MetaProtect Firewall is a network application that runs on the Arista 7130L Series devices performing line-rate low-latency parallel packet filtering and logging between port-pairs.
Filtering is implemented via per-port Access Control Lists (ACL). MetaProtect Firewall provides complete flexibility in configuration, allowing authenticated administrators to create mappings between physical port-pairs and apply either uni or bidirectional security policy.
MetaProtect is ideally suited for deployments where compliance legislation mandates the use of a Firewall, but where the lowest possible latency is critical to business viability. With both packet inspection & forwarding occurring in as little as 135 nanoseconds; MetaProtect offers a significantly faster solution than traditional firewalls.
Administrators may also define port-pairs, or directions, that do not require filtering, in which case packets are passed through in 5 nanoseconds. Any ingress port, pre or post ACL, may be configured to fan out to multiple egress ports allowing for maximum flexibility based upon the desired filtering architecture.
In addition to being discarded, any packets not conforming to the defined security policy are logged. Logging involves the collection & exporting of the entire packet header, ensuring MetaProtect meets even the most stringent compliance requirements.
| Features | Benefits |
|---|---|
| Parallel filtering | Cut-through filtering via 32 ACLs with up to 510 rules per ACL. Per-port filtering possible by assigning an ACL to a port |
| Flexible ACLs | ACLs support permit/deny rules based upon source/destination MAC/IP address/Port number. IP addresses may be wild-carded using CIDR style notation. |
| Ultra-low latency filtering | Average filter latency of 135 ns for the minimum latency configuration (1 rule) to 161 ns for the maximum configuration (510 rules). |
| High port density | 48 x 10GbE SFP+ ports in 1 RU with 32 x 10GbE Firewall filters and accelerated traffic processing capacity. |
| Extensive packet statistics | Advanced monitoring and capture of comprehensive packet statistics across all ports. Support for detailed switch statistics via SNMP, CLI or InfluxDB. |
| Comprehensive logging |
|
| Easy to monitor and manage | Advanced monitorArista provides a complete range of additional features including:
|
Optimized for:
- Arista 7130L Series with embedded Xilinx Ultrascale+ FPGA.
Product Overview
Product Briefs
- .MetaWatch Product Brief
- .MetaMux Product Brief
- .MetaProtect Product Brief
- .ExchangeApp Product Brief
- .MultiAccess Product Brief
- .SwitchApp Product Brief
- .Developer Product Brief
White Papers
- .An Overview of Arista Ethernet Capture Timestamps
- .5 Ways to Optimise Exchange Connectivity Latency
- .5 Things to Consider When Choosing an FPGA Platform
- .Measuring the Absolute Accuracy of 10GbE Packet Timestamping
- .Four Key Trends in the Networked use of FPGAs
- .STAC-TS™ BENCHMARKS - Accuracy of Network Timestamping and Burst Capacity of Capture
Case Study
- .Case Study: Electronic trading firm gains ultra-low latency exchange connectivity with Arista
- .Case Study: Deutsche Börse Group monitors every trade with Arista
- .Case Study: Enyx chooses Arista to accelerate ultra-low latency solutions for major financial Service Providers