[Snort-users] Sizing a system for gigabit backbone

Erik Engberg Erik.Engberg at ...511...
Mon Nov 6 15:02:39 EST 2000


Toplayer appswitch:

Well, we are still evaluating and only got the 2502 to do that with. It´s by
far inferior to the 3500 series, which we are looking to get our hands on,
but it´s the same software and I must say, the software really kicks ass
functionally. Just the performance testing to go which we don´t have lab
equipment to do properly (not enough gigabit cards) ;(
Seems to handle saturated 100mbit without much sweat though (the 2502)
including some stateful firewall inspection rules and mirroring to 2 IDS
groups with 2 IDSs load balanced in each (Realsecure and snort)...

They told us they have made tests on the 3500 with 800 mbits traffic
loadbalanced unto 8(?) ISS real secure engines (although I doubt that RS can
handle 100mbit).

According to specs the 3500 should be able to handle 128k new connections
per second (the 2502 only about 16k or was it 32k connections), which seems
enough to me. List price around 130k british pounds (might be a bit wrong
here, I don´t work for toplayer).

When it comes to switching, it´s far below Alteon AD3-AD4 (which is our
other favourite layer-7 switch. Does 512k connections or so) in performance
(their numbers) but toplayer is the only one with stateful packethandling.
And that *IS* a lot!

Still, seen to function, features and administration, I cannot do anything
but warmly recommend the appswitch for load balancing IDS. When it comes to
performance I cannot tell yet...

Good luck and let me know how/if it works out...

//Erik





-----Original Message-----
From: Victor Barahona [mailto:victor.barahona at ...700...]
Sent: den 6 november 2000 20:21
To: Erik Engberg
Subject: Re: [Snort-users] Sizing a system for gigabit backbone


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 06 November 2000 16:24, you wrote:
>Did you see my earlier post in this thread? We are testing the toplayer
>appswitch that takes 2 fibre gigabit and can do ids loadbalancing. Works
>real nice so far.

Sorry, I lost your mail in the caos :(

After reading your (already found) mail, I think something similar to that 
is what we need. What's aprox the price of a AppSwitch? I suppose you have 
a 3500 (AS3512). I have been looking for it in the toplayer web but I 
did't find any information. I need to give an aproximately idea to my boss.

Have you test it with really HIGH trafic peaks?

Thanks.

- -- 
"Alone? you are not alone, Bigbrother is watching you"

- ------------------------------------------------------------------------
Victor Barahona..........................http://www.utc.uam.es/~barahona
Soporte Seguridad en red.................http://www.utc.uam.es/ss
Unidad Tecnica de Comunicaciones
Universidad Autonoma de Madrid
Tlf.- 91 397 5525                                      PGP ID-0x8750AB79
- ------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOgcEoUoW8ByHUKt5EQJG9QCeOcrPL7WLYYqZLcdAHp3EABfghj4AoMgE
Jxky07BoH0wzHsqoKT2nvs/3
=SDcI
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list