On Thu, Jun 13, 2013 at 4:47 PM, Phil Fagan <philfa...@gmail.com> wrote: > I didn't think the bus up to the FGPA was very beefy...wouldn't you need to > send flows up there off the data-plane for inspection? >
not sure, but their docs talk about using the fpga for doing HFT... so I presume it's got the abiliity to see all traffic on at least on interface, eh? (I believe the fpga is really connected to the bus as a 10g link... but I haven't tried this I've only read their docs) > On Thu, Jun 13, 2013 at 2:03 PM, Christopher Morrow > <morrowc.li...@gmail.com> wrote: >> >> On Thu, Jun 13, 2013 at 3:32 PM, Eric Wustrow <ew...@umich.edu> wrote: >> > Hi all, >> > >> > I'm looking for a way to block individual TCP flows (5-tuple) on a 1-10 >> > gbps >> > link, with new blocked flows being dropped within a millisecond or so of >> > being >> > added. I've been looking into using OpenFlow on an HP Procurve, but I >> > don't >> > know much in this area, so I'm looking for better alternatives. >> > >> >> this sounds like a job for the arista box with the FGPA onboard, no? >> >> >> > Ideally, such a device would add minimal latency (many/expandable CAM >> > entries?), can handle many programatically added flows (hundreds per >> > second), >> > and would be deployable in a production network (fails in bypass mode). >> > Are >> > there any >> > COTS devices I should be looking at? Or is the market for this all under >> > the table to >> > pro-censorship governments? >> > >> > Thanks, >> > >> > -Eric >> > > > > -- > Phil Fagan > Denver, CO > 970-480-7618
