Skip to main content
Goline Logo
Goline It Services Logo

Home

About Us

Services

Solutions

Systems Architecture

Support

FAQ

News

  • GOLINE SA Announces Strategic Partnership with NetApp November 7th, 2025
    GOLINE SA is excited to announce a new partnership with NetApp, a global leader in cloud data services and storage solutions. This collaboration aims to help organizations modernize their IT infrastructure, streamline data management, and enhance performance across cloud and hybrid environments. Modern Data Solutions for Businesses Through this partnership, GOLINE integrates advanced data management solutions, enabling businesses to securely store, manage, and access critical information across cloud, on-premises, or hybrid setups. Clients can benefit from: Flexible and scalable storage solutions to meet growing data needs Simplified management of cloud and on-premises environments Enterprise-grade security for sensitive and mission-critical data...
  • GOLINE SA Announces Partnership with Omnissa November 7th, 2025
    GOLINE SA is proud to announce a new strategic partnership with Omnissa, a global leader in digital workspace platforms and Horizon Cloud Service solutions. This collaboration marks a significant step forward in helping organizations embrace secure, flexible, and high-performance work environments. Why Choose Omnissa for Your Business? The platform enables virtual desktops, applications, and unified endpoint management. Organizations can deploy scalable workspaces across cloud, hybrid, or on-premises setups. Key benefits include: Easy access to desktops and apps on any device Centralized management for Windows, macOS, iOS, Android, and ChromeOS Strong security with access controls and multi-factor authentication Automated scaling to...
  • GOLINE SA partners with Cloudflare November 6th, 2025
    Goline is proud to announce a strategic partnership with Cloudflare, the world leader in web performance and security solutions. This collaboration aims to provide goline.ch customers with state-of-the-art protection against cyber threats while delivering lightning-fast website performance. Through this partnership, Goline integrates Cloudflare’s advanced services, including DDoS protection, CDN caching, DNS security, and edge computing, allowing businesses to secure and optimize their websites effortlessly. Users will benefit from improved page load speed, enhanced reliability, and robust defense against malicious attacks. This partnership with Cloudflare enables goline to offer unmatched security and performance solutions to clients. By leveraging Cloudflare’s cutting-edge technology,...
RoutePulse
Your NOC sees routes. Your SOC sees threats.
RoutePulse sees the full picture — and acts on it in under 3 seconds.
BGP hijack confirmed by traffic shift? Blackholed. Encrypted C2 over QUIC? Flagged. DGA botnet fan-out? Contained.
18 ML models. 8-gate AI pipeline. 5-pillar threat scoring. Conviction Engine with mathematical proof. Zero false positives on production routers.
<3s
Threat Response
56+
Anomaly Types
1.28M+
Prefixes Monitored
52K+
Threat Indicators
24/7
AI SOC Analyst
40K+
Flows/min
The first platform purpose-built for ISP SOC/NOC convergence · Self-hosted · Swiss-engineered by GOLINE SA (AS202032)

From the first suspicious flow to BGP blackhole
in under 3 seconds — fully autonomous.

🔍
NOC + SOC Unified Console

Your NOC sees a route flap. Your SOC sees a threat actor. RoutePulse sees both — and correlates them. BGP hijack + traffic shift = confirmed attack, not two separate tickets in two different tools.

🤖
AI-Powered SOC Analyst

Works 24/7 alongside your team — investigating every critical alert, correlating 39 threat feeds, and orchestrating a 18-model ML pipeline across 56+ anomaly types.

8-Gate Pipeline: Detection to Blackhole in <3s

IP validation → Infrastructure check → ASN whitelist (22 CDN) → Volume gate → ThreatClassifier (10 classes) → TOCTOU lock → Router SSH → Claude AI Arbiter. Every gate must pass. Zero collateral damage on production routers.

Built for the scale of a full Internet routing table — 1.28M+ prefixes, 870K+ hosts, 40K+ flows/min — with 180 days of instant-query retention. No sampling. No blind spots. No compromises.

Why NOC & SOC Teams Choose RoutePulse

Six capabilities that turn your NOC and SOC into a single autonomous defense platform
🧠
18-Model ML Ensemble

3-tier architecture: Core (Baseline, IsoForest, Markov, K-Means, Holt-Winters, Latency, ThreatIntel, Temporal, Beaconing, GraphChange), Specialized (CarpetBomb, DnsTunnel, Reflector), Tier 1 Expansion (QUIC Anomaly, Protocol Mismatch, BGP-Traffic Correlation, DGA/FastFlux, Encrypted C2 Profiler). Self-tuning via TP/FP feedback loops with precision-based adaptive learning. 56+ anomaly detection types across 8 MITRE ATT&CK categories.

