01-31-2006 11:18 AM - edited 03-10-2019 01:52 AM
Hi,
I'm hoping that I can ask a question here about the IPS function built into the AdvSec versions of IOS?
I have experimented with implementing the default signature set on 3845's (12.4 mainline, 1GB dram) - and it works well; but the CPU utilization jumps from around 10% to ~30% - without any other changes.
Is this much of a jump to be expected? And, is there any "tuning" that can be done to bring it down significantly?
Thanks, Nick
02-09-2006 06:07 PM
Nick;
This is normal and can be tuned (i.e disable sigs for any protocols not in use). I would suggest using the 256MB signature definition file, as that is what I am using and it doesn't add much more overhead than builtin sigs. I have one 2811 in particular feeding 2 T1s w/ MLPPP and taking advantage of the Firewall & IPS features. These 2 features alone only added around 13% extra CPU utilization on this small box.
02-10-2006 05:29 AM
Adam,
Thank you for the reply.
I really appreciate knowing that the sharp jump is to be expected - I was expecting something less than a 100% increase in CPU; and it's helpful to know that the 256 sig set is close in performance to the built-ins.
Many thanks,
Nick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide