Introduction

aurologic flowTrack offers connection tracking and service discovery. It works by receiving a truncated portion of the egress traffic of customer networks, parsing the same and replicating established connections to flowShield nodes while matching packet characteristica against well known application profiles in order to implement service discovery.

flowTrack is able to decapsulate VXLan packet data, which is useful when dealing with SPAN traffic sent towards VXLan flooded endpoints, such as in a decentralized environment. It also allows to deal with local SPAN traffic. The VXLan implementation allows for high availability and ECMP based load balancing of flowTrack workload, scaling deployments for up to 50Tbps of synchronous DDoS-Protection with 128-way ECMP.

Planned features roadmap

TCP SYN-Proxy

flowTrack together with flowShield implements TCP SYN-Proxy, allowing for transparent protection against TCP SYN-Flood without the need of TCP Reset packets causing a abort of the initial connection. Instead, flowTrack includes a helper which receives egress traffic from customer networks, forwarding the same towards the internet - or establishing tcp connections on behalf of a client connection. The feature is currently experimental and will be available till Q4/2025.

Service Discovery

flowTrack already implements service discovery to detect well known applications through analysis of egress packets. In conjunction with backend infrastructure, flowTrack can report those to implement machine learning generated flexrule profiles, e.g. to harden DDoS-Protection. The API implementation and flexrule automation is aimed to be available together with my.aurologic.com UI till Q1/2025.