Ok, here is what is in the KB:
The Internal NICBypass helps prevent network outage due to IDP entering a hang state or experiencing high CPU utilization when the IDP device is in inline mode (transparent mode only). The NICBypass employs WatchDog Timers to achieve the functionality.
The nicBypass script which is located in /usr/idp/device/bin/ prevents the interfaces from going into bypass mode when the IDP is working normally by resetting the watchdog timer. It also restores the interfaces to normal mode if they had gone into Bypass mode. The nicBypass script performs this check and takes the action (if required) every "loopInterval" seconds (the script 'sleeps' for "loopInterval" seconds).
These two parameters can be configured via the idp.cfg file on the IDP Sensor as shown below:
nicBypass.watchdogInterval 10 (secs)
nicBypass.loopInterval 3 (secs)
The duration specified against watchdogInterval controls how long the IDP will stay in the hang state before the activation of Bypass on the interface pairs or before the interfaces are forced into bypass mode. Practically, watchdogInterval specifies the value from which the timer will count down to zero. The command "bypassStatus" lets us know the status of the interface pairs as shown below:
BYPASS STATUS: Tue Mar 4 09:32:18 PST 2008
Status for nicBypass daemon : on
Watchdog timer setting(sec) : 10
Watchdog loop reset interval(sec): 3
NIC Setting Current State WD Time Left(ms)
---------------------------------------------------------------
eth2,eth3 ENABLED Normal 9800
eth4,eth5 disabled Normal (wdt inactive)
eth6,eth7 disabled Normal (wdt inactive)
eth8,eth9 disabled Normal (wdt inactive)
The watchdog time is decremented every few ms, as can be seen under the column "WD Time Left(ms)". The moment the "watchdog time left" becomes 0, the interface pair is forced to go into Bypass mode. In normal working conditions the nicBypass script would reset the value of watchdog to the configured value after every "loopInterval" seconds. This is how it prevents the interface pairs from going into bypass mode. However, when the IDP is hung which happens due to high CPU utilization, the nicBypass script will not be able to run and the watchdog time keeps decrementing without being reset and eventually becomes 0 causing the Bypass to be activated on interface pairs configured to go to bypass mode.