Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor II
Posts: 12
Registered: ‎07-01-2009

Tipping Point IPS problem - inspecting GRE traffic?

Does anyone have a Tipping Point IPS in between their controller and APs? We are having a problem with the IPS inspecting the packets and causes a large amount of latency. We've tested on a switch that doesn't go through the IPS and it works fine however if we put that access point on a switch that hits the IPS and then the controller we get terrible performance. We have also singled out the IPS by putting it into layer 2 failover and the performance returns to a normal/expected level and after bringing the IPS back into service the performance is terrible again. We are thinking that the IPS is inspecting the GRE packets because they look suspect but doesn't block them.

Does anyone that have a rule or policy to avoid this or knows which policy to modify? Any help would be appreciated.

Thanks!
Guru Elite
Posts: 20,782
Registered: ‎03-29-2007

Tipping Point


Does anyone have a Tipping Point IPS in between their controller and APs? We are having a problem with the IPS inspecting the packets and causes a large amount of latency. We've tested on a switch that doesn't go through the IPS and it works fine however if we put that access point on a switch that hits the IPS and then the controller we get terrible performance. We have also singled out the IPS by putting it into layer 2 failover and the performance returns to a normal/expected level and after bringing the IPS back into service the performance is terrible again. We are thinking that the IPS is inspecting the GRE packets because they look suspect but doesn't block them.

Does anyone that have a rule or policy to avoid this or knows which policy to modify? Any help would be appreciated.

Thanks!




Bill, I am not familiar with Tipping Point, but I will quote someone who is:

"I would agree that this would be an issue. The TippingPoint IPS
does not understand the data that is passing
thru it. It does have the ability to inspect traffic inside a GRE tunnel,
but it would not be able to break the client to controller encryption so all
packets would have to hit the slow path before it can pass the traffic. The
CPU on the TippingPoint must be pegged because the slow path eats up a ton
of resources on the device.

I would recommend that they either bypass the IPS for the traffic between
the AP's and controller or if they can not I would make sure that they
included a rule / filter that allows all GRE tunnel traffic to pass
uninspected to the Aruba Controller."


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: