Hello, Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs. Best, Craig
What might be better is using a switch port mirror to duplicate the traffic on one port to your appliance. This way if your appliance fails, it doesn't block traffic. If you don't want a span port, Open flow / sFlow might give you what you need. Josh R On Mon, Jun 23, 2025, 7:34 AM Craig Smith via NANOG <nanog@lists.nanog.org> wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
I have seen several Fail To Wire (FTW) switches in the past. I never found them to be worthwhile, personally for a few reasons - Only available in Copper. - You can't FTW optical since you need an OEO conversion - Failure scenarios were limited - Our sites didn't have backup power, so it was pointless as we would lose the rest of the gear as well Just my $.02 Kevin On Mon, Jun 23, 2025 at 9:34 AM Craig Smith via NANOG <nanog@lists.nanog.org> wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
On 6/23/25 17:40, Kevin Shymkiw via NANOG wrote:
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
An OPS (optical protection switch) can continue to pass light in the event of power failure. The only issue is the last state gets locked in, so there won't be any failover in case the worker path dies, as that requires power. Mark.
Thanks for the info there, I hadn't seen OPS's when I was looking. My almost workaround was a 50:50 optical tap, but without backup power it seemed to only complicate the solution for such a minor gain On Mon, Jun 23, 2025 at 9:50 AM Mark Tinka <mark@tinka.africa> wrote:
On 6/23/25 17:40, Kevin Shymkiw via NANOG wrote:
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
An OPS (optical protection switch) can continue to pass light in the event of power failure. The only issue is the last state gets locked in, so there won't be any failover in case the worker path dies, as that requires power.
Mark.
On 6/23/25 17:52, Kevin Shymkiw wrote:
Thanks for the info there, I hadn't seen OPS's when I was looking. My almost workaround was a 50:50 optical tap, but without backup power it seemed to only complicate the solution for such a minor gain
Something like this could do the part: https://www.ctcu.com/en/product/FRM220-OPS51_52.html We have used them with success in DWDM networks, but light is light :-). Mark.
On Mon, Jun 23, 2025 at 5:40 PM, Kevin Shymkiw <nanog@lists.nanog.org> wrote:
I have seen several Fail To Wire (FTW) switches in the past. I never found them to be worthwhile, personally for a few reasons
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
Actually, you can, and a bunch of people make bits to do this sort of thing. It involves micro-mirrors and a solenoid to direct signal out through one of N ports. Here is an example from BlackBox https://www.blackbox.com/en-us/store/product/detail/Fiber-Optic-A-B-Switch-L... This particular version latches into the last selected position, but there are versions with many more input/output ports, and which fail to one position on power-outages. These generally use MEMS devices and get quite pricey... W - Failure scenarios were limited - Our sites didn't have backup power, so
it was pointless as we would lose the rest of the gear as well
Just my $.02
Kevin
On Mon, Jun 23, 2025 at 9:34 AM Craig Smith via NANOG < nanog@lists.nanog.org> wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/JEAZ47MK...
Sorry for the top post, it’s all my phone can do and I’m away from my terminal. A prior (defunct) job made a bunch of appliances that failed over into bypass mode and we used Portwell ABN 102 cards for this, it looks like Portwell is in the business of making lots of different type types of bypass cards, including copper and fiber. -Dan Sent from my iPhone
On Jun 23, 2025, at 12:05, Warren Kumari via NANOG <nanog@lists.nanog.org> wrote:
On Mon, Jun 23, 2025 at 5:40 PM, Kevin Shymkiw <nanog@lists.nanog.org> wrote:
I have seen several Fail To Wire (FTW) switches in the past. I never found them to be worthwhile, personally for a few reasons
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
Actually, you can, and a bunch of people make bits to do this sort of thing. It involves micro-mirrors and a solenoid to direct signal out through one of N ports.
Here is an example from BlackBox https://www.blackbox.com/en-us/store/product/detail/Fiber-Optic-A-B-Switch-L... This particular version latches into the last selected position, but there are versions with many more input/output ports, and which fail to one position on power-outages. These generally use MEMS devices and get quite pricey...
W
- Failure scenarios were limited - Our sites didn't have backup power, so
it was pointless as we would lose the rest of the gear as well
Just my $.02
Kevin
On Mon, Jun 23, 2025 at 9:34 AM Craig Smith via NANOG < nanog@lists.nanog.org> wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/JEAZ47MK...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GLPIMNHV...
On Mon, Jun 23, 2025 at 11:24 AM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Sorry for the top post, it’s all my phone can do and I’m away from my terminal.
A prior (defunct) job made a bunch of appliances that failed over into bypass mode and we used Portwell ABN 102 cards for this, it looks like Portwell is in the business of making lots of different type types of bypass cards, including copper and fiber.
-Dan
Sent from my iPhone
We used similar devices in the past to build inline IPS boxes. They worked well but it seems like they should just do a port mirror. Joseph
The optical world does have a well fit solution, in the form of optical line taps... I've never used the independent modules, but it's common to see them integrated into a MUX as a monitor port. Quick search found this: https://www.showmecables.com/by-category/patch-panels/fiber-optic-systems/pa... I'd contend this is better, as they start and end passive, avoiding a state change in a failure scenario. Although, un-networked devices in the middle of a circuit can become problematic if undocumented. The last thing you want is to be hunting down failed splices, when the answer is a loose connection in a datacenter. Probably good if you can have some type of networked monitoring platform in line with one of these. From the sounds of it though, OP would need his device to be addressable via one of the connections it is monitoring... and passive taps are unidirectional. As far as optical networking goes, a passive solution would require some type of multiplexing, which implies special equipment at midpsan, A, and Z ends of the circuit. - Riley On Monday, June 23rd, 2025 at 9:41 AM, Kevin Shymkiw via NANOG <nanog@lists.nanog.org> wrote:
I have seen several Fail To Wire (FTW) switches in the past. I never found them to be worthwhile, personally for a few reasons
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
- Failure scenarios were limited - Our sites didn't have backup power, so it was pointless as we would lose the rest of the gear as well
Just my $.02
Kevin
On Mon, Jun 23, 2025 at 9:34 AM Craig Smith via NANOG nanog@lists.nanog.org
wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/JEAZ47MK...
Hi Craig, As another user mentioned, you are probably looking for "Fail to wire" or / "bypass pair". I've used Cloudgenix/Palo Alto Prisma SD-WAN with much success. On Mon, Jun 23, 2025 at 9:51 AM Riley O via NANOG <nanog@lists.nanog.org> wrote:
The optical world does have a well fit solution, in the form of optical line taps... I've never used the independent modules, but it's common to see them integrated into a MUX as a monitor port.
Quick search found this:
https://www.showmecables.com/by-category/patch-panels/fiber-optic-systems/pa...
I'd contend this is better, as they start and end passive, avoiding a state change in a failure scenario. Although, un-networked devices in the middle of a circuit can become problematic if undocumented. The last thing you want is to be hunting down failed splices, when the answer is a loose connection in a datacenter.
Probably good if you can have some type of networked monitoring platform in line with one of these.
From the sounds of it though, OP would need his device to be addressable via one of the connections it is monitoring... and passive taps are unidirectional. As far as optical networking goes, a passive solution would require some type of multiplexing, which implies special equipment at midpsan, A, and Z ends of the circuit.
- Riley
On Monday, June 23rd, 2025 at 9:41 AM, Kevin Shymkiw via NANOG < nanog@lists.nanog.org> wrote:
I have seen several Fail To Wire (FTW) switches in the past. I never found them to be worthwhile, personally for a few reasons
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
- Failure scenarios were limited - Our sites didn't have backup power, so it was pointless as we would lose the rest of the gear as well
Just my $.02
Kevin
On Mon, Jun 23, 2025 at 9:34 AM Craig Smith via NANOG nanog@lists.nanog.org
wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/JEAZ47MK... _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/QZN2JFKB...
A tap is great, but still leaves whatever device doing the monitoring a connection/L3 path for reporting. On Mon, Jun 23, 2025 at 12:51 PM Riley O via NANOG <nanog@lists.nanog.org> wrote:
The optical world does have a well fit solution, in the form of optical line taps... I've never used the independent modules, but it's common to see them integrated into a MUX as a monitor port.
Quick search found this:
https://www.showmecables.com/by-category/patch-panels/fiber-optic-systems/pa...
I'd contend this is better, as they start and end passive, avoiding a state change in a failure scenario. Although, un-networked devices in the middle of a circuit can become problematic if undocumented. The last thing you want is to be hunting down failed splices, when the answer is a loose connection in a datacenter.
Probably good if you can have some type of networked monitoring platform in line with one of these.
From the sounds of it though, OP would need his device to be addressable via one of the connections it is monitoring... and passive taps are unidirectional. As far as optical networking goes, a passive solution would require some type of multiplexing, which implies special equipment at midpsan, A, and Z ends of the circuit.
- Riley
On Monday, June 23rd, 2025 at 9:41 AM, Kevin Shymkiw via NANOG < nanog@lists.nanog.org> wrote:
I have seen several Fail To Wire (FTW) switches in the past. I never found them to be worthwhile, personally for a few reasons
- Only available in Copper. - You can't FTW optical since you need an OEO conversion
- Failure scenarios were limited - Our sites didn't have backup power, so it was pointless as we would lose the rest of the gear as well
Just my $.02
Kevin
On Mon, Jun 23, 2025 at 9:34 AM Craig Smith via NANOG nanog@lists.nanog.org
wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/JEAZ47MK... _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/QZN2JFKB...
