cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1983
Views
0
Helpful
7
Replies

IPS for 10GB

Patrick Colbeck
Level 3
Level 3

Hi

I have a customer who wants an IPS that can support a full 10GB throughput. This is to go with a data center taht will be Nexus 7000 based with 6500 service switches hung off it. Anyone know of a way of doing this with Cisco kit as I really do't want to have to go wIth a  Juniper IDP 8200.

Thanks

Pat

7 Replies 7

Panos Kampanakis
Cisco Employee
Cisco Employee

Cisco's IDS and IDSM blades do not support 10Gbps YET.

the best IDS has about hlf name speed.

The solution that I could suggest is considering to have 2 IDSes in an Etherchannel and have them both inspect traffic.

That could scale well for atomic signatures.

I hope it helps a little.

PK

Leo Laohoo
Hall of Fame
Hall of Fame

The highest is the ASA5540 with AIP SSM but it won't support 10Gb.

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

Thanks guys. Looks like I will have to go with the Juniper. At least MARS supports the Juniper so it'snot a total loss on the Cisco front.

The highest Cisco IDS is the 4570 that can do up to 4Gbps.

ASA with AIP has much less throughput.

don't even consider an AIP for the throughput you need.

PK

I am interested in this as well.

pkampana, the OP brought up IPS.  Is there a distinction among Cisco's products in the context of throughput operating as an IDS vs IPS.  In that IPS actively "denies" attackers/packets/connections which it calculates as harmful (via the Risk Rating formula)?  I am not asking about the "Block" actions, only "Deny" actions.

I understand that the message is the AIP sensors cannot perform at the same rates as the appliances.  I would not be surprised at this.

Can one Cisco IPS appliances be inserted into ALL flows of data between ALL logical interfaces of a Cisco ASA, or, would a firm need to purchase one Cisco IPS appliance for each logical interface, or would it only be able to operate as an IDS?  If this particular design scenario is documented, I’m overlooking it. 

Thanks.

The AIP scans packets in the ASA's backplane, so it doesn't have to do with interface pairs.

The throughput it can do is not asa hagh as 10Gbps. Not even close. check the AIP-SSM model for specs.

I hope it helps.

PK

pjsutton1
Level 1
Level 1

We have been using the 4260's and 4270's but are now going to

10gb. Rather than etherchanneling enought 4270's to get to 10gb or waiting

on the stability of the new Cisco 10gb sensors getting released soon our need is now. So after extensive testing we have decided to go with McAfee M8000's where we need the 10GB line speed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: