Re: IPS technology question.

From: Jason Wright (jason_at_nfr.net)
Date: 08/30/05

  • Next message: Joseph Hamm: "RE: IPS comparison" 
    Date: Tue, 30 Aug 2005 14:56:16 -0400
To: focus-ids@securityfocus.com

    On Tue, THolman@toplayer.com said a little something like:
    > A standard PCI bus (PCI-X, 133Mhz) is only capable of 1.06Gbps. This means
    > 530Mbs in, and 530Mbs out, not taking into account things like hard-disks,
    > logging/reporting and any packet inspection, which only serve to pull this
    > number down further.
    > It is architecturally impossible for a standard Intel platform to attain a
    > throughput of anything higher than 530Mbs, let alone the 2Gpbs you claim
    > below?
    > A further explanation of these figures may help clear things up?
    >
    > Regards,
    >
    > Tim

    Nope.

    Let's look at the math... 133Mhz * 64bit = 8Gbit/sec. That's assuming
    100% efficiency... PCI-X is ~70% or so... so we get: ~6Gbit/sec. Assuming
    we have traffic to flow in both directions: 3Gbit/sec full duplex.

    AND that's PCI-X 1.0... PCI-X 2.0 specifies two faster clock speeds:
    266MHz (16Gbit/sec 100% efficiency) and 533MHz (32Gbit/sec, 100%).

    The only way your statement is true is if the devices are running 33Mhz
    on a 32bit bus. I doubt any serious vendor is running 32bit/33Mhz
    devices. Now, if you have any slow device, the bus will take the clock
    speed of the slowest device along the path to the cpu... Usually big
    systems will have a separate bus for each slot (or will group them),
    so taking the slowest device on a bus is not a killer.

    Simple multiplication.

    --Jason L. Wright
      NFR Security, Inc.
      jason@nfr.com

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: Joseph Hamm: "RE: IPS comparison"

    Relevant Pages

    • Re: PCI-e x1 or PCI-X 133?
      ... Neither does it have serial protocol (to replace the parallel bus protocol). ... transferrates like "132MByte/s" because parallel PCI transfers Bytes ... Again, what PCI-X. ... Like conventional PCI adapters, PCI-X adapters can implement a 64-bit ...
      (comp.periphs.scsi)
    • Re: PCI-e x1 or PCI-X 133?
      ... I have taken 250MByte/s per lane to compare with parallel PCI ... with no clock recovery overhead over the physical layer. ... Again, what PCI-X. ... AFAIK every PCI-X card or bus itself must be 3.3V and 64Bit (and must at ...
      (comp.periphs.scsi)
    • Re: How I built a 2.8TB RAID storage array
      ... PCI (and PCI-X) bandwidth is per bus, ... Otherwise I'd have gone with the 7506-8 eight-channel card ...
      (comp.os.linux.hardware)
    • Re: Understanding lspci output
      ... How many PCI buses are there in the system? ... Yes, the devices on bus 01 are PCI-X devices, so there is a PCI-X bus. ... This cannot be inferred from the lspci output -- there is no way how to ...
      (Linux-Kernel)
    • Re: Slow computer
      ... If you attach 2 devices to one "IDE Bus" the transfer of information on the "Bus" will be at the speed of the slowest device. ... If the tech attached the old drive to the same bus as your new drive then it could be disk access speed you are lacking, did the tech advise you not to do that at all? ...
      (microsoft.public.windows.vista.general)