[163665] in North American Network Operators' Group
Re: Blocking TCP flows?
daemon@ATHENA.MIT.EDU (Patrick Bailey)
Thu Jun 13 19:06:32 2013
From: Patrick Bailey <pmbailey2@yahoo.com>
Date: Thu, 13 Jun 2013 19:02:23 -0400
To: nanog@nanog.org
In-Reply-To: <CAGsuqq2c9+6fjzodGUqonGbK4Mg3bbgZwM+P92L46e-4Y1tgYg@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Procera Networks -- http://proceranetworks.com=20
That will do what you want.=20
Thanks,
---
Patrick Bailey
On Jun 13, 2013, at 3:32 PM, Eric Wustrow <ewust@umich.edu> wrote:
> Hi all,
>=20
> I'm looking for a way to block individual TCP flows (5-tuple) on a =
1-10 gbps
> link, with new blocked flows being dropped within a millisecond or so =
of
> being
> added. I've been looking into using OpenFlow on an HP Procurve, but I =
don't
> know much in this area, so I'm looking for better alternatives.
>=20
> Ideally, such a device would add minimal latency (many/expandable CAM
> entries?), can handle many programatically added flows (hundreds per
> second),
> and would be deployable in a production network (fails in bypass =
mode). Are
> there any
> COTS devices I should be looking at? Or is the market for this all =
under
> the table to
> pro-censorship governments?
>=20
> Thanks,
>=20
> -Eric
