Security card keeps up with 10Gbit/s networks

The MTP-10G is billed as the world's first wire-speed 10Gbit/s network intrusion detection and prevention system.

The MTP-10G is billed as the world's first wire-speed 10Gbit/s network intrusion detection and prevention system (IDPS).

The MTP-10G uses Metanetworks' Meta Traffic Processor (MTP), a unique network processor that was partially developed using research grants from the National Science Foundation and the US Air Force Rome Laboratories.

The MTP is specifically designed to exploit massive, fine-grain, instruction-level parallelism, which is intrinsic to IDPS processing loads.

Livio Ricciulli, Metanetworks Technology's President and Chief Scientist, states that: "Matching the network security and monitoring computational workload to the right processing paradigm enabled us to make a fundamental leap forward".

The MTP-10G is a standard 64bit, 66MHz, full-size PCI card that routinely passes gigabit Ethernet traffic between its two 10Gbit/s ports with 500ns latency while performing wire-speed, stateful, packet inspection.

When determining whether to capture or block packets, the card can apply up to 650 wire-speed stateful policies per packet.

When the MTP-10G captures packets, it presents them to the operating system as a standard NIC in promiscuous mode.

Users can install up to six cards in a single host, resulting in a total IDPS capacity of 60Gbit/s (at least 10 times greater than any existing IDS or IPS).

The MTP-10G cards support existing, open-source network security and monitoring applications.

They accomplish this by specifying capture and filtering policies using public-domain IDS signatures or standard network monitoring libraries.

Metanetworks' MTP-10G technology also provides developers a rich API for creating custom network security and monitoring applications.

Because the MTP-10G cards interface with the host operating system as standard NICs, they can seamlessly run a variety of standard application software at much faster speeds.

For example, open-source Snort IDS software can monitor a few hundred megabits of traffic with a standard NIC.

With the MTP-10G card, Snort can monitor a full 10Gbit/s of traffic without modification.

The MTP-10G cards are also compatible with other popular libpcap-based network monitoring applications such as tcpdump.

Ricciulli says: "By embracing the open-source model, we hope that our MTP devices will be a major catalyst for change in IDPS technology much as open-source operating systems were to the early PC market".

Back to top