13.2 Commericial IDS Load Balancers

Another strategy for easing the load on a single sensor in a high-demand environment is to spread the workload across multiple sensors. These devices (commonly referred to as IDS load balancers) make a copy of the traffic on a network link and send traffic to or from a group of hosts to a particular sensor, and traffic to or from another group of hosts to another sensor. Some of the devices available can distribute the traffic across 10 or more sensors. These solutions perform as advertised, but they do not have small price tags. There are three main commercial players in this niche.

13.2.1 F5 Network's VLAN Mirroring with Big Iron Switches

F5 Networks ( has the ability to mirror multiple VLANs on their Big Iron line of switches. This mirroring can be used to distribute traffic load across multiple IDS sensors. With blazing fast backplanes, there are very few environments in which these devices would have trouble keeping up.

13.2.2 Radware's Fireproof Appliance

Radware ( has a device called FireProof that can be used as an IDS load balancer. It already integrates code that performs an IDS function, making additional sensors somewhat redundant.

13.2.3 Top Layer Network's IDS Balancer

Top Layer Networks ( was the first on the market with a dedicated IDS load balancer capable of multigigabyte bandwidth channeling. This is a very good choice when you have a group of sensors available. It is fast and easy to configure.

