Intrusion Detection System (IDS) software releases 4.1 and later have a minimum requirement of 512MB of random-access memory (RAM). When IDS 4.1 is loaded on a sensor with 256MB of RAM there is a possibility that packets will be dropped due to memory contention before the sensor's rated maximum performance level is reached.
The IDS 4210 and 4220-E sensors originally shipped with 256MB of RAM and are the only sensors not able to meet the new 4.1 minimum requirements with their default RAM. IDS 4210 sensors now ship from manufacturing with 512MB of RAM. In addition, Cisco is offering a free RAM upgrade for IDS 4210 and 4220-E sensors covered by SMARTnet contracts.
The number and complexity of signatures supported in the IDS software releases has grown to the point that sensors with 256MB of RAM running release 4.1 or later exhaust their memory resources before their stated maximum performance levels.
The IDS 4.1 software upgrade image will fail to install on systems with less than 512MB of RAM. A memory size check is performed as part of the upgrade process and the installer will error out if it does not detect 512MB of RAM installed on a 4210 or 4220-E.
The IDS 4.1 recovery CD will, however, install a 4.1 image from scratch if it is used on a system with only 256MB of RAM. It is highly recommended that you verify your installed RAM using the commands detailed below before trying to utilize an IDS 4.1, or later, recovery CD.
If IDS 4.1 is somehow successfully installed on a 256MB 4210 or 4220-E sensor it will experience higher memory utilization rates as it approaches its maximum specified performance levels. Once maximum memory utilization is reached on any sensor the analysis engine will miss packets and affected signatures will potentially not fire.
The memory upgrade parts IDS-4210-MEM-U= and IDS-4220-MEM-U= are also available for sale directly from Cisco as well as from distributors.
How To Identify Installed Memory
To identify the installed memory quantity using the IDS Device Manager (IDM):
The above values are approximate and actual reported values will vary by model and software release, however 256MB systems will display around 250 million bytes and 512MB systems will display around 500 million bytes.
To identify the installed memory quantity using the IDS command-line interface (CLI):
Here is sample CLI output from a 256MB IDS 4210 sensor:
HWDEV-MM01# show version Application Partition: Cisco Systems Intrusion Detection Sensor, Version 4.1(0.3)S42(0.3) OS Version 2.4.18-5smpbigphys Platform: IDS-4210 Using 161103872 out of 244531200 bytes of available memory (65% usage) Using 528M out of 7.8G bytes of available disk space (7% usage) MainApp 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running AnalysisEngine 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running Authentication 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running Logger 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running NetworkAccess 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running TransactionSource 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running WebServer 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running CLI 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Upgrade History: No upgrades installed Recovery Partition Version 1.1(0.1) - 4.1(0.3)S42(0.3) HWDEV-MM01#
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: