Scalable and Effective IPS Technology
- Traditional, inline bridged configurations where the IPS device forwards traffic between two Ethernet ports (at 1 Gbps or 10 Gbps)
- Soft IPS –an innovative passive IPS that allows to block unwanted TCP sessions without requiring Ethernet bridging.
The following table details the advantages and drawbacks of the two types of configuration. With the exception of being able to block UDP and ICMP packets, Soft IPS offers great operational advantages. Traditional inline configurations are only recommended in deployments which make significant use of UDP protocols.
|IPS Type||Inline IPS||Soft IPS|
|Real Time IP Address Block||No||Yes|
|Blocks UDP and ICMP||Yes||Partial|
|Software Failure||All Traffic Stops||All traffic through|
|Hardware Failure||All Traffic Stops||All traffic through|
|Power Loss||All traffic through||All traffic through|
|Performance Impact||200 µs latency||None|
More on Soft IPS
MetaFlows’ Soft IPS technology blocks unwanted traffic in passive mode. MetaFlows’ Soft IPS does this by injecting spoofed TCP packets into the network to disrupt unwanted communications. This idea (also employed by the Great Firewall of China) is coupled with a new algorithm that will safely predict what traffic to block based on observed communication patterns.
Soft IPS Features Summary
- Runs entirely in software and can scale to 5 Gbps of network traffic on standard servers.
- Runs in passive mode (not inline). This is can be a huge advantage because traditional, inline IPS configurations pose a higher risk to your network availability.
- Uses powerful active response technology to block unwanted traffic (Bots, spyware, P2P, etc..) and actively learns which hosts on a network need to be isolated.
More on Inline IPS
We have developed cost-effective IPS load balancing technology that is capable of achieving extremely high performance with inexpensive off-the-shelf multi-core commodity processors. The technology can also scale to dual or quad processor boards to increase parallelism even further up to 64 cores and achieve IPS throughput nearing 10 Gbps.
As the graph illustrates, 1 core inline can only sustain 100 Mbps or less (this is what standard servers could achieve without the MSS). In this paper we parallelized the inline processing from 1 to 8 cores to demonstrate almost 700 Mbps sustained IPS throughput with 200 µs latency. Performance numbers are greatly affected by the type and number of IPS rules used and the type of traffic being sent through.
Inline IPS Features Summary
- Runs on inexpensive standard off-the-shelf servers.
- Performance can scale using multiprocessor.
- Can block all protocols.