flowShield

aurologic flowShield is the most advanced part of DDoS-Protection provided by aurologic. In the very beginning, back in 2013, flowShield was implemented as netfilter kernel hook, later as netmap user-space application - nowadays in eBPF/XDP with a seperate Go based control-plane, allowing great flexibility and very fast development speeds while taking benefit from a event based architecture.

flowShield sits at the edge of the aurologic network, receiving ingress traffic on-demand. On-demand in this regards means, whenever flowAnalyzer decides to change the routing - or the customer manually triggers ingress traffic rerouting. flowShield carries each single packet through it's packet processing pipeline, applying customer defined filters as well as pre-defined static and dynamic filters, thwart attackers at the closest point of the networks edge.

Core features

Protection against - just to name a few:

• ICMP Floods through ratelimiting, challenge response and dropping of invalid packets
• TCP Floods of any type, including TCP SYN, SYN-ACK, ACK, RST or randomized flags as well as out of session packets
• UDP Floods such as Reflection attacks (DNS, NTP, RIP, SNMP, LDAP, etc.) as well as application specific ones (layer7)
• Zero-Day threats are being filtered using automated filters and customer defined boundaries (which can be also whitelists)

Loadbalancing

flowShield allows ECMP based loadbalancing of up to 128 nodes or about 50Tbps capacity each router. Connection session data is synchronized through a sophisticated userspace layer, broadcasting the same through a unified communication layer.