03-03-2011 01:02 AM - edited 03-10-2019 05:17 AM
Hi,
I could not find any information about traffic which is over declared IPS appliance performance (throughput) limit.
Those packets will be droped or will pass through without inspection?
Thanks in advance!
Radim
03-03-2011 02:29 PM
Just for clarification - I mean inline mode.
Are there two possibilities depending on implementation? In case interface pairing packets will be bridged without inspection and in case VLAN pairing packets will be simply droped?
Thank you
Radim
03-05-2011 02:03 PM
Hi Radim,
Oversubscription in IPS is at Interface level or Virtual Sensor level.
Hypothetically say IPS has 6 interfaces each being a gig port.
This does not mean IPS throughput is 6 gigs, since the inspection engine may not be able to handle 6 gig at a time.
For interface level oversubscription, if you send more traffic to an interface than it can handle, then you overwhelm its interface buffers.
The packets get dropped at the interface level.
The ' FIFO errors' counter under 'show interface' will show this error.
Packets dropped because too much traffic it being sent to virtual sensor than it can handle will be seen as 'missed packet percentage' counter.
I shall check if this traffic is dropped or passed through uninspected and let you know.
The throughput of the IPS depends on the type of traffic flowing through it.
Please check the document below which explains IPS performance with some data for 4270.
Hope this helps.
Sid Chandrachud
Cisco TAC - Security Team
03-06-2011 12:13 PM
Hi Sid,
thank you for answer. I am specially interested in this for VLAN pairing mode for IPS-4270 connected to Cat6500 through MultiEtherChannel.
I thing that like there is no possible hardware bypass in VLAN pairing mode its same for overloading, because of retagging process. But maybe. It depends on where retagging is taken.
If you find something relevant, let me know please.
Radim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide