IDS mailing list archives
Re: 10Gbps IPS - what you need to know
From: Ravi Chunduru <ravi.is.chunduru () gmail com>
Date: Fri, 27 Feb 2009 08:56:48 -0800
We've seen gbit certified solutions starting to fail at 15mbit with <2000 sessions during PoC's....
This is really interesting. Can you throw some more light on traffic pattern which brings down the performance to 15Mbps? Ravi On Mon, Feb 23, 2009 at 9:16 AM, Trygve Aasheim <trygve () pogostick net> wrote:
Another question would be: - How big is the rule base? - Any exceptions - How many filters/signatures/detection features failed to analyze the traffic before the latency treshold was exceeded? - Is the rule base based on a scenario where you for example pretend to protect a windows server and workstation network, and therefor enable all signatures for this - and turn off all *nix signatures? Or the other way around? Or a pure web-/app-/database server network? A lot of these tests fail to test the devices in a "near real world scenario" where the IPS is configured with an adjusted rule base based on typical assets, risks, firewall rules, exceptions, vlan tags etc. We've seen gbit certified solutions starting to fail at 15mbit with <2000 sessions during PoC's.... T C-Info skrev:The question I would also ask is was this complete capture or sampling of the traffic? Curt -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Addepalli Srini-B22160 Sent: Thursday, February 19, 2009 1:57 PM To: Ravi Chunduru; rmoy () nsslabs com Cc: focus-ids () securityfocus com Subject: RE: 10Gbps IPS - what you need to know Copied from the test report: "The device ably supported over 11Gbps of traffic with the larger HTTP response sizes (21KB) and lower connections per second (5,000 CPS per Gigabit of traffic) found on typical corporate networks". It appears to be some calcualtion mistake! It comes to around 820-830Mbps (21Kbytes * 5000 ), not 11Gbps throughput!I think you missed "5000 CPS per gigabit of traffic". Since it is 10Gbox, I would assume that there was 50000 CPS in total which gives around 8.5Gbps. If you add usual overheads TCP header, IP header, Ethernet header, the total throughput might go beyond 8.5Gbps. Regards Srini
Current thread:
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Feb 19)
- RE: 10Gbps IPS - what you need to know Addepalli Srini-B22160 (Feb 20)
- RE: 10Gbps IPS - what you need to know C-Info (Feb 23)
- Re: 10Gbps IPS - what you need to know Trygve Aasheim (Feb 23)
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Feb 27)
- Re: 10Gbps IPS - what you need to know Trygve Aasheim (Feb 27)
- RE: 10Gbps IPS - what you need to know C-Info (Feb 23)
- RE: 10Gbps IPS - what you need to know Addepalli Srini-B22160 (Feb 20)
- Re: 10Gbps IPS - what you need to know Ravi Chunduru (Feb 27)