Cisco Cisco FirePOWER Appliance 7020
24-4
FireSIGHT System User Guide
Chapter 24 Using Performance Settings in an Intrusion Policy
Understanding Packet Latency Thresholding
•
Setting Packet Latency Thresholding Options
License:
Protection
The following table describes the options you can set to configure packet latency thresholding.
You can enable rule 134:3 to generate an event when the system stops inspecting a packet because the
packet latency threshold is exceeded. See
packet latency threshold is exceeded. See
and
for more information.
Many factors affect measurements of system performance and packet latency, such as CPU speed, data
rate, packet size, and protocol type. For this reason, Cisco recommends that if you enable packet latency
thresholding, you use the threshold settings in the following table until your own calculations provide
you with settings tailored to your particular network environment.
rate, packet size, and protocol type. For this reason, Cisco recommends that if you enable packet latency
thresholding, you use the threshold settings in the following table until your own calculations provide
you with settings tailored to your particular network environment.
Determine the following when calculating your settings:
•
average packets per second
•
average microseconds per packet
Multiply the average microseconds per packet for your network by a significant safety factor to ensure
that you do not unnecessarily discontinue packet inspections.
that you do not unnecessarily discontinue packet inspections.
For example, the
table recommends a minimum packet
latency threshold of 100 microseconds in a one gigabit environment. This minimum recommendation is
based on test data showing an average of 250,000 packets per second, which is 0.25 packets per
microsecond or, said differently, 4 microseconds per packet. Multiplying by a factor of twenty-five
results in a recommended minimum threshold of 100 microseconds.
based on test data showing an average of 250,000 packets per second, which is 0.25 packets per
microsecond or, said differently, 4 microseconds per packet. Multiplying by a factor of twenty-five
results in a recommended minimum threshold of 100 microseconds.
Configuring Packet Latency Thresholding
License:
Protection
You can enable or disable packet latency thresholding and modify the latency threshold.
Table 24-1
Packet Latency Thresholding Options
Option
Description
Threshold
Specifies the time in microseconds when inspection of a packet ceases. See
the
the
table for recommended
minimum threshold settings.
Table 24-2
Minimum Packet Latency Threshold Settings
For this data rate...
Set threshold microseconds to at least...
1 Gbps
100
100 Mbps
250
5 Mbps
1000