nanog mailing list archives

Re: High throughput bgp links using gentoo + stipped kernel

From: "Justin M. Streiner" <streiner () cluebyfour org>
Date: Tue, 21 May 2013 09:25:36 -0400 (EDT)

On Mon, 20 May 2013, Phil Fagan wrote:

Just curious and perhaps off topic a tad but; is the stateful filtering of
sessions on a router to replace a firewall? Or is there another reason to
do it? I could see a benefit of creating blacklists, however,
I'm struggling with what other benefits it would provide...service
aware load-balancing? I'm very interested to learn what other strategies
and or design considerations would be made with thinking of using filtering
on a router.

I'm perfectly willing to accept consolidation of services :-)

Stateful firewalling is also painful in environments where path asymmetrycould exist, since either the routing policy would need to be designed toenforce symmetry (more complex, less reliable), or the statefulfirewalling devices would need to have a way to share state informationwith each other to accommodate asymmetry.

jms

Current thread:

Re: High throughput bgp links using gentoo + stipped kernel, (continued)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
- Message not available
  - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 19)
    - RE: High throughput bgp links using gentoo + stipped kernel MailPlus| David Hofstee (May 21)
    - Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Seth Mattinen (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Valdis . Kletnieks (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Justin M. Streiner (May 21)
    - Re: High throughput bgp links using gentoo + stipped kernel joel jaeggli (May 20)
    - Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Michael McConnell (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Zachary Giles (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
    - Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
  - Re: High throughput bgp links using gentoo + stipped kernel Laurent GUERBY (May 20)

(Thread continues...)