Guest

Cisco IPS 4200 Series Sensors

Field Notice: *Expired* FN - 25674 - Intrusion Detection System 4.1 Software Memory Requirements


Revised May 29, 2008
July 15, 2003


NOTICE:

THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected

Product

Comments

IDS-4210

IDS 4210 Sensor

IDS-4210-K9

IDS 4210 Sensor

IDS-4210-NFR

IDS 4210 Sensor

IDS-4220-E

IDS 4220 Ethernet Sensor

   

Problem Description

Intrusion Detection System (IDS) software releases 4.1 and later have a minimum requirement of 512MB of random-access memory (RAM). When IDS 4.1 is loaded on a sensor with 256MB of RAM there is a possibility that packets will be dropped due to memory contention before the sensor's rated maximum performance level is reached.

The IDS 4210 and 4220-E sensors originally shipped with 256MB of RAM and are the only sensors not able to meet the new 4.1 minimum requirements with their default RAM. IDS 4210 sensors now ship from manufacturing with 512MB of RAM. In addition, Cisco is offering a free RAM upgrade for IDS 4210 and 4220-E sensors covered by SMARTnet contracts.

Background

The number and complexity of signatures supported in the IDS software releases has grown to the point that sensors with 256MB of RAM running release 4.1 or later exhaust their memory resources before their stated maximum performance levels.

Problem Symptoms

The IDS 4.1 software upgrade image will fail to install on systems with less than 512MB of RAM. A memory size check is performed as part of the upgrade process and the installer will error out if it does not detect 512MB of RAM installed on a 4210 or 4220-E.

The IDS 4.1 recovery CD will, however, install a 4.1 image from scratch if it is used on a system with only 256MB of RAM. It is highly recommended that you verify your installed RAM using the commands detailed below before trying to utilize an IDS 4.1, or later, recovery CD.

If IDS 4.1 is somehow successfully installed on a 256MB 4210 or 4220-E sensor it will experience higher memory utilization rates as it approaches its maximum specified performance levels. Once maximum memory utilization is reached on any sensor the analysis engine will miss packets and affected signatures will potentially not fire.

Workaround/Solution

Customers with SMARTnet contracts covering 4210 and 4220 sensors may order RAM upgrades free of charge using the Product Upgrade Tool (registered customers only).

The memory upgrade parts IDS-4210-MEM-U= and IDS-4220-MEM-U= are also available for sale directly from Cisco as well as from distributors.

How To Identify Installed Memory

To identify the installed memory quantity using the IDS Device Manager (IDM):

  1. Go to the Administration tab.

  2. Select the Support sub-menu

  3. Select System Information from the TOC on the left

  4. Under Memory Usage, system memory is listed as totalBytes=256000000 for systems with 256MB memory. It is listed as totalBytes=512000000 for systems with 512MB memory.

The above values are approximate and actual reported values will vary by model and software release, however 256MB systems will display around 250 million bytes and 512MB systems will display around 500 million bytes.

To identify the installed memory quantity using the IDS command-line interface (CLI):

  1. Type show version.

  2. Memory usage, including available memory, is listed just under Sensor up-time. The values shown here will be identical to what IDM would display as noted above.

Here is sample CLI output from a 256MB IDS 4210 sensor:

HWDEV-MM01# show version
Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(0.3)S42(0.3)

OS Version 2.4.18-5smpbigphys
Platform: IDS-4210

Using 161103872 out of 244531200 bytes of available memory (65% usage)
Using 528M out of 7.8G bytes of available disk space (7% usage)


MainApp 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
AnalysisEngine 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
Authentication 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
Logger 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
NetworkAccess 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
TransactionSource 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
WebServer 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 Running 
CLI 2003_May_09_06.00 (Release) 2003-05-09T06:09:22-0500 

Upgrade History:

No upgrades installed

Recovery Partition Version 1.1(0.1) - 4.1(0.3)S42(0.3)


HWDEV-MM01#

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: