Hi John,
Regarding the scenario described below I guess there are two options:
1)Run 2 IDSM modules each with 2 virtual sensors (One in Inline mode for
traffic going to the internet) and with promiscuous mode for traffic going
internally. In this way even if the core switch fails the other core switch
will be able to do the same thing. The problem with this is that the
performance/throughput of the IDSM module will be degraded as it is
distributed across the 2 Virtual sensors, and up to my knowledge there isn't
a way to give each one a treatment.
2)Run One IDSM module only for Internet Purpose and another one for Internal
traffic each on a core switch. This will definitely improve the performance
however the point is that if the core switch fails you will be somehow
"open" to attacks..
Thus it is a matter of availability versus performance..which one counts
most:)
HTH,
On Sat, Oct 9, 2010 at 4:05 PM, John Haddad <loserboy3000_at_hotmail.com>wrote:
> Hi everyone,
>
>
>
>
> Currently we are trying to deploy two core switches 6509
> with VSS (Virtual Switching System) and we have only two IDSM2
>
>
>
> My concern what is the best solution to deploy the IDSM2 (WS-SVC-IDSM
> 2)
>
>
>
>
>
>
>
>
>
>
>
> 1- Having two IDSMs on one CORE switch 6509 while the other
> CORE switch doesn t have any IDSM2 (one will be dedicated for the internet
> traffic inline mode and the other for LAN traffic promiscuous mode )
>
>
>
> =====>
> we loss the concept of the redundancy and increase the throughput and
> incase
> of failure we will be under risk
>
>
>
> 2- Having one ISDM2 on one core switch with two virtual sensors one
> works as inline mode for internet traffic and the other sensor will work as
> promiscuous for LAN traffic and the other IDSM2 will be on the second
> switch
> for setting idle for redundancy and failover
>
>
>
> =====>
> we increase the redundancy concept but we degrade the throughput
>
>
>
>
>
> For me I will with option 2 ===>what do you say????
>
>
>
>
>
> A side from that we have 10 Mb internet link
>
>
>
> Information about IDSM2
>
> Passive (promiscuous mode):
>
>
>
> 600
> Mbps
>
> 6,000 new TCP connections per second
>
> 6,000 HTTP transactions per second
>
> 60,000 concurrent connections
>
>
>
> Inline mode:
>
> 500 Mbps
>
> 5,000 new TCP connections per second
>
> 5,000 HTTP transactions per second
>
> 50,000 concurrent connections
>
> Supports up to 500,000 concurrent connections
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Sun Oct 10 2010 - 11:57:50 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART