DPI or Flow Management

Suresh Ramasubramanian ops.lists at gmail.com
Mon Mar 2 01:44:53 UTC 2009

In short, the entire DPI debate is starting to go on similar lines,
and flogging similar horses, as the gun control debate

Yes, dpi has great, useful applications (ddos mitigation and other
security, for example).  And it has bad / harmful applications
(dictatorships doing dpi to catch political dissent).

That says a lot more about inappropriate / appropriate use of dpi
rather than dpi itself.

Nothing at all in DPI that makes it wrong, deeply evil etc.


On Mon, Mar 2, 2009 at 6:47 AM, Roland Dobbins <rdobbins at cisco.com> wrote:
> On Mar 2, 2009, at 9:10 AM, Roland Dobbins wrote:
>> With regards to DDoS mitigation, it's sometimes necessary to go above
>> layers-3/-4 in the event of layer-7-targeted attacks.
> In fact, it's sometimes important to have the ability to parse packet
> payloads and/or interact with traffic in some layer-3/layer-4 attacks,
> depending upon the type of traffic, source distribution, legitimate proxy
> intermediaries, spoofed vs. non-spoofed, and so forth.
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at cisco.com> // +852.9133.2844 mobile
>  Some things are just too precious to entrust to computers.
>                   -- Seth Hanford

Suresh Ramasubramanian (ops.lists at gmail.com)

More information about the NANOG mailing list