It is possible to MetaProtect in this way to apply ACL’s on two separate uplinks. Up to 32 firewall instances may be configured at 10G, and each instance can have ACL’s applied.
ACL’s are a numbered list of rules (up to 510) that are applied to firewall instances. In the case of
The MetaProtect user guide is available here:
Let me try to add some more context to your question.
There are 48 SFP+ ports that go up to 10G on the device and they are completely non-blocking in nature.
Coming to the latency added to the flow, this is dependant directly on
In other words, the best case scenario for latency would be a line permitting everything and worst case would be a fully populated ACL = 510 lines. The latency numbers are published in the Manual that was referenced by Ciaran above but to summarize quickly for you,
Best Case –
Minimum: 106ns Maximum: 119ns
Let us break this down a bit more – to get you started with this flow.
I’ve edited your attached image to give it some interface names.
Let us say that your et1 and et2 connect to your devices in Area1 as you have called it and et3,4 connect to the ones in Area2
After you make the above configuration, your ports et1-4 should look like,
The above would make traffic coming into each port go out the other – this generates the topology that you had sent. Now to create the filters.
As you might be aware, the Meta-applications have internal application ports that you have map to the physical ports as well.
You need to create access-lists that you would use to filter the traffic. Then map these access-lists to the application firewalls generated by the application.
There are detailed exampled on the manual about how to configure ACLs and apply them to the correct application(ap) interfaces.
I hope that helps get you started.
If you run into issues while configuring your MetaProtect – feel free to reach out to Arista support at firstname.lastname@example.org and someone can assist you further.
Post your Answer
You must be logged in to post an answer.