Cisco Cisco IPS 4520 Sensor Weißbuch
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 1
White Paper
Intrusion Prevention System Performance Metrics
The Importance of Accurate Performance Metrics
Network or system design success hinges on multiple factors, including the expected performance of the elements
involved. Without proper throughput, alignment chokepoints can arise, impacting network traffic availability.
Cables, interface cards, and other simple elements have fairly predictable and accurate performance guidelines.
More sophisticated components such as switches and routers can exhibit a greater range of variance. Security
elements have an equally if not greater range of performance results.
As more organizations move to build security into their networks, the importance of predictable performance
grows. Networks must be engineered to assure that network and application traffic will continue through traffic
surges and variations - and levels typical just a few years ago are far below today’s needs. The mix of traffic types
has changed as well, with more connection-intensive compound applications than ever before. Given the
variability of traffic mixes, the growth in performance, and a cumulative gain in diverse applications plying those
elements, it is increasingly critical to provide an accurate picture of how security devices will behave in these
dynamic environments.
Overview of Performance Metrics
Given the need for accurate performance, it’s vital to determine which metrics are important for the network and
application environments where network security elements will reside.
Types of Performance Metrics
Network and application success is dependent on several performance attributes. The type and location of the
network deployment will influence performance. The types of applications present, which are sometimes aligned
with the network location, have equally important influence on the performance metrics most likely to result in a
successful deployment.
The most frequently mentioned - and most commonly abused - performance metric is throughput. Throughput
is measured in terms of traffic volume passing through a point in the network on a per-second basis. This
coarse-grained measure is independent of traffic content.
Latency is another performance metric describing the amount of time it takes for the traffic to pass through the
device. In effect, it is a measure of the amount of time the security device must take to perform its tasks.
Connection metrics come in either a “maximum count”, or in the form of velocity representing connections per
second. Connection metrics have significant impact on the types of applications being supported, as well as the
types of devices participating.
There are also measures that address high availability, reliability, and recovery; from a network uptime
perspective, these can be critical. Packet drop periods during failover or key transitions can make a critical
difference in some cases. Mean time between failure (MTBF) values can be viable measures to help predict
uptime.