Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Layer 5+ inspection at the border?

  • From: Rick Ernst
  • Date: Mon Aug 25 12:56:53 2003



I'm looking for a beast that is roughly a combination of Cisco NBAR and
Foundry URL inspection.

NBAR worked pretty well for CodeRed, but I'd rather have a dedicated device
rather than overloading a router with non-routing functions. I haven't used
Foundry's URL inspection, but it looks reasonable, too.

I would, however, like something that can do generic Layer 5+
inspection/alteration so things such as SMTP headers can also be inspected and
processed/blocked/altered.

I'd prefer a switching device that can replace the switches between my border
and core, but allow transparent manipulation of the packets, preferably at
wire-speed.

Any suggestions?  The idea is to have a central location that can watch for
and block 'bad payload'.  It looks like F5 may have a solution, but I'd like
comments and experiences from those that have deployed such a device.

Thanks,
Rick







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.