NorthShield mitigation platform

SolutionsThree deployment models on one mitigation platform.

Choose game tunnels, remote GRE/IPIP delivery, or on-premise software — all on the same XDP filtering fabric.

+8 Tbit/s

Total network capacity

9

Global PoPs

XDP

Line-rate packet filtering

3

Service deployment models

Service lineup

Choose how NorthShield connects to your infrastructure.

Every service below uses the same mitigation philosophy: drop hostile traffic early, preserve clean paths, and give your team readable incident context instead of noisy firewall output.

Low-latency edge rack used for protected Minecraft traffic
MinecraftTunnelLow latency

Game Protection

Hostile traffic is filtered at the NorthShield edge before clean Minecraft joins, panels, and stores are delivered over a protected tunnel to your origin.

  • Protected tunnel handoff that hides your real host
  • Join flood, bot, and server-list abuse mitigation
  • Panel, store, and API Layer 7 filtering
  • Wipe and launch-day traffic review
Network operations room representing protected GRE and BGP transit
GREBGPBYOIP

Remote Protection

Clean traffic is delivered over GRE or IPIP tunnels with BGP on our anycast network. Announce your prefixes, bring your own IP or ASN, and keep attack volume off your upstream.

  • GRE and IPIP tunnel connectivity
  • BGP prefix announcement on protected edge
  • BYOIP and BYOAS onboarding
  • Filtered transit before origin handoff
DDoS scrubbing edge infrastructure prepared for on-premise deployment
On-siteXDPYour hardware

On Premise

Run the same XDP and eBPF filtering stack on appliances you own and operate, ideal for private networks, regulated environments, and teams that need mitigation inside their facility.

  • Software deployed on customer-owned hardware
  • XDP filtering inside your network boundary
  • Local policy control and operational ownership
  • Engineering support for sizing and rollout

Global network

+8 Tbit/s

Total mitigation capacity

9 active points of presence

Germany flag

Germany

Frankfurt

Germany flag

Germany

Frankfurt

Germany flag

Germany

Frankfurt

France flag

France

Paris

United Kingdom flag

United Kingdom

London

Türkiye flag

Türkiye

Istanbul

Netherlands flag

Netherlands

Amsterdam

United States flag

United States

Ashburn

Bulgaria flag

Bulgaria

Sofia

NorthShield fiber-connected network points of presence across Europe and Turkey

Filtering model

Layered decisions from packet to request.

NorthShield does not rely on a single choke point. We combine early packet drops, programmable kernel flow analysis, and Layer 7 inspection so each attack type is handled where it is cheapest, fastest, and least disruptive to legitimate users.

  1. 01Volumetric floods are handled before userspace with XDP.
  2. 02eBPF logic tracks flow shape without heavy proxy overhead.
  3. 03Layer 7 filters abusive HTTP behavior near the edge.
  4. 04Clean traffic continues through the service model you selected.
Fiber patch panel connected to NorthShield network infrastructure

Included

More than rules on a dashboard.

We help map your exposure, understand traffic patterns, and tune the policy set that protects your actual service instead of a generic template.

Request assessment
  • Origin exposure and DNS review
  • Protocol and port mapping
  • XDP/eBPF mitigation policy baseline
  • Layer 7 behavior threshold tuning
  • Attack event summaries
  • Routing and capacity recommendations
  • Launch window support
  • Clear escalation contacts
NorthShield engineering and mitigation routing operations

Engineering details

Built for fast mitigation decisions.

The fastest attack response is the one that happens before the origin notices. Our stack prioritizes early classification, readable outcomes, and deployment models that match real operator workflows.

Packet economy

Drop obvious bad traffic early to protect CPU, sockets, and application capacity during sustained floods.

Protocol precision

Apply different policy to game tunnels, BGP transit, and on-premise service edges based on actual traffic shape.

Response clarity

Document attack vectors, thresholds, routing changes, and recommended improvements after each incident.

Talk to engineering

Protect the service, not just the server.

Tell us what protocols you run and where attacks hurt most. We will design the right filtering path across XDP, eBPF, and Layer 7 controls.

Design my service plan