The last software upgrade gives every Cubro Packetmaster the ability to work as a bypass switch with heartbeat functionality. The Cubro Bypass solution supports data rates from 1 to 100 Gbit . Special Features: Multilink support Multiple heartbeats for multiple service testing Input output traffic compare option Monitoring support Switch to spare support Packet Broker and Bypass in one unit support Flexibility Security feature DDoS protection

1. Optical & Electrical Bypass
with any Packetmaster EX

2. Advantage of Bypass Solution
Cubro offers bypass
solutions from 10 Mbit
up to 100 Gbit
Cubro bypass solution is
flexible in terms of
changing interface type
Cubro bypass solution
offers integrated
monitoring function
Available on all
Packetmaster EX models
Cubro bypass solution is
flexible in terms of
changing bandwidth
Best price performance
relation per link
2 Years warranty, no port
activation fee, no add on
software fees.
Full Rest api for easy
integration and script
language support on all
units
CUSTOMER
SATISFACTION

3. General function
Bypass Switches provide fail-safe Inline tool protection for
your security and monitoring devices.

4. General function
The last software upgrade gives every Cubro Packetmaster
the ability to work as a bypass switch with heartbeat
functionality. The Cubro Bypass solution supports data
rates from 1 to 100 Gbit .
 Special Features:
 Multilink support
 Multiple heartbeats for multiple service testing
 Input output traffic compare option
 Monitoring support
 Switch to spare support
 Packet Broker and Bypass in one unit support
 Flexibility
 Security feature DDoS protection

5. Cubro Bypass Concept
Any Cubro Packetmaster hase the ability to
work as a bypass switch with heartbeat
functionality, on any port at any port speed.
But the Packetmaster is not failsafe !
This is the reason we need the external
bypass switch to make the Packetmaster
failsafe !
This modular concept reduce the cost and
bring a lot flexibility.
&
Managementconnection

6. Each Packetmaster EX can work as Bypass Switch
Bypass links copper link fibre link 1 Gbit fibre link 10 Gbit fibre link 40 Gbit fibre link 100 Gbit
EX2 1 1** 1** 0 0
EX5-2 12 1 0 0
EX6 0 12 1 0 0
EX12 4 2 3 0 0
EX32 0 8* 8* 0 0
EX32+ 0 8* 8* 0 0
EX484-3 0 12* 12* 1 0
EX48400 0 12* 12* 1 1
EX20400 0 0 20* 12* 1
* alternative usage ** with external optical switch
Each Packetmaster can produce heart beat packets and with his inline
switching function he function as a bypass switch combined as NPB. The
table below show the amount of links what every EX can support. By using a
external optical or copper switch the amount of links can be doubled.

7. Gbit Copper Bypass with EX2
normal function Device fail mode

8. Gbit Copper Bypass with EX2
Monitoring option Spare device option

9. 1 or 10 Gbit fiber bypass with EX2
• User defined heartbeat
• Changes of interface type (SM/MM)
only by changing the switch and the
SFP in the EX2
• Separate working mode in EX2
• Web UI configuration with EX2 GU
• Monitoring function

10. 1 or 10 Gbit fibre bypass with EX2
function diagram
working mode heart beat path

11. 1 or 10 Gbit fibre bypass with EX2
function diagram
working mode non heart beat pass

12. 1 or 10 Gbit fibre bypass with EX2
function diagram
device failure mode
Even in failure mode the EX is still checking
the bypassed device for recovery

13. 1 or 10 Gbit fibre bypass with EX2
function diagram
Power outage failure mode
The optical switch is automatically closing
the connection.

14. 1 or 10 Gbit fibre bypass with EX2
feature set
 User defined heart beat traffic
 Monitoring capability's
 Multiple bypass trigger options
 Heart beat
 Port down
 Management port ping
 Inline port ping
 Rest Api active device checking via management port
 External Web or SSH trigger
 Time trigger
 Inline bandwidth check
 In port black list filter

15. 1 or 10 Gbit fibre bypass with EX2
technical data
 Switching time < 100 ms (power out)
 Detection time on device failure <1 Sec
 Insertion Loss:
Network Port: 1.25 dB, Monitoring Port: 1.25dB
 Management via WEB or SSH ore Rest API

16. 1 or 10 Gbit fibre bypass with EX2
The kit comes with all parts what you need for bypass optical 1 link
CUB.HTB-BY-SM-1G-KIT
CUB.HTB-BY-MM-1G-KIT
CUB.HTB-BY-SM-10G-KIT
CUB.HTB-BY-MM-10G-KIT

17. 1 or 10 Gbit fibre bypass with EX2
The kit comes with all parts what you need for bypass an copper link
CUB.HTB-BY-RJ45-1G-KIT

18. 3 link MM or SM solution
The Cubro Bypass for 100 Gbit per link in
multimode is realized with optical MEMS
switches. Each link uses2 switches combined
into one module.
The switching mechanism offers the reliability
of a solid state device. By implementing
latched optical switches power is only
needed during switching. Even if the power
fails the optical switches stay in the
programmed state.
Options to activate the bypass:
1. manually via SSH or HTTP
2. power fail
3. smart detection of the bypassed device
optical output power
Optical Parameters SM:
Wavelength 1260 - 1700 nm
Insertion Loss 1 - 2 dB
Crosstalk 75 dB
Return loss 55 dB
Polarisation Dependent Loss 0.03 dB
Optic Parameters: MM
Wavelength 850 nm
Insertion Loss 1 – 2,5 dB
Crosstalk 75 dB
Return loss 55 dB
Polarisation Dependent Loss 0.03 dB
Switching Time 0.4 ms
Durability cycles No wear

19. Advantage
 Cheaper than old solution
 Up to 3 links in 1 U
 MM and SM and Copper combination
 More flexebilty in case of change mm to sm
 Works for 100/1 Gbit/10 Gbit/100 Gbit
2 links in 1 U

20. Bypass standalone function
live mode passive mode
The bypass switch can be controlled via RS232 or Ethernet interface, the configuration can be manual
or fully automated (example a Packetmaster)

21. Option 1 multimode (SR) solution
The Cubro bypass for 40 and 100 Gbit
multimode a link is realized with a mems
optical switch per link 16 switches are uses,
this 16 switches are combined to one
module.
The switching mechanism offers the
reliability of a solid state device. The optical
switch is a latched version, this means it
needs only power during switching. Even
when power fails the optical switch stays in
the programmed state.
Options to activate the bypass:
1) manually via SSH or HTTP
2) power fail
3) smart detection of the bypassed device
Optic Parameters:
Wavelength 850 nm
Insertion Loss 1 – 2,5 dB
Crosstalk 75 dB
Return loss 55 dB
Polarisation Dependent Loss 0.03 dB
Switching Time ms 0.4
Durability cycles No Wear

22. Packetmaster EX12
Packetload 176 Gbit
Ports Gbit 8 SFP or 8 Base-T
Ports 10 Gbit 12 SFP/SFP+
Ports 40 Gbit none
GUI CLI/WEB/GUI
Packetbuffer YES
Delay 2 µs
Dual Power YES
 12000 Filters Layer 4
 MPLS tag/detag
 VLAN tag/detag
 Header modification Layer 4
 Load balancing Layer 3
 GRE de/encapsualtion
 All ports activated
 All software activated
 Low power design

23. Old and new Bypass switch
New modular concept
• 3 links in one U or 20 links in 3 U (Flex module – similar like flex tap)
• SM MM Copper mixed configuration
• Easy expandable
• Cheaper

24. General Function
10 Gbit firewall bypass with monitoring output
monitoring before and after firewall !

25. General Function
10 Gbit firewall bypass with monitoring output
monitoring before and after firewall !

26. Normal Operation
The traffic passes the optical bypass with no delay, then the traffic is passing
the EX 12 with a very small delay < 1 µs. The EX12 adds a heart beat traffic.
These heart beat packets pass the firewall and the EX12 detects them again.
If the amount of heart beats per second is correct the EX12 knows the firewall
is working properly.
1
2
8
7
6
5
3
4

27. Firewall fail
If the heart beat packets are not detected by the EX12, the Packetmaster
goes in bypass mode and bypasses the firewall.
The switching time is in range of 3 µs.
1
2
4
3

