Placed between TCP and TLS sessions, it scans the contents of metadata and application data, discarding unnecessary messages and packets with security issues. This helps reduce unnecessary traffic and prevent the accidental transmission of insecure packets.
Features
Unlike filtering based on IP addresses or ports, it scans the contents of data to either discard or allow packets to pass. This type of Deep Packet Inspection (DPI) tends to cause CPU processing load and packet processing delays.
However, this message filter IP implements all packet processing, session maintenance, and encryption/decryption using a hardware logic pipeline, thereby avoiding CPU load and processing delays.
Usecase
When processing packets collected from external networks at the data center, it is placed between the external network and each server to remove traffic that could overload server processing and packets with security issues, thereby protecting both traffic and endpoints.
Challenges and Solutions
In stateless communication protocols like UDP that do not maintain state, removing unnecessary packets is straightforward. However, in communication protocols that maintain session state, such as TCP, or in encrypted communication protocols like SSL/TLS and DTLS,
TCP uses sequence numbers for data exchange and has a mechanism to retransmit packets lost in the network. Therefore, if you simply discard packets without sending an ACK, the sender will keep attempting retransmissions indefinitely, and the receiver will keep waiting forever for the missing packets. In encrypted secure protocols, there are additional issues involving packet counting and cryptographic keys.
Message Filter IP enables full-hard session state maintenance while identifying this session. This technology prevents increased latency and achieves traffic reduction without impacting the network.
You can choose between two versions: an endpoint version that utilizes our TCP/UDP offload engine, and a non-endpoint version with a custom implementation specialized for discarding unnecessary packets. We particularly recommend the non-endpoint version for customers pursuing the ultimate in low latency.
Major Specifications
| Protocol | TCP, TLS 1.3 |
| TCP Performance | Throughput: 100Gbps (at 250MHz) Latency: 50-200nsec (depends DPI logic) |
| TLS Performance | Throughput: 50~80Gbps (at 250MHz) Latency: < 1μsec |
We have evaluation licenses and research licenses, please contact us.