Raking the floods: my intern project using eBPF

Cloudflare has developed a new open-source framework to help UDP services protect themselves from attacks. The framework incorporates Cloudflare's experience in running UDP-based services like Spectrum and the 1.1.1.1 resolver. It identifies floods and limits them while leaving legitimate traffic untouched, using probabilistic algorithms such as a CountMin sketch or the SpaceSaving algorithm to find heavy hitters with constant memory requirements. The framework also uses hierarchical heavy hitters to organize packets based on their attributes and applies rate limiting to prevent any heavy hitters from passing through. It is implemented as a Go library, rakelimit, which can be enabled on any UDP socket and is easy to configure.