I didn't think the bus up to the FGPA was very beefy...wouldn't you need to send flows up there off the data-plane for inspection?
On Thu, Jun 13, 2013 at 2:03 PM, Christopher Morrow <morrowc.li...@gmail.com > wrote: > On Thu, Jun 13, 2013 at 3:32 PM, Eric Wustrow <ew...@umich.edu> wrote: > > Hi all, > > > > I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 > gbps > > link, with new blocked flows being dropped within a millisecond or so of > > being > > added. I've been looking into using OpenFlow on an HP Procurve, but I > don't > > know much in this area, so I'm looking for better alternatives. > > > > this sounds like a job for the arista box with the FGPA onboard, no? > > > > Ideally, such a device would add minimal latency (many/expandable CAM > > entries?), can handle many programatically added flows (hundreds per > > second), > > and would be deployable in a production network (fails in bypass mode). > Are > > there any > > COTS devices I should be looking at? Or is the market for this all under > > the table to > > pro-censorship governments? > > > > Thanks, > > > > -Eric > > -- Phil Fagan Denver, CO 970-480-7618