IPS Performance Explained
Data sheet performance numbers are often used to make purchasing and deployment decisions for network devices. This is true for Intrusion Prevention Systems (IPS) as well. However, the nature of IPS is such that performance can vary greatly based on multiple factors, including the traffic mix seen at the IPS, signature tuning, and the software version in use. As a result, basing an IPS deployment purely on data sheet numbers is difficult. Cisco has demystified data sheet performance metrics for its IPS 4500 and IPS 4300 products via a detailed technical paper that walks the reader through each performance number.
The paper explores the basis for the “Average inspection throughput” rating (5Gbps/rack-unit for IPS 4520) and contrasts it with “Maximum inspection throughput” (10Gbps/rack-unit for IPS 4520). Further, it provides details on the network latency introduced by a sensor at different packet sizes and frame rates. Finally, it reports on the maximum connections and connections per second that can be sustained by each IPS 4500 and IPS 4300 model.
Any performance paper can cover only a limited set of deployment scenarios. Even so, the IPS performance paper enables the user to confidently narrow his or her choice to 1 or 2 configurations. If you are planning an IPS deployment in the near future, check out the paper at “Performance of Cisco IPS 4500 and 4300 Series Sensors.”