|reply to koitsu |
Re: Evidence: Comcast to Comcast P2P is also interfered with
said by koitsu:While it's technically possible for this to be implemented by having the packet inspection appliance dynamically update access control lists on the aggregation switches, I'm not sure how realistic the approach is. Pushing dynamic ACL updates to policy route certain traffic sets up the potential for resource overloading at the aggregation switches creating a denial of service condition. Not only would there need to be limits on how often the ACL was updated, but the size would need to be closely regulated as well to avoid overflowing the TCAM memory and causing traffic to be process switched. said by jig:
anyway, another approach would be to use the mirror port data to determine which IPs are sending p2p data, then splitting that data off the trunk at some early point (some switches can tag packets making routing easy later on) and running it inline through sandvine hardware. that's one way to segment off the unwanted traffic.
QoS tagging comes to mind (absolutely 100% sure a switch can do this). There's definitely more than one way to accomplish this of course.