[Snort-users] Snort as Gigabit Sensor
jcoppock1 at ...5068...
Sat Jul 26 19:19:03 EDT 2003
Jason Haar, 2003-Jul-25 12:06 +1200:
> Jeff wrote:
> >Some other posts to this thread talk about getting the max performance
> >out of a single system, up to 300-500Mbps. To get a full Gig (well
> >700Mbps or so anyway) of IDS traffic you'll need to load balance a
> >server farm. Check out the Nortel Alteon Web Switches which have IDS
> Can I just ask a naive question? Needing to load balance is only due to
> the sites requiring PCI-based IDS isn't it? I mean, there are Gb IDS out
> there - they wouldn't need load balancers would they?
Right. Farming multiple 100-300Mbps systems and load-balancing is one
> Pretty scary: Gb Ethernet isn't exactly cutting edge these days - being
> required to go over to load balancers must really change the budget
Chad and Andrew make very good points. If you really are pushing 1GB,
then load-balancing is one option, another option being to build a
Chad makes some great points about some advantages of load-balancers.
Providing high-availability to you IDS farm is nice. Also, being able
to filter traffic to specific IDS systems is also nice.
Jeff Coppock Systems Engineer
Diggin' Debian Admin and User
More information about the Snort-users