[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference netcad::hub_mgnt

Title:	DEChub/HUBwatch/PROBEwatch CONFERENCE
Notice:	Firmware -2, Doc -3, Power -4, HW kits -5, firm load -6&7
Moderator:	NETCAD::COLELLADT

Created:	Wed Nov 13 1991
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	4455
Total number of notes:	16761

2830.0. "Bit Pattern filtering on DECswitches ?" by BRIEIS::BARKER_E (Ummm...) Wed Oct 04 1995 14:07

    Hi,
    
    	I'm working on a response to a Statement of requirements. Digital
    network kit fits well inall areas except for a statement which says :-
    
    'It should be possible to restrict traffic flowing between adjacent
    networks by :-
    
    - protocol type 
    - source address
    - destination address
    - any bit pattern within the message'
    
    First three above are fine, but am I right in thinking none of the
    DECswitch family can filter on any bit pattern ?  If this is the case,
    can anyone comment whether this sort of requirement occurs often and
    whether there may be any plans to do this in the future (Routeabout ?) ? 
    IMHO, this bit pattern matching as a bit overkill, security should be
    on the systems, not resorting to filtering within the network, I may
    try and feed this back to the customer.
    
    I had a similar requirement back in October '91 (showing my age !)
    which revealed that Vitalink did provide this on their TransLan's. I
    would like to propose Digital kit but the above could turn out to be a
    show stopper.
    
    		Euan

T.R	Title	User	Personal Name	Date	Lines
2830.1	Filtering by bit pattern matching causes performance hit	NETCAD::BATTERSBY		`Wed Oct 04 1995 16:51`	13
	Euan, I know we don't do the bit pattern matching on our switch products, and it was not done on the older bridge products. As for future, I asked about this and was told that it is not implemented in the Routeabout or in the DECswitch 900EE or 900EF router images either. Doing this level of filtering by bit pattern matching I'm told results in a significant performance penalty. You should probably emphasize the performance cost in your response to your requestor's statement of requirements. Perhaps others can also offer other suggestions or solutions on addressing your customers concerns with security while still being able to offer our switch products as part of your overall solution. Bob
2830.2		CSC32::B_GOODWIN	MCI Mission Critical Support Team	`Wed Oct 04 1995 18:04`	7
	Don't you just love customers that try to implement security in there datalink devices! The bridges that I have seen that could do bit pattern filtering took a nasty performance hit because of the time it took to examine each packet. Protocol and address filtering can be done in the hardware, bit pattern filtering is done in the software. I would let you customer know about the disadvantage of this.
2830.3	Excellent	BRIEIS::BARKER_E	Ummm...	`Thu Oct 05 1995 07:03`	9
	re: .1 & .2, Thanks, that's just the confirmation I need of a suspicion I had about performance being hit. Time to go and talk to the customer and make this work to our advantage, Cheers, Euan