03-15-2010 01:09 PM - edited 03-10-2019 04:55 AM
Hi
I have a customer who wants an IPS that can support a full 10GB throughput. This is to go with a data center taht will be Nexus 7000 based with 6500 service switches hung off it. Anyone know of a way of doing this with Cisco kit as I really do't want to have to go wIth a Juniper IDP 8200.
Thanks
Pat
03-16-2010 01:22 PM
Cisco's IDS and IDSM blades do not support 10Gbps YET.
the best IDS has about hlf name speed.
The solution that I could suggest is considering to have 2 IDSes in an Etherchannel and have them both inspect traffic.
That could scale well for atomic signatures.
I hope it helps a little.
PK
03-16-2010 03:04 PM
The highest is the ASA5540 with AIP SSM but it won't support 10Gb.
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
03-16-2010 03:16 PM
Thanks guys. Looks like I will have to go with the Juniper. At least MARS supports the Juniper so it'snot a total loss on the Cisco front.
03-16-2010 05:14 PM
The highest Cisco IDS is the 4570 that can do up to 4Gbps.
ASA with AIP has much less throughput.
don't even consider an AIP for the throughput you need.
PK
03-17-2010 12:07 PM
I am interested in this as well.
pkampana, the OP brought up IPS. Is there a distinction among Cisco's products in the context of throughput operating as an IDS vs IPS. In that IPS actively "denies" attackers/packets/connections which it calculates as harmful (via the Risk Rating formula)? I am not asking about the "Block" actions, only "Deny" actions.
I understand that the message is the AIP sensors cannot perform at the same rates as the appliances. I would not be surprised at this.
Can one Cisco IPS appliances be inserted into ALL flows of data between ALL logical interfaces of a Cisco ASA, or, would a firm need to purchase one Cisco IPS appliance for each logical interface, or would it only be able to operate as an IDS? If this particular design scenario is documented, I’m overlooking it.
Thanks.
03-17-2010 01:34 PM
The AIP scans packets in the ASA's backplane, so it doesn't have to do with interface pairs.
The throughput it can do is not asa hagh as 10Gbps. Not even close. check the AIP-SSM model for specs.
I hope it helps.
PK
09-01-2010 06:34 AM
We have been using the 4260's and 4270's but are now going to
10gb. Rather than etherchanneling enought 4270's to get to 10gb or waiting
on the stability of the new Cisco 10gb sensors getting released soon our need is now. So after extensive testing we have decided to go with McAfee M8000's where we need the 10GB line speed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: