We have installed the following models of IDS sensors: model NRS-2FE and IDS-4230 with 512 MB RAM and 10/100 EtherPower NICs. They are configured for 100 Mbps.
Is there any documentation or rule of thumb to determine the maximum monitoring capacity before the sensor will start to loose packets. Is there any way that we can check whether the sensor analysis function is keeping up with the traffic?
The NRS-2FE will probably have a problem keeping up with a full 100 Mbps of network traffic if you are running the more recent versions of the IDS software. As we have improved the reliability of our algorithms we have required more CPU to maintain the ability to keep up with the packet rate. Unfortunately, to my knowledge, we haven't recently run a performance test with that sensor model. Based on my familiarity with the processor utilization on other platforms though I would estimate that you will begin experiencing a slight loss of traffic in the 60-70 Mbps range and that the performance will continue to degrade from there.
The 4230 is tested routinely with every release of new software and will handle a full 100 Mbps of normally distributed network traffic.
At the moment there is no reliable way to determine if either sensor is experiencing packet loss. We are in the process of developing a method to detect this, but it requires some interaction with the suppliers of the NIC cards and therefore the process is a little slower than we would like.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :