Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How does IOS IPS affect throughput performace?

Hi Support people,

I have been trialling IOS IPS on a number of Cisco ISRg2 routers and I have found that after enabling it the CPU jumps to 99% and I see packet drops (ingress) on the interface that IPS is applied.

Has anyone else successfully deployed IOS IPS? If yes what router/s have you used and what did you do to mitigate high CPU usage and packet drops?

Thank you in advance for all of your quick reply’s

Everyone's tags (3)
1 REPLY
Community Member

How does IOS IPS affect throughput performace?

Using IOS-IPS is recommended for some very basic use and small deployments only.

As there are limited resources available on the router; using IOS IPS has a direct impact on the speed/throughput of the router and generally not recommended to enable most of signature on it.

We only recommend enabling some  very basic signature package on the IOS-IPS for basic packet inspection.

Enabling all the signatures can result in high CPU on the router as well.'

Datasheet

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd803137cf.html

Getting Started with IOS IPS ― A Step-by-Step Guide

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper0900aecd805c4ea8.html

The above guide will be very helpful.

Regards

Sachin

1022
Views
0
Helpful
1
Replies
CreatePlease to create content