On 08-05-09 08.25, Reyk Floeter wrote:
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote:
for all the common protocols? With my little bit
of knowledge what I figure is that we need some
piece of software(s) which understands each protocol
thoroughly, can look at raw packets in real-time
and detect the protocol being used. Even then,
ah, i'm just looking at your mail again - you a are kidding, there is
no way to do content inspection in "real-time". go and use linux where
you can use stupid and dangerous stuff in the kernel. this is not what
openbsd is about.
There are actually commercial products that can do this. The ones I know
about is Sandvine, Allot and Procera Networks. I know at least Sandvine
does the bandwidth limiting in a very ugly way with the spoofed RST's
that we've heard about from Comcast in the US.
The only product I've had hands on experience with is PacketLogic from
Procera Networks (disclamer: I work for them). In one case it had no
problem identifying the traffic in real time on two links pushing a
total of 2,5Gbps (~6-700Gbps in both directions over four interfaces).
This was in sweden, so the traffic pattern is pretty easy, a looot of
BitTorrent. In cases with a lot of short lived connections, a system
like this has a hard time keeping up with 2,5Gbps.
I know there are a lot of buzzwords that you have to see through in this
market of DPI/DFI, but there are actually systems capable of identifying
traffic on layer7 in realtime, although commercial.
/Johan
