Another question would be:
- How big is the rule base?
- Any exceptions
- How many filters/signatures/detection features failed to analyze the
traffic before the latency treshold was exceeded?
- Is the rule base based on a scenario where you for example pretend to
protect a windows server and workstation network, and therefor enable
all signatures for this - and turn off all *nix signatures? Or the other
way around? Or a pure web-/app-/database server network?
A lot of these tests fail to test the devices in a "near real world
scenario" where the IPS is configured with an adjusted rule base based
on typical assets, risks, firewall rules, exceptions, vlan tags etc.
We've seen gbit certified solutions starting to fail at 15mbit with
<2000 sessions during PoC's....
T
C-Info skrev:
The question I would also ask is was this complete capture or sampling of
the traffic?
Curt
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Addepalli Srini-B22160
Sent: Thursday, February 19, 2009 1:57 PM
To: Ravi Chunduru; [email protected]
Cc: [email protected]
Subject: RE: 10Gbps IPS - what you need to know
Copied from the test report: "The device ably supported over 11Gbps
of traffic with the larger HTTP response sizes (21KB) and lower
connections per second (5,000 CPS per Gigabit of traffic) found on
typical corporate networks".
It appears to be some calcualtion mistake! It comes to around
820-830Mbps (21Kbytes * 5000 ), not 11Gbps throughput!
I think you missed "5000 CPS per gigabit of traffic". Since it is 10G
box, I would assume that there was 50000 CPS in total which gives around
8.5Gbps. If you add usual overheads TCP header, IP header, Ethernet
header, the total throughput might go beyond 8.5Gbps.
Regards
Srini
