SolarSecure Filter Engine
At the core of Solarflare's DDoS attack mitigation you’ll find the SolarSecure™ Filter Engine – a high performance packet filter engine. The SolarSecure Filter Engine uses a pseudo-microcode instruction set to configure the filter engine to selectively accept, reject or rate-limit packets based on packet headers and packet contents. The microcode used for filtering is under user control. So, the filtering behavior is highly configurable and can be customized for particular customer use cases.
The SolarSecure Filter Engine enables "bad" traffic to be detected very early in the network stack, so DDoS attacks can be absorbed without degradation of "good" traffic. The filter engine provides the ability to efficiently block or rate limit packets based on their contents. It is designed to work on large address sets and can scale to configurations with lookups against millions of IP addresses. In addition to network level address matching with associated blocking or rate limiting, the filtering engine supports request-level deep packet inspection. For example, HTTP requests can be inspected and connections aborted dependent on the contents of the HTTP headers.
In benchmark testing, a SolarSecure Filter Engine enabled server shows a 3x to 4x improvement in packet-level filtering server headroom over iptables. Server headroom refers to the server's ability to continue to serve "good" traffic while withstanding a DDoS attack.
With request-level filtering, the SolarSecure Filter Engine shows an 8x to 10x improvement in server headroom over performing request-level filtering within the webserver. Figures show "good" customer traffic throughput in connections per second, and the degradation in the ability to service this traffic relative to a synthetic DDoS attack or packet-level filtering and request-level filtering.
Active Distributed Security with AOE
The AOE can be deployed across the enterprise running a variety of security applications, providing real-time threat analysis.