Re: IPS Reliability/Availability



We have several IPS vendors submitting Multi-Gig IPS products on the Bivio
platform this year - results will be available in our multi-Gigabit IPS
report in the summer.

Results from testing 1Gbps products on this platform will be available in
the next few weeks

Having done some very "quick and dirty" tests of the Bivio box on its own, I
can confirm that the performance is pretty impressive, and the
architecture/scalability looks good.

Will be very interesting to see how the "software plus RISC" stacks up to
the "ASIC/FPGA" solutions over time in terms of both performance and cost -
should be an interesting report! :o)

Bob Walder
The NSS Group


On 20/2/06 01:40, "Alan Shimel" <ashimel@xxxxxxxxxxxxxxx> wrote:

Marty

Correct me if I am wrong, but that is on the bivio box correct?
Interestingly our tests on this platform were well below the advertised
rates. Are you planning any 3rd party testing of it?

alan


StillSecure
Alan Shimel
Chief Strategy Officer

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel@xxxxxxxxxxxxxxx
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: Martin Roesch [mailto:roesch@xxxxxxxxxxxxxx]
Sent: Thursday, February 16, 2006 1:31 PM
To: David Williams
Cc: geek_brigades@xxxxxxxxx; focus-ids@xxxxxxxxxxxxxxxxx
Subject: Re: IPS Reliability/Availability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi David,

You're referring to our IS 5800 chassis. The 5800 is a carrier grade
platform that uses a multiple PowerPC CPUs as the application
processors. It also uses a network processor for traffic management,
load balancing, and several other capabilities as well as another PPC
for systems management. The system is fully fault tolerant, you can
hot swap power supplies, network interface modules (NIMs), fan trays,
hard drives and even processor boards without requiring a restart of
the system. The NIMs also offer power-off fail-open capability.
Furthermore, the chassis is extensible, it's got a backplane
connector so you can attach another chassis to it and distribute the
applications and traffic across up to 8 more application CPUs (yep,
14 CPUs of Snorting fury) so you've got some pretty significant
investment protection as well because you don't need to get out your
forklift to go to the "next step up platform" to get more
performance, you just add computing power as needed and we can run
all of our network-facing applications on it.

We have configurations that offer 2 or 6 CPUs for our applications
right now and you can run intrusion detection, prevention or RNA in
any combination you like on the device at the same time on it. For
example, you could have one chassis with 4 ports doing IPS, 2 ports
doing IDS and 2 running RNA.

Performance is very good as well, multi-gig processing is available
even in the 2 CPU configuration but obviously I don't have any third
party testing to point to so you can take that for what it's worth.

-Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD9MTvqj0FAQQ3KOARAuKtAJ9zokhur/6W+ASEAaJVRbg/fqeFJACfRoAX
F7rAUA+dmmx1RFnPWj8PR0c=
=eVYv
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



Relevant Pages

  • Re: IPS Reliability/Availability
    ... It will not be included in the MULTI-Gig test for fairly obvious reasons ... platform this year - results will be available in our multi-Gigabit IPS ... applications and traffic across up to 8 more application CPUs (yep, ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: IPS Reliability/Availability
    ... platform this year - results will be available in our multi-Gigabit IPS ... applications and traffic across up to 8 more application CPUs (yep, ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: Hot plug vs. reliability
    ... An example are SRAMs used for CPUs with external ... An OS is never platform independent, there always is a machine dependant layer. ... ultra-scale systems where more fault tolerance can be designed in at the OS, ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • RE: IPS Reliability/Availability
    ... Interestingly our tests on this platform were well below the advertised ... It also uses a network processor for traffic management, ... applications and traffic across up to 8 more application CPUs (yep, ... Snort: Open Source Network IDS - http://www.snort.org ...
    (Focus-IDS)