Asymmetric Network: An asymmetric network has multiple routes for incoming and outgoing network traffic. As such traffic takes a different route when entering or exiting the network.
Symmetric Network: A symmetric network has a single route for incoming and outgoing network traffic. As such traffic takes the same route when entering or the network.
It is very common for traffic to be asymmetrical in both Service Provider and larger Enterprise networks due to the nature of routing within a large, complex environment that has multiple entry and exit points. Since the bulk of the IPS filters are flow-based (meaning state kept per-flow versus per session), attacks are detected in either send or receive directions.
By default, TippingPoint IPS (N/NX Series) devices are shipped in Asymmetric mode while TPS (T/TX Series) devices are shipped in Symmetric mode. When using Advanced Distributed Denial of Service (DDoS) protection filters, or performing SSL inspection, the device must be able to see both sides of the traffic flow. This is configured in the TPS Device Configuration (TSE Settings) tab.
DDoS filters - Infrastructure protection filters that detect DDoS attacks that flood a network with requests, including traditional SYN floods, DNS request floods against nameservers, and attempts to use protected systems as reflectors or amplifiers in attacks against third parties. Advanced Distributed Denial of Service (DDoS) filters enable you to create filters for detecting denial of service attacks.
Note: DDoS protection filters are enabled by enabling SYN Proxy and specifying the Threshold level in the Profiles area of the SMS. No other Advanced DDoS options on the SMS are available.
