I think the difference here is whether you are thinking of building hardware
to be a Layer 7 switch, or if you are putting OPES functionality onto
an application layer proxy.
I'm thinking proxy cache. It amortizes the cost of data inspection. It
examines some kinds of content in more detail than others (that's the
point of the rules). It is I/O bound, not CPU bound. It cannot afford
to send stuff offbox if it doesn't need to.
For a switch, perhaps the CPU and I/O would be more directly matched,
and there'd barely be time to find the headers before it was time to
move the data. However, it looks like CPU speeds continue to
zoom upwards, faster than anyone can use the cycles, so the
content-aware layer 7 switch is probably more than a pipedream.
Hilarie
Jayanth Mysore <Jayanth_Mysore-CJM110(_at_)email(_dot_)mot(_dot_)com>
06/15/01 08:40AM >>>
Hi Markus,
Can you explain what you mean by "line speed" ?
I was under the assumption that snooping packets all the way up to the
application
layer by a OPES box would be pretty expensive in any case (irrespective
of what
you do with that content. Sure - certain operations can be more
expensive than others.)
- Jayanth
Markus Hofmann wrote:
Hilarie Orman wrote:
There's experience is that it is not too expensive to parse message
bodies. It is, however, a very limited form of parsing, one that
could be more accurately described as lexical analysis. Only the
tags needed for the current set of rules need be lexed.
Can you do that at "line speed"? Probably time to come up with the
scenario document, properly derive the requirements (including some
performance assumptions) and then try to answer the question.
-Markus
--
Jayanth P. Mysore
Networks and Infrastructure Research Laboratory,
Motorola Labs
Phone : (847) 576-8561