Sizing Guidelines for Trinzic Appliances
- Gary Leicht
- Shirly Tsang
All sizing guideline information is for reference only. It represents the results of lab testing in a controlled environment focused on individual protocol services. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect.
Infoblox Trinzic appliances have the following limitations on the number of threat intelligence entries that can be loaded on to each appliance. These recommended per-appliance limitations help achieve acceptable performance and should not be exceeded. To help you prioritize and select threat feeds in the DNS FW configuration, use the entry counts next to the feed in the NIOS setup, and use the following guidelines:
Threat Intelligence Sizing Limitations for Infoblox Trinzic Appliances | |
| Appliance | Maximum Supported RPZ Record Count in Millions |
| IB-815 | 1.5 |
| IB-825 | 2 |
| IB-926 | 6 |
| IB-1415 | 6 |
| IB-1425 | 8 |
| IB-1516 | 20 |
| IB-1526 | 20 |
| IB-2215 | 25 |
| IB-2225 | 25 |
| IB-2326 | 40 |
| IB-4015 | 40 |
| IB-4025 | 40 |
| IB-4126 | 40 |
Feed Restrictions
- Very Low end models (1.5M/2M) - Get some policy protection
- Low end models (6M/8M) – Get Base (confirmed malicious) and Policy protection.
- Mid Level models (20M) - Beyond Base & Policy feeds, they also get the high risk part of unconfirmed indicators (Suspicious).
- High end models (40M) – Gets all the feeds.
Maximum RPZ Size by Feed | |||||
| Feed | RPZ | For Maximum of 1.5M/2M Records | For Maximum of 6M/8M Records | For Maximum of 20M Records | For Maximum of 40M Records |
|---|---|---|---|---|---|
| Infoblox Base | infoblox-base.rpz.infoblox.local | ✔ | ✔ | ✔ | |
| Infoblox Base IP | infoblox-base-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | |
Infoblox High Risk | infoblox-high-risk.rpz.infoblox.local | ✔ | ✔ | ||
Infoblox Medium Risk | infoblox-med-risk.rpz.infoblox.local | ✔ | |||
Infoblox Low Risk | infoblox-low-risk.rpz.infoblox.local | ✔ | |||
Infoblox Infomational | infoblox-informational.rpz.infoblox.local | ✔ | ✔ | ||
| DoH Public Hostnames | public-doh.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| DoH Public IPs | public-doh-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
Cryptocurrency hostnames and domains | cryptocurrency.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
DHS_AIS_ Hostname | dhs-ais-domain.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| DHS_AIS_IP | dhs-ais-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| Bogon | bogon.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| EECN IPs | eecn-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| US OFAC Sanctions IPs | sanctions-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| Sanctions Med | sanctions-med.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| Sanctions High | sanctions-high.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| TOR Exit Node IPs | tor-exit-node-ip.rpz.infoblox.local | ✔ | ✔ | ✔ | ✔ |
| Farsight Newly Observed Domains (NOD) | farsightnod.rpz.infoblox.local | ✔ | ✔ | ||
For guidelines on the sizing of the old RPZ feeds, see Sizng Guidelines for the Old RPZ Feeds.