Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1403
Views
0
Helpful
3
Replies

IPS traffic over performace limit

Radim Jurica
Level 1
Level 1

‎03-03-2011 01:02 AM - edited ‎03-10-2019 05:17 AM

Hi,
I could not find any information about traffic which is over declared IPS appliance performance (throughput) limit.

Those packets will be droped or will pass through without inspection?

Thanks in advance!

Radim

Labels:
0 Helpful
3 Replies 3

Radim Jurica
Level 1
Level 1

‎03-03-2011 02:29 PM

Just for clarification - I mean inline mode.

Are there two possibilities depending on implementation? In case interface pairing packets will be bridged without inspection and in case VLAN pairing packets will be simply droped?

Thank you

Radim

0 Helpful

Siddharth Chandrachud
Cisco Employee
Cisco Employee
In response to Radim Jurica

‎03-05-2011 02:03 PM

Hi Radim,

Oversubscription in IPS is at Interface level or Virtual Sensor level.

Hypothetically say IPS has 6 interfaces each being a gig port.

This does not mean IPS throughput is 6 gigs, since the inspection engine may not be able to handle 6 gig at a time.

For interface level oversubscription, if you send more traffic to an interface than it can handle, then you overwhelm its interface buffers.

The packets get dropped at the interface level.

The ' FIFO errors' counter under 'show interface' will show this error.

Packets dropped because too much traffic it being sent to virtual sensor than it can handle will be seen as 'missed packet percentage' counter.

I shall check if this traffic is dropped or passed through uninspected and let you know.

The throughput of the IPS depends on the type of traffic flowing through it.

Please check the document below which explains IPS performance with some data for 4270.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd806e7283.html

Hope this helps.

Sid Chandrachud

Cisco TAC - Security Team

0 Helpful

Radim Jurica
Level 1
Level 1
In response to Siddharth Chandrachud

‎03-06-2011 12:13 PM

Hi Sid,
thank you for answer. I am specially interested in this for VLAN pairing mode for IPS-4270 connected to Cat6500 through MultiEtherChannel.

I thing that like there is no possible hardware bypass in VLAN pairing mode its same for overloading, because of retagging process. But maybe. It depends on where retagging is taken.

If you find something relevant, let me know please.

Radim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card