Sizing Guidelines for Trinzic Appliances
- Gary Leicht
- Shirly Tsang
All sizing guideline information is for reference only. It represents the results of lab testing in a controlled environment focused on individual protocol services. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect.
Infoblox Trinzic appliances have the following limitations on the number of threat intelligence entries that can be loaded on to each appliance. These recommended per-appliance limitations help achieve acceptable performance and should not be exceeded. To help you prioritize and select threat feeds in the DNS FW configuration, use the entry counts next to the feed in the NIOS setup, and use the following guidelines:
Threat Intelligence Sizing Limitations for Infoblox Trinzic Appliances | |
| Appliance | Maximum Supported RPZ Record Count in Millions |
| IB-815 | 1.5 |
| IB-825 | 2 |
| IB-926 | 6 |
| IB-1415 | 6 |
| IB-1425 | 8 |
| IB-1516 | 20 |
| IB-1526 | 20 |
| IB-2215 | 25 |
| IB-2225 | 25 |
| IB-2326 | 40 |
| IB-4015 | 40 |
| IB-4025 | 40 |
| IB-4126 | 40 |
Feed Restrictions
- Low end models (1.5M/2M) - Get the base protection (confirmed malicious indicators) - Base domains and Base IPs.
- Middle end models (6M/8M) – Beyond base protection, they also get the Policy feeds. The 1425 model (that can handle 8M indicators) can also get the high risk part of unconfirmed indicators (Suspicious).
- High end models (20M/40M) – Gets all the feeds.
Maximum RPZ Size by Feed | ||||||
| Feed | RPZ | For Maximum of 1.5M Records | For Maximum of 2M Records | For Maximum of 6M Records | For Maximum of 8M Records | For Maximum of 20M / 40M Records |
|---|---|---|---|---|---|---|
| Infoblox Base | infoblox-base.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ | ✔ |
| Infoblox Base IP | infoblox-base-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ | ✔ |
Infoblox High Risk | infoblox-high-risk.rpz.infoblox.local | ✔ | ✔ | |||
Infoblox Medium Risk | infoblox-med-risk.rpz.infoblox.local | ✔ | ||||
Infoblox Low Risk | infoblox-low-risk.rpz.infoblox.local | ✔ | ||||
Infoblox Infomational | infoblox-informational.rpz.infoblox.local | ✔ | ||||
| DoH Public Hostnames | public-doh.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| DoH Public IPs | public-doh-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
Cryptocurrency hostnames and domains | cryptocurrency.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
DHS_AIS_ Hostname | dhs-ais-domain.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| DHS_AIS_IP | dhs-ais-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| Bogon | bogon.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| EECN IPs | eecn-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| US OFAC Sanctions IPs | sanctions-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| Sanctions Med | sanctions-med.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| Sanctions High | sanctions-high.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| TOR Exit Node IPs | tor-exit-node-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ||
| Farsight Newly Observed Domains (NOD) | farsightnod.rpz.infoblox.local | ✔ | ||||
For guidelines on the sizing of the old RPZ feeds, see Sizng Guidelines for the Old RPZ Feeds.