Metamako has extended its portfolio of field programmable gate array (FPGA) enabled network solutions with MetaProtect Firewall, a network appliance designed to deliver ultra-fast firewall protection and solve problems including situations where a firewall is mandatory but ultra-low latency and high port density are also required.
The firewall solution takes Metamako into the security space for the first time and builds on its growth plans including the company’s recent and inaugural acquisition of Chicago-based xCelor’s hardware business.
MetaProtect is a 48-port (x10GbE) network appliance that performs packet filtering in 130 nanoseconds, as well as comprehensive logging for the filters. It is flexible in how it can be configured, including the ability to specify ports that don’t need to be filtered, in which case packets are passed through in 5 nanoseconds.
Dave Snowdon, founder and chief technology officer at Metamako, says: “Clients have seen the benefits of using our low-latency devices and asked if we could improve their firewall architecture. We were able to draw on our flexible FPGA platforms and app infrastructure to very quickly build the right product for those customers and the result is MetaProtect – a low latency firewall.”
Considering situations that mandate a firewall, Snowdon suggests exchanges in Asia, for example the Korean Stock Exchange (KRX), which stipulate that a broker must ‘own and manage’ a firewall between a client’s trading servers and the exchange. The latency penalty that this introduces is a problem for trading participants, but it can be eased using Metamako’s ultra-low latency, high-density firewall solution to improve exchange-facing architecture.
Key functionality of MetaProtect includes: ultra-low latency filtering with average latency of 130 nanoseconds (1 rule) to 155 nanoseconds (510 rules); extreme determinism, a tightly bound maximum latency for each configuration; up to 510 rules per port; extensive packet statistics for all ports for advanced network monitoring; and comprehensive logging, including logged statistics of permitted and denied packets.
