|
|
|
|
|
|
|
|
For Bridge Mode (Transparent) operation, iPrism offers an integrated Ethernet bypass capability that prevents iPrism from being a single point of network failure when the system detects a software or hardware problem.
In Proxy Mode, Bypass Mode is not applicable due to the "non-inline" nature of the installation and usage, and the fact that a Proxy Mode iPrism is not a single point of network failure. Users will not be able to surf the web, but other network usage continues.
In Bridge Mode, there are two physical modes of operation: Online and Bypass. In Online mode, iPrism behaves as an Ethernet bridging device, passing traffic between the internal and external Ethernet interfaces while applying filtering policies to that traffic. In Bypass mode, iPrism cross-connects the two RJ45 Ethernet connectors eliminating iPrism from the network traffic flow. The blue LED indicator on the front panel can be used to determine whether iPrism is in Bypass or Online mode.
iPrism uses special relays attached between the RJ45 modular Ethernet connector and the Ethernet NIC modules. A watchdog timer, periodically reset by the system software, controls these relays. In normal operating conditions the timer never expires and the relays remain in online mode. If for any reason the timer expires, or the power goes off, iPrism switches to bypass mode and the relays cross-connect the RJ45 ports together. In Bypass mode iPrism is completely removed from the network traffic flow.
In Online mode (the normal mode of operation), the Ethernet NIC's are connected via the relay directly to the corresponding RJ45 connectors. Traffic flowing on the network is received on the internal network connector, passed to the internal NIC and sent to the iPrism system software where a decision is made to allow or disallow the access. If allowed, a request is made through the external NIC, through the external RJ45 connector, out to the default route and to the Internet, eventually winding up at the origin server (the host which was specified in the HTTP request). In Online mode, the networks attached to the Internal and External connectors are actually separate Layer 2 networks, and iPrism acts as a bridge between them.
In Bypass mode, the iPrism network relays cross-connect the two RJ45 connectors electrically thus creating an extended Layer 1 network. Traffic present on either network (Internal or External) is seen on the other network immediately.
In online mode, iPrism divides the networks attached to the Internal and External NICs into two distinct "Layer 2" topologies. This means that each network can interface to iPrism in its own mode (i.e. Internal network can interface at 100Base-TX full duplex, while the external network might interface at 10Base-T half duplex). This works fine while iPrism is running in online mode, but will fail when bypass mode takes effect and the two networks are merged into a single "Layer 1" topology. For this reason, you will want to be sure to configure both network interfaces with the same mode and duplex. We generally suggest using auto-detect mode on both the internal and external interfaces. You may also set the mode explicitly from the System > Networking tab for both the internal and external interface.
Keep in mind that during bypass mode, iPrism is completely isolated from the network. This means you will not be able to ping it or run any configuration software against it. This is by design and should be considered if attempting diagnostics. The console port (for maintenance functions under the direction of iPrism Technical support) on iPrism should generally still function even during bypass mode (unless a critical software or hardware error has terminated the iPrism software). This may be useful, for example, to check speed/duplex settings. You establish a HyperTerminal connection to access maintenance functions. See:
Establishing a HyperTerminal Connection on the Model 1200
Model 1200 Front and Rear Panels
Establishing a HyperTerminal Connection on the Model 3000
Model 3000 Front and Rear Panels
Bypass mode will occur in the following scenarios:
Power Off and Power Failures: When power to iPrism is off, the default state of the relays is to cross-connect the two RJ45 Ethernet connectors completely removing iPrism from the network traffic flow.
Boot sequence: During the initial power-on state, iPrism is performing self-tests and initializing its hardware and software. iPrism will cross-connect the RJ45 Ethernet connectors until it is ready to perform normal operations. Note the LED 'on-line' indicator will initially be lit when power is first turned on. The LED will remain lit for as long as 8 seconds while iPrism performs some preliminary self-tests. Even though the LED indicator is on at this stage, the RJ45 connectors are still cross-connected and iPrism is removed from the network traffic flow. After about 8 seconds the online LED will turn off and remain off during initialization and self-tests. After approximately 50 seconds the online LED will light indicating that iPrism is ready to service requests.
System software error: If a system software error occurs, iPrism will not reset the timer controlling the relay. Within 8 seconds of this condition, the relay will trip and cross-connect the two RJ45 Ethernet ports.
Hardware error: If a hardware error occurs, iPrism will not reset the timer controlling the relay. The relay will then trip causing the RJ45 Ethernet ports to be cross-connected.
When iPrism is in bypass mode, you will not see the link/activity or speed indicator lights "lit up" on the iPrism NIC (RJ45) ports.
When booting iPrism in Bridge-Mode, traffic will either be passed (unfiltered) or blocked depending on "Filter Failover" mode configuration, for approximately one minute. When booting iPrism in Proxy-Mode web traffic will be blocked for about a minute as Filter Failover mode is irrelevant when using a single NIC. To configure Filter Failover mode, see:
How do I configure Filter Failover Mode?
Under normal operating conditions (except booting) iPrism should not go into bypass mode. However, as mentioned above, causes of Bypass-Mode include:
Power-Failures (the leading cause)
Unplugging the iPrism Network Cable(s)
Significant Ethernet Errors
NIC Failure
Once in bypass mode you must reboot to get into online mode. If a NIC failure is suspected (online mode cannot be re-acquired) please contact iPrism Technical Support.
If iPrism does go into bypass mode, it will attempt to send an email to the iPrism Administrator. This requires email service in iPrism, see the following:
How do I specify an SMTP Relay (Email Server)
Checking iPrism Email Destinations
