topic Re: AIM-IPS Performance Limits? in Network Security

AIM-IPS Performance Limits?

kstarnes11 — Sun, 10 Mar 2019 12:13:10 GMT

We are using an AIM-IPS module in a 1841 and it has been working fine, however we just upgraded our broadband link and didn’t notice a increase in throughput.

We were consistently getting about 16 meg download speeds and this didn’t change with the new service tier. Removing the IPS module (no ids-service module monitoring inline) does give us the new speeds (35+ meg down)

I thought the AIM-IPS module had a limit of 45 meg throughput, before I trouble shoot more, shouldn’t I expect throughput closer to the 45 meg limit?

Re: AIM-IPS Performance Limits?

fadlouni — Mon, 27 Dec 2010 10:54:56 GMT

Hi.

several factors can limit throughput:

1- make sure you are on a recent release on the ips module to make sure you have the latest performance tweaks.

2- check cpu inspection load on the ips module:

sh statistics virtual-sensor | inc Load

if it's very high this will limit throughput and you'll need to tweak your current set of signatures to be less busy.

3- make sure the router side is also not having performance issues (check "show proc cpu").

4- are there any features configured on the router side that could be cpu intensive? like zone based firewall, tcp settings etc...

Regards,

Fadi.

Re: AIM-IPS Performance Limits?

kstarnes11 — Mon, 27 Dec 2010 19:55:07 GMT

Ok thanks for the tips - I will do some more investigation.

It is running a zone based firewall, but by just removing the "ids-service module" lines I saw a decent gain in throughput.

That is, zone firewall still configured but with no ids module: we were getting the expected speeds. I was thinking that while the module might add a little latency, since it had its own CPU/Memory it shouldn't cause such a degradation.

I will do some more testing/monitoring - I guess I really wanted to make sure that the ids module was capable of faster performance than I was seeing (i.e. I wasn't troubleshooting a performance problem that wasn't really a problem but was within spec for the device)

Re: AIM-IPS Performance Limits?

kstarnes11 — Tue, 28 Dec 2010 03:03:21 GMT

Ok a little more details:

IPS Software: 7.0(4) E4

I removed the zone firewall and all VPN configuration from the router and now have a 1841 with a pretty minimal config.

With only NAT, no firewall, no routing protocols, no IPS - it runs a pretty constant 60Mbits throughput between a inside and outside host (using iperf)

Insert the ids-service-module monitor into either (or both interfaces) and the throughput drops from 60Mbits to 20Mbits.

Interestingly the throughput stays the same even with both FastEthernet interfaces configured for the IPS. i.e. It never drops below 20Mbits.

The router CPU is @ 85% (with and without the IPS enabled)

The IPS module inspection load is constant at about 22%

Any thoughts?

Thanks!!