28. Firewall fail and re-route to spare
In the case a spare firewall is available the
Packetmaster can also re-route the traffic to this
unit. This feature is also available as manual
function for software testing and upgrades.
1
2
6
5
3
4

29. PM fail
In the theoretical case that the Packetmaster fails, the optical bypass will
bypass the Packetmaster to ensure the firewall works normal.
The Packetmaster sends keep alive massages to the Bypass switch so that
the Bypass knows the status of the Packetmaster.
1 432

30. Monitoring Function
The monitoring function is available in any
operation mode. It supports layer 4 filtering
and port aggregation to any monitoring
device.
1
2
8
7
6
5
3
4

31. Security Function 1/3
This solution also provides a security option. The
EX12 offers 12000 filter rules, these rules can be
used to block unwanted traffic by hardware filters,
based on blacklists, for example per country.
The EX12 is immune against DoS attacks because there is no software stack.
The Packetmaster can also provide a bandwidth meter function that can limit the
incoming traffic to protect the firewall.

32. Security Function 2/3

33. Security Function 3/3
DDoS detection through a dedicated probe, example Cubro Probe, probe is net
flow probe which can detected fraud and send this information to the
Packetmaster, where this traffic can be blocked.

34. Packetmaster EX20400
 64000 Filters Layer 4
 MPLS tag/detag
 VLAN tag/detag / Q in Q
 Header modification Layer 4
 Load balancing Layer 4
 GRE de/encapsulation
 VXLAN de/encapsulation
 All ports activated
 All software activated
 Low power design
 Jumbo Frames 12000 Bytes
Packetload 2,4 Tbps
Ports 40 Gbit 20
Ports 100 Gbit 4
GUI CLI/WEB/GUI
Packetbuffer YES
Delay 1 µs
Dual Power YES
4 x 10 Gbit 20 x 40 Gbit + 4 x 100 Gbit
84 x 10 Gbit (with breakout cable) + 4 x 100 Gbit

35. Normal Operation 100 Gbit (LR4) Bypass

36. 100 Gbit (LR4) Bypass
100 Gbit bypass
and load
balancing for
active probes

37. 100 Gbit (LR4) Bypass
Application: In line 100 Gbit link, session aware load
balance the traffic to several 10 Gbit live probes.
The probes process the traffic and the PM is aggregating
the traffic back to the live link.
I case of an probe failure
the PM is rebalancing the
traffic to the remaining
Probes.
In case of an PM error
the optical switch by pass
the full solution.

38. Multi link multi device application with EX32
1 traffic from protecting
optical bypass switch
2 traffic is sent from input
to the LB group1 and 3
(2a)
3 received traffic from IPS
is filtered port 80 and
8080 is sent to WAF all
traffic is sent to 6 and
inserted in the live link
4 all http/https traffic is
forwarded to the WAF the
received traffic from WAF
5 is reinserted to the live
link 6

39. EX32 with 2 link bypass switch

40. Multi link multi device application with EX32
To integrate spare units
there are two options.
1) Add the spare units to
the LB group, this spare
port are shutdown. In
case of a failure the
original ports are
shutdown and the spar
ports get up and start
working.
2) Configure 6 load
balancing groups and
move the traffic by
changing the rules.
Option 1 is faster in terms
of service recover.

41. Multilink bypass solution
16 link bypass solution
16 optical bypass switches in a 19”
Cubro flex frame
2 x EX32 for heart beat detection.

42. If you have any additional question or need help
contact us.
Support / Additional Questions
EMEA North America APAC
Cubro Acronet GesmbH
Geiselbergstr. 17
Floor 5 & 6
1110 Vienna
Austria
Tel.: +43 1 29826660
Fax: +43 1 2982666399
Email: support@cubro.net
Cubro US
337 West Chocolate Ave
Hershey, PA 17033
Tel.:717-576-9050
Fax.: 866-735-9232
Sam Reed
Email: sreed@cubro.us
Cubro Asia Pacific
175A, Bencoolen Street #08-06/07,
Burlington Square,
Singapore - 189650
Tel.: +65-97255386
Joe Lim
Email: jl@cubro.net
www.cubro.net

43. End
www.cubro.net