Craig, I discovered and used Niagara Networks (nee Interface Masters) for a half-decade or so exactly for this purpose — transparent insertion / optical cut-through on power fail, without having to do a passive optical bleed and finger-pointing about light levels. Also gave me extra diagnostic knobs and visibility for the carrier circuit that was passing through it. https://www.niagaranetworks.com/products/network-bypass-switch -dp
Folks Ethernet passthrough devices, that I have seen are ports 11,12 on the Mikrotik RB1100AH , RB1100AHx2 RB1100AHx4, and some Axiomtek devices (Network appliance series can have lan Passthrough with relays that can be enabled or disabled using jumper kits on the mainboard, integrating them in your network requires careful configuration with bridges etc... (normal working vs failsafe working) ... and 2x the ports per Lan bypass group Hope this helps Tom Smyth On Tue, 24 Jun 2025 at 00:15, David Zimmerman via NANOG <nanog@lists.nanog.org> wrote:
Craig,
I discovered and used Niagara Networks (nee Interface Masters) for a half-decade or so exactly for this purpose — transparent insertion / optical cut-through on power fail, without having to do a passive optical bleed and finger-pointing about light levels. Also gave me extra diagnostic knobs and visibility for the carrier circuit that was passing through it.
https://www.niagaranetworks.com/products/network-bypass-switch
-dp
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/54PKXVLF...
-- Kindest regards, Tom Smyth.
My initial thought on this Tom was to actually encourage the OP to use a Mikrotik as the CPE and OpenFlow 1.3 :) Bypass or not, I've seen those fail from too many vendors too many times. It also sounds very expensive to scale out for tons of customers if that's the case (I have an idea it is, and what the OP is doing... probably the same thing I've been working on with a vendor). *Josh Reynolds* joshr@spitwspots.com Chief Technology Officer // SPITwSPOTS On Mon, Jun 23, 2025 at 3:46 PM Tom Smyth via NANOG <nanog@lists.nanog.org> wrote:
Folks Ethernet passthrough devices, that I have seen
are ports 11,12 on the Mikrotik RB1100AH , RB1100AHx2 RB1100AHx4,
and some Axiomtek devices (Network appliance series can have lan Passthrough with relays that can be enabled or disabled using jumper kits on the mainboard,
integrating them in your network requires careful configuration with bridges etc... (normal working vs failsafe working) ...
and 2x the ports per Lan bypass group
Hope this helps
Tom Smyth
On Tue, 24 Jun 2025 at 00:15, David Zimmerman via NANOG <nanog@lists.nanog.org> wrote:
Craig,
I discovered and used Niagara Networks (nee Interface Masters) for a
half-decade or so exactly for this purpose — transparent insertion / optical cut-through on power fail, without having to do a passive optical bleed and finger-pointing about light levels. Also gave me extra diagnostic knobs and visibility for the carrier circuit that was passing through it.
https://www.niagaranetworks.com/products/network-bypass-switch
-dp
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/54PKXVLF...
-- Kindest regards, Tom Smyth. _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/LZZ24WAX...
Note: I am very interested in what you may be working on, or at least what it sounds like :) Josh Reynolds Chief Technology Officer | SPITwSPOTS On Mon, Jun 23, 2025, 7:34 AM Craig Smith via NANOG <nanog@lists.nanog.org> wrote:
Hello,
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through data, but could also be assigned an IP address and act as a bridge in "normal" mode? The desire is to have an appliance that could perform monitoring and send telemetry in between a customer device and an Internet connection but not create a single point of failure or require multiple ISP handoffs.
Best,
Craig _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Y7JZATLR...
On Mon, Jun 23, 2025 at 10:34 AM Craig Smith via NANOG <nanog@lists.nanog.org> wrote:
Is anyone out there aware of a fail safe switch/router/1U server where upon power failure or watchdog event 2 ports would fail to pass through
There are in fact various "Server bypass NICs". I would strongly suggest not using it simply to gather telemetry. Only if the application involves modifying, dropping, or inserting packets on the link, then you might need that insert of a software-based bridge and all the drawbacks that come with that. Bridging is a software function, and using one introduces points of failure, such as when a server system is powered on, but a software anomaly or the rate of packets exceeds the CPU's capabilities. You may incur additional latency in packet forwarding and dropped or corrupted packets. When it comes to bridges; many types of network failures are partial failures - a 50% drop rate causes major troubles, but the OS is still running, and therefore a watchdog agent sees no issue. Various units are available which can passively tap a link without inserting a device that actively participates in the link protocol. Fiber taps or copper taps; depending on the type of link. Or use the SPAN/Mirror function of existing managed switches which would be less expensive than implementing a dedicated tap. Still avoid inserting a software-based forwarding device between network endpoints which most likely cannot assure you full wire speed forwarding with the same consistency as the hardware ASIC-based forwarding routers or bridges at either side of the link being tapped, especially high packet rates on high capacity links.
Craig -- -JA
participants (12)
-
Craig Smith -
Dan Mahoney -
David Zimmerman -
Jay Acuna -
Joseph Jackson -
Josh Reynolds -
Kevin Shymkiw -
Mark Tinka -
Riley O -
Stipo -
Tom Smyth -
Warren Kumari