
Data Transfer Rate | 40Gbit/s per port |
Network ports Cables and Operating distance | Single mode fiber: 5000m maximum at 9 um ** **Theoretical Distance – Defined as half a distance |
Insertion Loss ( Passive: Normal Mode) |
Typical:1.2 dB Maximum: 1.6dB |
Insertion Loss ( Passive: Bypass Mode) |
Typical: 1.2 dB Maximum: 1.6dB |
Voltage | 12V +/-5%, 5VSB+/-5%, 5V +/-5% |
Size | 102.2mm x161.9 mm x 40.5 mm (4.02” x 6.37” x 2”) Wide x Depth x Height |
Operating Humidity | 0%–90%, non-condensing |
Operating Temperature | 0°C – 40°C (32°F – 104°F) |
Storage Temperature | -20°C–65°C (-4°F–149°F) |
EMC Certifications | Class B FCC / CE / VCCI |
Safety | UL |
MTBF* | > 150,000 hours |
IS40M40G4BP-QL4: LED and Connector Specifications | |
LEDs | Green LED per port (Network / Monitor) Activity : LED will blink. Link : LED will turn on. Two LED: Inline Mode – Green LED. Non Inline Mode :Bypass, TAP, Disconnect – Yellow (Orange) LED. HB Status LED Blinking Green LED – HB is active. LED is off – HB not active |
Connectors | Network: 2 LC Monitor: 2 QSFP+ |
IS40M10G8BP-SRD | |
Dual rate Fiber 10G/1G Ethernet Technical Specifications – (10GBase-SR / 1000Base-SX) Adapters: | |
IEEE Standard / Network topology |
1000Base-SX, 10GBase-SR (850nM) |
Data Transfer Rate | 20Gbit/s in full duplex mode per port |
Cables and Operating distance | Multimode fiber:62.5um 16.5m maximum at 62.5 um ** Theoretical Distance – Defined as half a distance as stated by the IEEE 802.3 standard |
Insertion Loss ( Passive: Normal Mode) |
Typical: 0.8 dB Maximum: 1.9 dB |
Insertion Loss ( Passive: Bypass Mode) |
Typical: 0.8 dB Maximum: 1.9 dB |
Voltage | 12V +/-5%, 5VSB+/-5%, 5V +/-5% |
Size | 102.2mm x161.9 mm x 40.5 mm (4.02” x 6.37” x 2”) Wide x Depth x Height |
Operating Humidity | 0%–90%, non-condensing |
Operating Temperature | 0°C – 40°C (32°F – 104°F) |
Storage Temperature | -20°C–65°C (-4°F–149°F) |
EMC Certifications | Class B / FCC / CE / VCCI |
Safety | UL |
MTBF* | > 150,000 hours |
IS40M10G8BP-LRD | |
Dual rate Fiber 10G/1G Ethernet Technical Specifications – (10G Base-LR / 100BaseLX) Adapters: | |
IEEE Standard / Network topology | 1000Base-LX, 10GBase-LR (1310nM) |
Data Transfer Rate | 20Gbit/s in full duplex mode per port |
Netowrk ports Cables and Operating distance | 5000m maximum at 9 um ** |
Insertion Loss ( Passive: Normal Mode) | Typical: 1.2 dB Maximum: 1.6dB |
Insertion Loss ( Passive: Bypass Mode) | Typical: 1.2 dB Maximum: 1.6dB |
Voltage | 12V +/-5%, 5VSB+/-5%, 5V +/-5% |
Size | 102.2mm x161.9 mm x 40.5 mm (4.02” x 6.37” x 2”) Wide x Depth x Height |
Operating Humidity | 0%–90%, non-condensing |
Operating Temperature | 0°C – 40°C (32°F – 104°F) |
Storage Temperature | -20°C–65°C (-4°F–149°F) |
EMC Certifications | Class B FCC / CE / VCCI / |
Safety | UL |
MTBF* | > 150,000 hours |
IS40M10G8BP-LRd/SRd: LED and Connector Specifications | |
LEDs | Green LED per port (Network / Monitor) Activity : LED will blink. Link : LED will turn on. Bi-color LED: Inline Mode – Green color Non Inline Mode :Bypass, TAP, Disconnect – Yellow (Orange) color. HB Status LED Blinking Green LED – HB is active. LED is off – HB not active |
Connectors | Network: 4 LC Duplex Monitor: 4 SFP+ |

IS40 Bypass Switch
Silicom 40G/10G Intelligent Bypass Switch
P/N | Description | Notes |
IS40G1U-US | Bypass Switch 1U Host System | 90-240 VAC Auto-Select, US cable |
IS40G1U-48V | Bypass Switch 1U Host System | Power supply -48VDC |
IS40M40G4BP-QS4 | 40G Gigabit (SR4) fiber Intelligent Bypass Switch module | SR4 MMF Single Segment Bypass 40G – (SR4 on the Network and Monitor ports) |
IS40M40G4BP-QL4 | 40G Gigabit (LR4) fiber Intelligent Bypass Switch module | LR4 SMF Single Segment Bypass 40G – (LR4 on the Network and Monitor ports) |
IS40-1BSR4-EU | Intelligent 40G 1U system with 40G ( SR4) Bypass Switch module | 1U Switch , 40G SR4 MMF Single Segment Bypass , 90-240 VAC Auto-Select, EU cable |
IS40-1BQL4-US | Intelligent 40G 1U system with 40G ( LR4) Bypass Switch module | 1U Switch , 40G, LR4 SMF, Single Segment Bypass, 90-240 VAC Auto-Select, US cable |
IS40-1BLR4-1BSR4-US | Intelligent 40G system with one ( LR4) Bypass Switch module and one (SR4) bypass switch | 1U Switch , 40G, LR4 SMF, Single Segment Bypass and 40G SR4 MMF Single Segment Bypass, 90-240 VAC Auto-Select, US cable |
IS40M10G8BP-SRD | Dual segment 10G/1G Gigabit (SR/SX) fiber Intelligent Bypass Switch | SR/SX MM Dual Segment Bypass, Dual rate 10G/1G – (SR/SX on the Network and Monitor ports) |
IS40M10G8BP-LRD | Dual segment 10G/1G Gigabit (LR/LX) fiber Intelligent Bypass Switch module | LR/LX SM Dual Segment Bypass, Dual rate 10G/1G – (LR/LX on the Network and Monitor ports) |
IS40-1BSRD-EU | Intelligent 40G with one 10G (SR/SX) Bypass Switch module | 1U Switch , with 10G/1G SR/SX MMF dual Segment Bypass , 90-240 VAC Auto-Select, EU cable |
IS40-1BLRD-US | Intelligent 40G with one 10G (SR/SX) Bypass Switch module | 1U Switch , with 10G/1G LR/LX SM, dual Segment Bypass , 90-240 VAC Auto-Select, EU cable |
IS40-1BSRD-1BLRD-EU | Intelligent 40G with one dual rate 10G/1G (SR/SX) Bypass Switch module and one dual rate 10G/1G (LR/LX) Bypass Switch module | 1U Switch , 10G/1G SR/SX MM dual Segment Bypass and 10G/1G, LR/LX SM, dual Segment Bypass , 90-240 VAC Auto-Select, EU cable |