Autonomous AI SOC Analyst (ANIE)

6-layer AI engine: L1 MITRE ATT&CK enrichment, L2 autonomous investigation, L3 continuous threat hunting, L4 ML orchestration, L5 self-tuning, L6 persistent network memory. Budget-aware at $1–3/day after 4-layer digest optimization.

🎯
5-Pillar Unified Threat Score

183-point composite across Cyber Events (48pt), Behavioral (40pt), ML Ensemble (30pt), External Intelligence (40pt), and FeedIntel (25pt). 15 correlation rules auto-classify severity and trigger mitigation.

52K+ Indicators, Sub-Microsecond Lookup

39 threat feeds loaded into Bloom filter for <1μs correlation against every flow. MISP integration (4,894 events, 9.9M attributes), AbuseIPDB, Shodan, and commercial blocklists in real time.

💾
1,300x Query Acceleration

Columnar analytics engine with 17 materialized views and 9.5x compression. TopTalkers from 17s to <1s, IP lookups from 8s to 98ms. 180 days of full retention at 3.5TB, instantly queryable.

🛡
Automated Blackhole Mitigation

RTBH (Remote Triggered Black Hole) for IPv4 (/32, /24) and IPv6 (/128) via persistent SSH to Juniper MX and Huawei NetEngine routers. BGP community 65535:666 upstream signaling to 6 transit providers (RFC 7999). AI-driven NEUTRALIZE / OBSERVE / SAFE verdicts, 8-gate safety pipeline with Claude AI Arbiter, progressive ban escalation (7d to 365d), 22-ASN cloud protection, PIN auth. Cloudflare Magic Transit on-demand DDoS protection for prefix-level defense. Alert to blackhole in <3 seconds.

BGP Intelligence

Full Internet routing table analysis with real-time anomaly detection across 1.28M+ prefixes
Anomaly Detection
Anomaly Detection

56+ detection types: MOAS, hijack, AS-PATH loop, route leak, bogon, ASPA invalid, ML correlations, and 42 configurable ML flow rules across 8 MITRE ATT&CK categories.

AS Explorer
AS Explorer

Per-AS detail with originated prefixes, RPKI status, transit analysis, traffic analytics, security badges, relationship data, and interactive topology graph.

Network Map
Network Map

3-tab Leaflet map: Infrastructure topology with protocol badges, GeoIP traffic heatmap with host overlay, and live flow arcs on a world map with real-time refresh.

Peering Analytics
Peering Analytics

Transit-only AS identification, peering candidate scoring, IXP community-based attribution for SwissIX/MIX-IT/MINAP, per-direction P95 billing, and source traffic ranking.

Go
Go Collector Engine
16MB binary, goroutine-per-router, 34+ query types, SSE events
🔍
RIB Search
1.28M+ prefixes, best-path, communities, RPKI badges
🔎
Looking Glass
Instant prefix lookup with longest-match, per-peer comparison
Path Analysis
AS-to-AS animated Canvas flow with IP Intelligence dashboard
👥
Peer Management
Card layout by role, RIB dump status, SNMP state, peer compare
📖
Community Decoder
18 transit + 8 IXP dictionaries, large community RFC 8195
📊
AS Topology Graph
interactive SVG with glow filters, CAIDA roles, depth 1-3
📈
Routing Trends
Prefix growth, AS-PATH length, unstable prefix ranking, 24h-90d
Path Timeline (BGPlay)
Animated AS-PATH changes with play/pause/speed controls
AS Comparison
Side-by-side routing, security, traffic, IXP presence analysis
Stale Detection
Router/peer inactivity with configurable thresholds
MOAS Whitelist
Known multi-origin pairs for CDN/anycast FP suppression

Flow Analytics & Traffic

Multi-protocol flow collection and deep packet inspection processing 40K+ flows/min at wire speed
Traffic Dashboard
Traffic Dashboard

8 KPI cards, area timeline, protocol/DPI breakdown, top ASNs, IPs, ports, and transit vs peering split.

Flow Analyzer
Flow Analyzer

Wireshark-inspired deep analysis with 8 tabs, live streaming mode, GeoIP flags, RPKI badges.

