Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
1
Replies

IPS-NME-K9 vs. IOS IPS

alex.dersch
Level 4
Level 4

‎08-05-2013 08:26 AM - edited ‎03-10-2019 06:01 AM

Hello,

i learned today the IPS-NME-K9 modules for the 29er routers are EoL. We are using a bunch of them on our edge router facing to our mpls backbone. We were told to use the IOS based IPS solution. I believe the performace will not be the same as with the Hardware moduls. Does anybody can provide us with some numbers regarding performace and functionality?

thanks in advanced

Alex

Labels:
0 Helpful
1 Reply 1

Favaloro.
Level 1
Level 1

‎08-05-2013 11:46 AM

As you might know, both the NME module and the 2900 router series have a 75Mpbs throughtput, so,

theoretically throuhgput will be the same if you move to IOS IPS.

In practice, well, that'll depend on how much traffic traverses the router at any given time and the functions it performs,

not to mention to the processing resources available.

As you might also know, the IPS AIM and IPS NME have their own CPUs and DRAMs for all IPS functions.

They offload router CPU from processor-intensive tasks such as deep packet inspection from the host router.

The following was taken from a Q&A document :

Q. What are the differences between the Cisco IPS modules and Cisco IOS IPS?
A. Following are some of the major differences between the Cisco IPS AIM and IPS NME and Cisco IOS IPS:
•  Cisco IPS AIM and IPS NME have dedicated CPU and DRAM to offload IPS  processing, whereas Cisco IOS IPS shares router resources with other  processes.
• Cisco IPS AIM and IPS NME support both inline and promiscuous mode, whereas Cisco IOS IPS supports only inline mode.
•  Cisco IPS AIM and IPS NME can support all Cisco IPS signatures that are  not retired by default, whereas Cisco IOS IPS can support only a user  configurable subset.
•  Cisco IPS AIM and IPS NME run Linux-based Cisco IPS Sensor Software,  whereas Cisco IOS IPS runs a Cisco IOS Software-based IPS code.

This too:

 Lightweight Signature Engines for HTTP, SMTP and  FTP protocol signatures and Regular Expression Table chaining available  also in 15.0(1)M Release 
 Memory efficient traffic scanning for attack signatures consuming less memory on the router.
 Capability to provide protection for larger number of common threats and vulnerabilities.

Finally, a comparison between the module and the software-based version. Not sure if this is still a valid document, i believe it's from 2007.

It has some good points though.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/product_data_sheet0900aecd806a1b7e.html

Couldn't find any information about performance comparison under the same circumstances, i guess it will be a good idea to begin the migration with a couple of sites and compare performance of the units.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card