Traffic in a computer network can be analyzed to improve real-time decision making for network operations, security techniques, etc. The traffic may be acquired at numerous entry points by a variety of devices and/or applications (collectively referred to as “nodes” in the computer network) to provide extensive visibility of traffic flow and network security. This network of devices and/or applications, which may include physical devices, virtual devices, and Software Defined Networking (SDN)/Network Function Virtualization (NFV) environments, may be collectively referred to as the computer network's visibility fabric. Given the complexity and volume of traffic routed through many infrastructures, various kinds of network tools are often used to identify, analyze, and/or handle security threats to the computer network, bottlenecks in the computer network, etc. Examples of such network tools include an intrusion detection system (IDS), an intrusion prevention system (IPS), a network monitoring system, and an application monitoring system.
Network appliances and network tools can operate as in-band (i.e., “inline”) devices or out-of-band devices. Out-of-band devices operate outside of the path of data traffic between an origination node and a destination node and receive copies of the data packets that make up the traffic, rather than the original data packets. Out-of-band devices are able to freely modify the copies of the data packets because the original data packets are allowed to traverse the computer network unimpeded. Inline devices, on the other hand, operate within the path of data traffic between an origination node and a destination node and receive and forward the original data packets.
Network switches communicatively coupled between nodes in the computer network often guide data packets to centralized tools for processing. To be more responsive to emerging security threats, many out-of-band network tools that passively monitor traffic are moved to inline deployments. Consequently, data packets originating from one node within the computer network are guided through the inline network tool before continuing on to another node within the computer network. However, effective guiding of data packets received by a network appliance can be difficult, particularly when one or more inline network tools communicatively coupled to the network appliance experience an issue (e.g., lose power or discover a security threat and stops forwarding traffic).