Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Niels_van_Sluis
Contributor

IPS Bypass and VSX

Secure Knowledge Solution ID sk107334 says:

"IPS Bypass Under Load mechanism looks at the indiviual core utilization rather than the average core utilization. As a result, spikes in individual core usage may pass the treshold and subsequently trigger the IPS Bypass Under Load mechanism, even if overall CPU utilization is still under the threshold for activation."

How does this relate to VSX virtual systems? For example, could a CPU under load that has it's affinity set to a NIC that is only used in VS X, trigger an IPS Bypass for VS Y and VS Z that are on the same VSX host? 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

0 Kudos
Zolo
Participant

@PhoneBoyI do not find the thread on that link 😕

0 Kudos
PhoneBoy
Admin
Admin

That link is quite old and when we were on a different platform...not relevant anymore.
In any case, the SK is not relevant after R77.30 as Dynamic Dispatcher should handle this situation (as I understand it).

0 Kudos
Henrik_Noerr1
Collaborator

We are running r80.40 take 125+ and a fully loaded SND will enable bypass on all Virtual Systems.

in my opinion the IPS Bypass is a broken feature on VSX and by extension the IPS blade itself.

That or don't run with bypass enabled, which most organisations will not accept.

 

/Henrik 

0 Kudos