DRA-Guard is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License Version 3.0 as published by the Free Software Foundation.
DRA-Guard doesn't aim to replace any DRA product, it rather provides a way to extend its behaviours in order to quickly react or add new features. No product can address all needs, mainly because needs for operators are evolving and new ideas are permanently fast moving.
Long story short : DRA-Guard is a SCTP proxy offering access to Diameter payload. For each Diameter payload a plugin callback is invoked. You can then perform any packet analysis/mangling operations you may want and conclude by an action (PASS or DROP). A way to plug into your Diameter data-path and gain control of it.
DRA-Guard is designed for high perf and built around an asynchronous multi-threaded design. Additionnaly it is supporting a transparent mode to simplify its insertion into an existing architecture without the need to reconfigure anything (this is specially useful when you have long list of peers and you need to go fast without wasting time into so called change request).
DRA-Guard is additionnaly implementing a "Route Optimization" framework, a short static example is offered as an example in this OpenSource version, but way more advanced and dynamic routing decisions can be implemented based on multi-metrics.
If it can be inserted anywhere in your network, it can be useful at interconnection point where you may want to have option to quickly add perf extensions (monitoring, reporting, mitigation, filtering, ...)
DRA-Guard is articulated around following components :
DRA-Guard can operate in transparent mode using state-less operations based on a set of eBPF progs loaded at XDP and Qdisc layers. This design provides fast state-less packet re-circulation into Linux Kernel stack to benefit widely used SCTP stack:
