Re: High Inspection Rate IPS

["Everett, Alex D" <alex.everett () UNC EDU>]

Jeff:

This may be slightly tangent, but-
One consideration you should have is what happens to single high bandwidth "streams" exceeding 1Gbps (or so).
Do they not get inspected, dropped, only the first so many bytes are inspected, or only a subset of inspections take 
place?
Today, we do not have a solution like I believe you are describing.
We use load/stream balancing to attain a theoretical max of 40Gbps, such that each device only receive a portion of our 
total traffic.

Sincerely,

Alex Everett
University of North Carolina - Chapel Hill

On Mar 4, 2013, at 11:41 AM, "Tatum, Jeff" <jtatum1 () UTK EDU<mailto:jtatum1 () UTK EDU>> wrote:

Curious if anyone is using or has any recommendations for IPS products with inspection rates greater than 10Gps.  
Sourcefire has a product that claims a 40Gbps inspection rate, and IBM has one that claims 20Gbps.  Would be interested 
in hearing opinions and thoughts concerning these, or any other IPS products rated >10Gbps.

Thank you,

Jeff Tatum
Network Admin III, Office of Information Technology
Communications: Network Services

The University of Tennessee
103D6 Kingston Pike Building
2309 Kingston Pike
Knoxville, TN  37996
Phone: 865-974-7424