nScrub 1.8: Performance, Flexibility, and Hardware Support

  • Home
  • nScrub
  • nScrub 1.8: Performance, Flexibility, and Hardware Support

We are excited to announce the release of nScrub 1.8, the latest version of our high-performance DDoS protection and traffic scrubbing solution. This update brings significant improvements to the engine, new configuration options, expanded hardware support, and broader packaging availability.

Engine Enhancements

The 1.8 release introduces several performance optimizations and functional upgrades across the nScrub engine:

  • Optimized SYN-Proxy in symmetric mode
    The SYN-Proxy now supports whitelisting source IPs and translate the first session only, reducing processing overhead and improving performance in symmetric deployments. When session-only mode is active, IP whitelisting is automatically disabled for consistency.
  • NVIDIA/Mellanox ConnectX support
    nScrub can now operate in routing mode on ConnectX interfaces (in addition to bridge mode), expanding hardware acceleration and deployment flexibility.
  • Advanced mirroring options
    Users can now mirror:
    • Only WAN or LAN traffic, or both (any direction)
    • Only injected traffic for deeper analysis or debugging
  • Improved session handling
    Established connections now have an extended idle timeout, ensuring smoother session management and reduced reinitialization.
  • Fragment management fixes
    IP fragment handling has been improved for greater reliability and protocol compliance.
New Options
  • --rss-rehash
    A new command-line option helps correct asymmetric hardware RSS behavior when using standard drivers, improving packet distribution and flow consistency across cores.
API Improvements

The REST API has been extended to give administrators finer control over traffic mirroring:

  • Direction-based filtering:
    A new /mirror/[id]/direction configuration endpoint now allows you to specify the traffic direction (wanlan, or any), allowing you to choose exactly which traffic is mirrored.
  • Traffic-type mirroring configuration:
    You can now configure mirrors for forwarded, discarded, or injected traffic.
Tools and Packaging Updates
  • nscrub-export:
    Fixed dependencies on recent Red Hat-based distributions for smoother operation on the latest systems.
  • New packages available:
    • Debian 13
    • Rocky Linux 10
Miscellaneous Improvements
  • Fixed logrotate permissions to ensure proper log management and rotation.
  • Improved debug messages and tracing to make troubleshooting and performance analysis even easier.

nScrub 1.8 is now available! We recommend all users upgrade to benefit from the enhanced performance and improved management capabilities. As always, thank you for your continued feedback and support, it helps us make nScrub even better.

Enjoy !

Share

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe