Resolution Steps

Step 1: Identify Problematic Filters

Access CLI: SSH into the TippingPoint device.

Run Command:

show np rule-stats

Analyze Output:

Filter   Flows   Success   % Total   % Success   Zoneless   % Zoneless
8262     2535    0         14        0.00        0           0
...

Column Descriptions:

Filter: Filter ID
Flows: Number of flows sent to deep inspection
Success: Number of successful matches
% Total: Share of total deep inspection flows
% Success: Match rate
Zoneless: Flows triggered on segments where the filter is not enabled
% Zoneless: Ratio of zoneless triggers

Identify Filters to Disable:

Focus on filters with high % Total and 0% Success. Example: Filter 8262 is a candidate for disabling.

Step 2: Disable Unnecessary Filters

Log into SMS: Use the TippingPoint SMS Java client

Navigate to:

Profiles > Inspection Profiles > [Profile Name] > Search

Edit Filter: Locate the filter, click Edit and set State to Disabled

Distribute Profile:

Profiles > Inspection Profiles > Highlight [Profile Name] > Distribute

Step 3: Clear Rule Statistics

Run the following command to clear outdated statistics:

clear np rule-stats

Step 4: Monitor Device Performance

Observe the device for 24–48 hours

Watch for recurrence of Performance Protection or Layer2 fallback

Step 5: Further Analysis and Tuning

Re-run show np rule-stats

Identify additional filters with low success rates

Adjust Category Settings:

Avoid setting categories to actions other than Recommended
Non-recommended settings may enable excessive filters

Resolving Performance Issues in TippingPoint Appliances Due to Over Configuration

Product / Version includes:

TippingPoint TX-Series All , TippingPoint TXE-Series All

Last updated: 2025/06/16

Solution ID: KA-0019748

Category: Configure , Troubleshoot

Summary

When using the TippingPoint inspection devices, users may encounter performance protection leading to a Layer-2 fallback scenario as a result of having too many filters enabled. This condition can cause engine congestion on the inspection device, which can impact the device's ability to process traffic efficiently. Symptoms of this issue include:

Device entering performance protection mode during times of high traffic volume
Layer2 fallback being activated

Filters that send traffic into deep inspection but do not ultimately match inspected traffic can lead to unnecessary resource consumption and performance degradation, prompting the need for further investigation and mitigation strategies.

Resolving Performance Protection and Layer2 Fallback Issues in TippingPoint Inspection Devices

Summary

This article provides a step-by-step guide to diagnosing and resolving performance degradation and Layer2 fallback issues in TippingPoint inspection devices caused by filter over-configuration.

Symptoms

Device enters Performance Protection Mode
Layer2 fallback is activated
High packet drop rates

Root Cause

The primary cause is engine congestion, often due to:

Filters sending traffic into deep inspection without triggering matches
High overhead from filters with no hits, overloading the inspection engine

Resolution Steps

Step 1: Identify Problematic Filters

Access CLI: SSH into the TippingPoint device.
Run Command:
```
show np rule-stats
```
Analyze Output:
```
Filter   Flows   Success   % Total   % Success   Zoneless   % Zoneless
8262     2535    0         14        0.00        0           0
...
```
Column Descriptions:
- Filter: Filter ID
- Flows: Number of flows sent to deep inspection
- Success: Number of successful matches
- % Total: Share of total deep inspection flows
- % Success: Match rate
- Zoneless: Flows triggered on segments where the filter is not enabled
- % Zoneless: Ratio of zoneless triggers
Identify Filters to Disable:
Focus on filters with high % Total and 0% Success. Example: Filter 8262 is a candidate for disabling.

Step 2: Disable Unnecessary Filters

Log into SMS: Use the TippingPoint SMS Java client

Navigate to:

Profiles > Inspection Profiles > [Profile Name] > Search

Edit Filter: Locate the filter, click Edit and set State to Disabled

Distribute Profile:

Profiles > Inspection Profiles > Highlight [Profile Name] > Distribute

Step 3: Clear Rule Statistics

Run the following command to clear outdated statistics:

clear np rule-stats

Step 4: Monitor Device Performance

Observe the device for 24–48 hours
Watch for recurrence of Performance Protection or Layer2 fallback

Step 5: Further Analysis and Tuning

Re-run show np rule-stats
Identify additional filters with low success rates
Adjust Category Settings:
- Avoid setting categories to actions other than Recommended
- Non-recommended settings may enable excessive filters

Conclusion

By following these steps, performance issues in TippingPoint devices can be mitigated. Regular monitoring and filter tuning are essential. For persistent issues, contact Trend Micro Support.

References

TPS Command Line Reference
TippingPoint SMS User Guide

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Resolving Performance Issues in TippingPoint Appliances Due to Over Configuration

Resolving Performance Protection and Layer2 Fallback Issues in TippingPoint Inspection Devices

Summary

Symptoms

Root Cause

Resolution Steps

Step 1: Identify Problematic Filters

Step 2: Disable Unnecessary Filters

Step 3: Clear Rule Statistics

Step 4: Monitor Device Performance

Step 5: Further Analysis and Tuning

Conclusion

References

Resolving Performance Issues in TippingPoint Appliances Due to Over Configuration

Product / Version includes:

Summary

Resolving Performance Protection and Layer2 Fallback Issues in TippingPoint Inspection Devices

Summary

Symptoms

Root Cause

Resolution Steps

Step 1: Identify Problematic Filters

Step 2: Disable Unnecessary Filters

Step 3: Clear Rule Statistics

Step 4: Monitor Device Performance

Step 5: Further Analysis and Tuning

Conclusion

References