On Fri, 22 Oct 2004, Albinati, Luis Martin wrote: > I am considering some bandwidth management solutions and would like to > know if some of you people have had some real world experiences with > this kind of boxes. > More specifically I am looking at some Large-ISP or Carrier-Grade > solutions with at least the following specifications: > > >= 1Gbps traffic capacity > >500k simultaneous connections > Layer 7 stateful packet inspection (via protocol signatures and/or > protocol analysis) > Traffic prioritization, shaping, QoS and bandwidth provisioning based on > custom defined policies (vlan id, ip ranges, tos, time of day, etc) > possibility to easily update and deploy new or modified protocol > definitions without affecting availability.
Add here: "automatic rate-limiter adaptation" / "attack pattern recognition". Do we still have solutions on the table? I'd be interested what kind of solutions are available in Gbit/s-grade which do not need you to configure certain kind of rate-limiters a priori, but can automatically react to most kinds of attacks, even simple ones (e.g., TCP SYN floods). -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
