IDS mailing list archives
Re: High availability design of NIDS
From: Mike Johnson <mike () enoch org>
Date: Tue, 01 Mar 2005 08:30:26 -0500
Gary Halleen wrote:
Cisco sensors support etherchannel load-balancing. In this scenario, all IDS traffic would automatically be load-balanced to your sensors. If a hardware or software issue caused a sensor to fail, then that sensor would drop out of the etherchannel group and all traffic would be sent to the remaining sensor(s).
Gary,Can you provide a little more information about this? We have a bunch of 4240s and have noted that they support etherchannel, but that's usually for bonding multiple interfaces on the same system. How does this work for bonding two separate systems into the same channel? Also, wouldn't you get duplicate events?
Thanks! Mike -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- Re: High availability design of NIDS Jose Maria Lopez Hernandez (Feb 28)
- <Possible follow-ups>
- Re: High availability design of NIDS Mike Johnson (Mar 02)
- RE: High availability design of NIDS Gary Halleen (Mar 04)