Why Packet Capture is Critical for Financial Services

By Rick Truitt, Vice President, Financial Services, Napatech

Under the current and future global regulatory landscape, firms participating in electronic trading of financial instruments—including proprietary trades, buy-side firms, sell-side institutions and trading venue operators—all face increasingly stringent requirements around the monitoring, capture and storage of electronic order and trade-related data.

Rick Truitt, Vice President, Financial Services, Napatech
Rick Truitt, Vice President, Financial Services, Napatech

From a pure monitoring perspective, firms need high visibility into their order flow, both to monitor performance and to respond to security alerts such as possible breaches. From a regulatory and compliance perspective, they need to be able to capture and store all electronic messages with highly granular timestamps, so that when required to perform forensic analysis into past order and trade history, they can sequentially reconstruct all trading-related events.

In light of such diverse and complicated requirements, how should firms approach the task of building robust solutions that can sort and store so much information? The first step is to capture data on the network. Data (or packet) capture is critical because it is a single source of truth. It provides visibility across the board. Financial services firms cannot rely on a sampling of data; they need 100 percent of the data. It’s how operators and engineers plan network throughput, routing preferences and the path of least resistance for a trade. In short, 100 percent packet capture has become a necessity.

Why FPGA?

It may be a necessity, but that doesn’t necessarily make it easy. Yes, there are many open source tools available that can help organizations in need of packet capture at low speeds – but trades are conducted at high volume and velocity. In addition, standard network interface cards (NICs) cannot capture all packets at the high speed of today’s trades.

ALSO READ:
Financial technology trends for 2019

Some financial services firms assume that they can buy the equipment themselves and piece a solution together to save money. However, there are a myriad of challenges optimizing any accelerator card with an appliance; it requires experience and skill that these firms typically lack.

For many financial firms, moving toward a field-programmable gate array (FPGA) solution is a wise choice. FPGA technology supporting FPGA-based network acceleration cards (NACs) is an exciting evolution in integrated circuit design.

FPGA technology provides an advantage in trading. When a trade is made, confirmation is received in a manner of nanoseconds. This is not terribly important for an individual conducting small transactions, but it’s crucial for high-frequency traders or proprietary trading. These high-frequency users need a technology that will stamp the packet when it leaves and when it comes back so they can see how quickly a trade is authorized, as it is very important for traders to be able to see when their trade was confirmed. FPGA allows an egress stamp on a packet.

Another FPGA benefit relates to forensics or post-analysis for security reasons. Sometimes it is necessary to look back in time to investigate an attack, and being able to search within a particular time window is incredibly helpful.

ALSO READ:
TruValue Labs™ announces major enhancements to its AI-Driven ESG Research Platform

A Closer Look

FPGA technology has enabled the design of very flexible hardware platforms, supporting a broad range of existing and new use cases for the financial services industry, all with an extended lifetime/horizon.

First, it is important to establish what to expect from an FPGA-based NAC. Any FPGA-based NAC hardware platform should support:

  • Ethernet link speeds and types available currently and in the near future, through attractive front port connectivity.
  • Different FPGA size configurations, providing the customer with the right cost/feature ratio options, enabling competitive product offerings.

Historically, FPGA-based NACs have deployed physical layer (PHY) devices in the data path between the FPGA and the Ethernet front port. The discreet silicon PHY device handles the physical layers of the Ethernet protocol stack. However, with the introduction of the latest 20nm FPGA families, the FPGA technology is on par with the current and near-term future Ethernet link speeds, obsoleting the need for the PHY companion devices.

New NAC technology implements a PHY-less, FPGA-based NAC design. This industry-pioneering option to operate two FPGA process nodes on the same hardware platform has been enabled through footprint compatibility from the FPGA vendor. The hardware platform is currently supported by a 2 port 100G feature set and support will shortly be followed by the release of a 2 port 40G feature set.

ALSO READ:
Rainbird Launches AI Programme For Businesses To Learn AI Skills

From a multi-link speed customer perspective, a PHY-less, FPGA-based NAC design offers a number of benefits. It can source many different product variants with the same NAC part number, which reduces the amount of required hardware qualification resources. Its ability to collect volume on one or a few NAC part numbers saves on logistics and cost. An FPGA-based NAC can introduce multi-link speed product variants, eventually handling all major link speeds and types, on the same ports, through dynamic reconfiguration. Finally, it restricts the required knowledge base to one platform. This technology is a vast improvement on previous NAC designs and is bound to take its place in financial services networks around the world.

Important Questions

Financial institutions and trading organizations have important questions to ask as they consider high-speed solutions. They first need to answer in-house questions, including:

  • Will this be a global or local design?
  • Do we need any outsourcing help?
  • What type of support structure do we need?
  • What kind of load will we have across the link?
  • What network speeds are needed?
  • How many appliances are we looking at?

There are also important questions to ask providers.

  • The first is, “How much experience do you have in this industry?” The financial industry is bound by many specific regulations and laws, so experience is important.
  • Because trades need high-speed networks, ask the provider if their solution is able to do 20G write to disk without drops. At lower speeds, 100 percent packet capture is a commodity; not everyone can say the same at high speeds. Also, be sure to ask about scalability. Financial services firms can no longer risk buying equipment and solutions that are not scalable.
  • Ask if the provider has analytics of its own or is compatible with open source analytics. More and more financial services firms do not want these analytics to come on board because they end up costing five to six times more per appliance. In addition, a firm can have the most expensive and extensive analytics available, but if it does not have the underlying platforms to support them, then the data is not accurate –which makes it essentially useless.
  • Finally, ask if the solution will work with third party applications. If not, this could cause serious issues – especially if a firm has proprietary software that only works with company X and cannot integrate with company Y.
ALSO READ:
How Machine Learning is transforming the way in which financial institutions approach risk management

The Total Package

High network speed is critical for today’s financial services firms. Regulatory requirements and trading competition demand the fastest and most reliable network possible. Firms cannot afford dropped packets; the network solution must offer total packet capture without a reduction in speed. Use the questions above as guidelines for architecting a system that serves the firm and its customers while meeting all regulations.