08-05-2013 08:26 AM - edited 03-10-2019 06:01 AM
Hello,
i learned today the IPS-NME-K9 modules for the 29er routers are EoL. We are using a bunch of them on our edge router facing to our mpls backbone. We were told to use the IOS based IPS solution. I believe the performace will not be the same as with the Hardware moduls. Does anybody can provide us with some numbers regarding performace and functionality?
thanks in advanced
Alex
08-05-2013 11:46 AM
As you might know, both the NME module and the 2900 router series have a 75Mpbs throughtput, so,
theoretically throuhgput will be the same if you move to IOS IPS.
In practice, well, that'll depend on how much traffic traverses the router at any given time and the functions it performs,
not to mention to the processing resources available.
As you might also know, the IPS AIM and IPS NME have their own CPUs and DRAMs for all IPS functions.
They offload router CPU from processor-intensive tasks such as deep packet inspection from the host router.
The following was taken from a Q&A document :
Q. What are the differences between the Cisco IPS modules and Cisco IOS IPS?
A. Following are some of the major differences between the Cisco IPS AIM and IPS NME and Cisco IOS IPS:
• Cisco IPS AIM and IPS NME have dedicated CPU and DRAM to offload IPS processing, whereas Cisco IOS IPS shares router resources with other processes.
• Cisco IPS AIM and IPS NME support both inline and promiscuous mode, whereas Cisco IOS IPS supports only inline mode.
• Cisco IPS AIM and IPS NME can support all Cisco IPS signatures that are not retired by default, whereas Cisco IOS IPS can support only a user configurable subset.
• Cisco IPS AIM and IPS NME run Linux-based Cisco IPS Sensor Software, whereas Cisco IOS IPS runs a Cisco IOS Software-based IPS code.
This too:
Lightweight Signature Engines for HTTP, SMTP and FTP protocol signatures and Regular Expression Table chaining available also in 15.0(1)M Release
Memory efficient traffic scanning for attack signatures consuming less memory on the router.
Capability to provide protection for larger number of common threats and vulnerabilities.
Finally, a comparison between the module and the software-based version. Not sure if this is still a valid document, i believe it's from 2007.
It has some good points though.
Couldn't find any information about performance comparison under the same circumstances, i guess it will be a good idea to begin the migration with a couple of sites and compare performance of the units.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide