[163638] in North American Network Operators' Group
Blocking TCP flows?
daemon@ATHENA.MIT.EDU (Eric Wustrow)
Thu Jun 13 15:35:59 2013
Date: Thu, 13 Jun 2013 15:32:51 -0400
From: Eric Wustrow <ewust@umich.edu>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi all,
I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 gbps
link, with new blocked flows being dropped within a millisecond or so of
being
added. I've been looking into using OpenFlow on an HP Procurve, but I don't
know much in this area, so I'm looking for better alternatives.
Ideally, such a device would add minimal latency (many/expandable CAM
entries?), can handle many programatically added flows (hundreds per
second),
and would be deployable in a production network (fails in bypass mode). Are
there any
COTS devices I should be looking at? Or is the market for this all under
the table to
pro-censorship governments?
Thanks,
-Eric
