Traffic in a computer network can be analyzed to improve real-time decision making for network operations, security techniques, etc. The traffic may be acquired at numerous entry points by a variety of devices and/or applications (collectively referred to as “nodes” in the computer network) to provide extensive visibility of traffic flow and network security. Given the complexity and volume of traffic routed through many infrastructures, the traffic is often routed through one or more network appliances that are connected to various kinds of network tools. Examples of such network tools include an intrusion detection system (IDS) and an intrusion prevention system (IPS).
A network appliance can operate as an in-band (i.e., “inline”) device or an out-of-band device. Out-of-band devices operate outside of the path of data traffic between an origination node and a destination node and receive copies of the data packets that make up the traffic, rather than the original data packets. Out-of-band devices are able to freely modify the copies of the data packets because the original data packets are allowed to traverse the network unimpeded. Inline devices, on the other hand, operate within the path of data traffic between an origination node and a destination node and receive and forward the original data packets.
Because inline network appliances reside within the path of data traffic, connectivity issues affecting inline network appliances can degrade the functionality of the computer network as a whole. For example, the path of data traffic may collapse if an inline network appliance loses power. Consequently, many inline network appliances are configured to switch between a pass-through mode and a bypass mode. However, when an inline network appliance switches from bypass mode to pass-through mode, the path of data traffic is momentarily disrupted, such that network traffic is irrecoverably lost.