Home >

Appliance Administration Guide > Configuration without One-step NTLS > [Step 2] Configure the Appliance for your Network > Recommended Network Characteristics

Recommended Network Characteristics

Determine whether your network is configured optimally for use of SafeNet appliances.

Bandwidth and Latency Recommendation   

 Bandwidth

Minimum supported: 10 Mb half duplex

Recommended: at least 100 Mb full duplex - full Gigabit Ethernet is supported

Note:  Ensure that your network switch is set to AUTO negotiation, as the SafeNet appliance negotiates at AUTO. If your network switch is set to use other than automatic negotiation, there is a risk that the switch and the SafeNet appliance will settle on a much slower speed than is actually possible in your network conditions.  

 Network Latency

Maximum supported: 500ms

Recommended: 0.5ms

About Latency and Testing

SafeNet appliance client-server communication uses timeouts less than 30 seconds to determine failure scenarios. Thus the appliance does not tolerate network configurations or conditions that introduce a greater delay - problems can result, especially with HA configurations.

Here is a description of one common cause of such a situation, and what you can do about it.

When you disconnect the network cable between any SafeNet appliance and a switch, and then reconnect, traffic should resume immediately, but with certain network switch configurations it might take 30 seconds for traffic to resume.

The problem here is at the switch (and not the SafeNet appliance).  See http://www.cisco.com/warp/public/473/12.html#bkg for some descriptions of Cisco switches. If the switch is configured to run the Spanning Tree Protocol on the port (which appears to be the default configuration, at least for Cisco switches), then there is a delay of about 30 seconds while it runs through a series of discovery commands and waits for responses. The switches can be configured to run in “PortFast” mode in which the Spanning Tree Protocol still runs on the port, but the port is placed directly into 'forwarding mode' and starts the traffic flowing immediately.   

With the switch introducing a connection detection delay of 30 seconds or greater, transient network failures lasting only seconds are no longer tolerated. A simple test is to set up a ping stream and then disconnect and reconnect the network cable. The ping traffic should resume after a 1 or 2 second delay. A greater delay indicates that a switch in the network is not detecting the reconnection as quickly as is optimal. See the recommendations for network Bandwidth and Latency.

Go to Power-up the HSM Appliance .