4
System Overview
Core Controller
The TippingPoint Core Controller is a hardware-based device that enables inspection of up to 20 Gbps of
traffic by sending the traffic to as many as 24 IPS device segments. The CoreController can control traffic
across its three 10GbE network segment pairs and across multiple TippingPoint E-Series IPS devices. IPS
devices are connected by 1GbE uplinks, and each packet that is received on a 10GbE CoreController
interface passes through a load balancer that then determines the IPS connection to use for transmitting the
packet.
The Core Controller provides:
•
10GbE bidirectional traffic inspection and policy enforcement
•
High Availability with an optional Smart ZPHA module
•
Central management through the SMS
NOTE:
The Core Controller can be used with the 2400E and 5000E IPS devices, and with all N-Platform
and NX-Platform devices.
High Availability
TippingPoint devices are designed to guarantee that your network traffic always flows at wire speeds in the
event of internal device failure. The TippingPoint System provides Network High Availability settings for
Intrinsic Network HA (INHA) and Transparent Network HA (TNHA). These options enact manually or
automatically, according to settings you enter using the clients (LSM and SMS) or LCD panel for IPS
devices. Zero-Power High Availability (ZPHA) is available for the IPS as an external modular device, as
optional bypass I/O modules on NX-Platform devices, and for the Core Controller as an optional Smart
ZPHA module.
The IPS uses INHA for individual device deployment and TNHA for devices deployed in redundant
configurations in which one device takes over for another in the event of system failure. With INHA, a
failure puts the device into Layer-2 Fallback mode and permits or blocks traffic on each segment. In TNHA,
multiple IPS devices are synchronized so that when one device experiences a system failure, traffic is routed
to the other device with no interruption in intrusion prevention services.
SMS high availability provides continuous administration through an active-passive SMS system
configuration. A passive SMS is configured, synchronized with the active system, and waits in standby
mode and monitors the health of the active system. If the health or communications check fails, the passive
SMS will be activated.
The ZPHA modular device can be attached to an IPS to route traffic in the event of power loss. Smart ZPHA
modules, which are wired into the device, and bypass I/O modules, which are installed directly into
NX-Platform devices, perform the same function.
Threat Suppression Engine
The Threat Suppression Engine (TSE) is a line-speed hardware engine that contains all the functions
needed for Intrusion Prevention, including IP defragmentation, TCP flow reassembly, statistical analysis,
traffic shaping, flow blocking, flow state tracking and application-layer parsing of over 170 network
protocols.
The TSE reconstructs and inspects flow payloads by parsing the traffic at the application layer. As each
new packet of the traffic flow arrives, the engine re-evaluates the traffic for malicious content. The instant
the engine detects malicious traffic, it blocks all current and all subsequent packets pertaining to the traffic
flow. The blocking of the traffic and packets ensures that the attack never reaches its destination.
The combination of high-speed network processors and custom chips provide the basis for IPS technology.
These highly specialized traffic classification engines enable the IPS to filter with extreme accuracy at
gigabit speeds and microsecond latencies. Unlike software-based systems whose performance is affected