IPGuard XDP Suite

XDP on the dedik, analytics and control on the VDS.

Protection online • 28 February 2026

XDP security pipeline

Filter attack traffic inside the kernel and watch it from the web panel.

This layout keeps the hot path on the dedicated server in Rust, while the VDS hosts the dashboard, policy editor and history. It matches the `Board/` visual language but is a completely separate project.

Inspected now38.4M ppsIngress packet pressure
Reaction time62 msSpike to mitigation
False positives0.03%Adaptive production profile
View deployment splitGo to Dashboard

Dedicated server = packet filtering. VDS = UI, storage, analytics and API.

Traffic mix

Pressure by protocol

Useful to decide when to move a protocol family from observe to drop mode.

TCP SYN

41% of current packet volume

41%
UDP

28% of current packet volume

28%
HTTP/3

19% of current packet volume

19%
Other

12% of current packet volume

12%

Architecture

Dedicated server + VDS split

The website describes the control plane your operators will use in production.

01

Dedicated server

Rust XDP agent

The agent attaches to the NIC, reads packet headers and updates BPF maps before user space sees noisy traffic.

02

Telemetry relay

Signed control channel

Every few seconds the agent pushes counters, health and sampled offenders to the VDS over a narrow authenticated path.

03

VDS analytics

Dashboard and API

Operators inspect attack patterns, store history, tune profiles and roll policies back out to the dedicated server.

Live feed

Current mitigations

critical14.2M pps

SYN flood wave

XDP moved this host group to hard drop after the burst crossed the threshold.

185.204.1.77
high8.7M pps

Amplification cluster

Agent rate-limited the segment and mirrored metadata to the dashboard API.

91.221.74.19
medium2.1M pps

QUIC anomaly

Traffic moved into observe mode while counters continue to build confidence.

103.6.91.245

Agent scope

What the Rust service does

Fast path actionsDecide `PASS`, `DROP` or rate-limit at the XDP hook.
BPF countersTrack top IPs, protocol buckets and rolling anomaly scores.
Policy syncPull signed policy snapshots from the dashboard control plane.

Rollout

Recommended launch path

Start in observe mode to learn normal packet shape.
Switch heavy protocols into adaptive rate-limit profiles.
Promote repeated offenders into drop lists pinned in BPF maps.
Archive top events for later traffic forensics and tuning.