Arista Networks Product Brief
Guide

Arista MetaProtect Firewall

Latency-optimized packet filtering in 112 nanoseconds or less


Arista MetaProtect Firewall Toggle editor

MetaProtect Firewall is a powerful, 48 x 10GbE port network appliance that performs sophisticated packet filtering in parallel between port-pairs.

Filtering is implemented via per-port Access Control Lists (ACL). MetaProtect Firewall provides complete flexibility in configuration, allowing authenticated administrators to create mappings between physical port-pairs and apply ACLs to one or both endpoints.

MetaProtect is architected for ultra-low-latency with packets passing an ACL being forwarded in 112 nanoseconds or less; significantly faster than most traditional firewalls. Administrators may also define port-pairs that do not require filtering, in which case packets are passed through in 5 nanoseconds. Any ingress port, pre or post ACL, may be configured to fan out to multiple egress ports allowing for maximum flexibility based upon the desired filtering architecture.

When a packet fails an ACL, it is not forwarded and its header is logged. MetaProtect Firewall is ideal for situations where a firewall solution is mandatory but ultra-low latency as well as high port density are required.
Features Benefits
High port density 48 x 10GbE SFP+ ports in 1 RU with 32 x 10GbE Firewall filters and accelerated traffic processing capacity.
Parallel filtering Cut-through filtering via 32 ACLs with up to 510 rules per ACL. Per-port filtering possible by assigning an ACL to a port.
Flexible ACLs ACLs support permit/deny rules based upon source/destination MAC/IP address/Port number. IP addresses may be wild-carded using CIDR style notation.
Ultra-low latency filtering Average filter latency of 112 ns for the minimum latency configuration (1 rule) to 187 ns for the maximum configuration (510 rules) - some of the fastest in the industry.
Flexible SFP/SFP+ support Support of SFP/SFP+ transceivers including DWDM and direct attached copper cables, boosted by MetaProtectTM Firewall’s high-performance signal recovery and regeneration.
Extensive packet statistics Advanced monitoring and capture of comprehensive packet statistics across all ports. Support for detailed switch statistics via SNMP, CLI or InfluxDB.
64-bit x86 management processor Secure Linux-based platform running the MOS Operating System, offering management and configuration via HTTPS, SSH and JSON-RCP over HTTPS.
Front-panel interfaces • 48 x 10G SFP/SFP+ ports
• 2 x 100/1000BASE-T management ports
• 1 x PPS input & 1 x PPS output interface
• Console port
USB port.
Comprehensive logging • Logged statistics of permitted and denied packets
• Individually logged events when packet fails an ACL, including packet information, date, time, ACL ID and reason
• Logged administrative ACL rule changes
• Local and remote logging via syslog.

Arista Meta Protect Firewall

Layer 1

  • 5 ns latency with virtually no jitter when configured as pass-through
  • Non-blocking matrix switching fabric connecting ports and filters
  • 1/10GbE SFP/SFP+ ports
  • Tap any port to any other for off-device capture/monitoring
  • Configurable port-to-port fanout with regeneration
  • High performance signal recovery, regeneration and conditioning (EDC on input, CDR on input and output)

Media Compatibility

  • Accepts any MSA compliant SFP/SFP+ module Redundancy & Data Center
  • 1 rack unit (1RU)
  • Dual redundant, hot-swappable power supplies
  • Dual redundant, hot-swappable fans
  • Fan and power supply replacement kits are available
  • Front-to-back or back-to-front air flow

Management Protocols

  • HTTP/S, SSH, telnet
  • Serial console
  • PTP, NTP
  • SNMP v1, v2, v3
  • DHCP
  • Local and remote syslog
  • RADIUS and TACAS+ authentication

Monitoring

  • Packet statistics captured on every port (valid packets, invalid packets, link state)
  • Fully managed SFP+ interface diagnostics including light levels, temperature and voltages
  • Statistics and diagnostics stored in real-time in InfluxData time series stack for local or remote telemetry
  • Statistics and diagnostics available via Syslog and SNMP
  • Eye diagram for monitoring and troubleshooting signal quality
  • Front panel LEDs for port activity and status

Management Platform

  • Quad-core x86-64 CPU
  • 8 GB RAM, on-board SSD
  • Industry standard command line interface (serial/SSH/telnet)
  • Web-based GUI
  • Linux based (shells, scripting, Python, RPMs etc.)
  • Binary compatibility with other x86-64 based Linux systems
  • Firmware restore and update via USB, serial and network
  • Switch subsystem API (JSON RPC API)
  • Integrates InfluxData time series TICK stack providing sophisticated telemetry capability

Operating Environment

  • Temperature: 0°C to 40°C
  • Humidity: 10% to 85%, non-condensing
  • Maximum altitude: 3000m (9800ft)

Physical and Electrical

  • Dimensions (h x w x d): 4.3 x 44.8 x 37.9cm (1.7 x 17.6 x 14.9in)
  • Weight: ~8kg (17.6lbs), depending on configuration
  • Maximum power: 290W
  • AC voltage range: 100-240V, AC frequency: 50/60Hz
  • DC voltage range: 40-72V
Copyright © 2019 Arista Networks, Inc. All rights reserved. CloudVision, and EOS are registered trademarks and Arista Networks is a trademark of Arista Networks, Inc. All other company names are trademarks of their respective holders. Information in this document is subject to change without notice. Certain features may not yet be available. Arista Networks, Inc. assumes no responsibility for any errors that may appear in this document. 11/2018