[colanderman]

Not the GP though I've also worked in the DDoS space. Think fancy regexps (augmented with e.g. fast string search engines, counters, etc.), running inside a protocol-specific interpreter.

At least in the product I worked on, L7 processing was done purely in software. You could probably make hardware to do that but there's not a ton of benefit as you're pretty much constrained by memory bandwidth, not CPU power, once you start looking at anything past fixed headers.

(Our product also performed deep-packet inspection – in fact that was its original function – so the L7 processing was probably a bit more general than DDoS-only products.)