Forum Discussion
thomas_angrigno
Nimbostratus
NimbostratusQuestion as to potential uses of the bigip
Okay, just a few questions here.
Are there any efforts to duplicate some of the same functionality provided by other appliances, giving the bigip additional features?
Specifically:
-Duplicate the source-checking capabilities of the Cisco Riverhead Guard. Like forcing UDP/53 DNS traffic to be truncated to determine spoofed addresses. Whitelist addresses that come back okay, filter those that do not.
-Perform anomality detection similar to the Cisco Riverhead Guard. Nothing fancy, but if you are able to look at HTTP requests with ease, you can perhaps do some interesting things here. Examining specific HTTP requests, monitoring and creating a whitelist of sources to apply filters.
-Analyze TCP sequence numbers for poorly originated dos SYN attacks and drop accordingly.
-Perform GRE tunneling capabilities for redirection to other parts in a network (as well as load balancing across multiple tunnels?). Same applies to receiving traffic via multiple GRE tunnels.
-Support MPLS/LDP/RSVP to terminate LSPs as well as label imposition to function as a "redirector" similar to the GRE mechanism outlined above.
-Advertise prefixes in a routing protocol (such as BGP), of blacklisted or whitelisted prefixes. Also support BGP FlowSpec draft to assist in deploying filters network wide.
How many of the above functions can be done with iRules?
1 Reply
- You are going to have to contact Product Technical Support for questions related to product features and feature requests. If you have a specific question about how to use iRules to implement a current feature in the product, then post away and we'll try to give you a hand.
-JOe