Capacity Planning
Capacity Planning

CDR + port gauges, per-provider billing with P95, ISP growth forecast, burstable overage detection.

Transit Cost Analysis
Transit Cost Analysis

8 financial KPIs, provider efficiency matrix, HHI diversification, what-if simulator, multi-currency.

Traffic Sankey
Traffic Sankey

Animated particle-flow diagrams showing source-to-destination AS traffic paths with drill-down panels.

📡
Flow Collector
sFlow v5 + IPFIX/NetFlow v9, 5 active sources, auto sampling
💾
Columnar Storage
35 tables, 17 MVs, ZSTD 9.5x compression, 180-day TTL
🔬
DPI Classification
1,575 apps, 272 port rules, ~92% classification rate
🔧
Flow Query Builder
Kentik-level ad-hoc queries, stacked time series, CSV export
🌍
GeoIP Heatmap
City-level MaxMind mapping, country tables, host overlay
🗺
Weathermap
NOC-style SVG topology, SNMP throughput, animated dashes
🔄
RIB Correlation
Real-time BGP enrichment, 4-tier LPM, 100% enrichment rate
💰
IXP Community Attribution
SwissIX/MIX-IT/MINAP community-based traffic split

Security & Compliance

Multi-layer defense with RPKI validation, threat intelligence, behavioral scoring, and automated mitigation
Cybersecurity Engine
Cybersecurity Engine

24 event types (12 core + 12 SIEM): DDoS, SYN flood, amplification, scan detection, plus native Suricata IDS and FortiGate IPS ingestion with cross-source correlation and MITRE ATT&CK enrichment.

Host Intelligence
Host Intelligence

870K+ hosts with 7-tab lifecycle, 5-pillar threat scoring, AbuseIPDB/Shodan/Nmap enrichment, GeoIP, rDNS, SIEM correlation, and AI analysis.

Security Events
Security Events

Unified event viewer: ML detections, cyber events, SIEM alerts, feed matches, and mitigations. 57+ labels, MITRE ATT&CK mappings, SIEM/IDS category filter, 1h-30d range.

RPKI Validation
RPKI Validation

830K+ VRPs from Cloudflare, ROA health with expiry countdown, optimizer suggestions, and compliance scoring.

Firewall Dashboard
Firewall Dashboard

3-tab layout: animated Canvas with 27 VPN endpoints and SD-WAN tunnels, VPN Traffic monitoring, and live IPS Threats tab with FortiGate IPS alert ingestion via Wazuh/OpenSearch.

Mitigations
Threat Mitigations

AI-driven blackhole inject/withdraw on Juniper + Huawei via RouterShell. Progressive bans, cloud protection, PIN auth.

External Visibility
External Visibility

RIPE RIS Live WebSocket from 23 global collectors. Origin mismatch detection, ring buffer, visibility percentage per prefix.

IRR Audit
IRR Cross-Validation

Live BGP vs IRR route objects via RIPE REST DB API. Detects unregistered prefixes, origin mismatch, and IRR-RPKI inconsistency.

🔒
ASPA Validation
RFC 9582 route leak detection, 4,040 provider pairs
📜
ROA Lifecycle
VRP diff engine, expiry badges, optimizer suggestions
🧪
Behavioral Scoring v3
14 components, 9 parallel CH queries, max 40pts
📢
Threat Feed Intelligence
39 feeds, Bloom filter, MISP 4,894 events, CISA AIS
🛡
Wazuh SIEM
Suricata IDS + FortiGate IPS + cross-source correlation, 18M+ alerts
🚫
Progressive Ban System
Strike escalation 7d-365d, observation window, auto-re-ban
🚨
Bogon Detection
14 IPv4 + 9 IPv6 bogon ranges, critical severity alerts
Cloud ASN Protection
Google/Cloudflare/AWS/Meta never blackholed, smart gates
🔍
AbuseIPDB Integration
Confidence scoring, auto-reporting, 23 category mappings
📱
Shodan Integration
Open ports, CVE list, OS detection, cloud provider ID
🌐
IXP LAN Leak Detection
2,500+ IXP LAN prefixes, DFZ leak monitoring
🏷
AS Security Badges
RPKI, MANRS, ASPA posture per ASN across all views
🛡
Suricata IDS Native
9 event types, severity-gated, noise SID filtering, MITRE enrichment
🔥
FortiGate IPS Ingestion
CEF parser, IPS/UTM alerts, crscore, FortiGuard links
🔭
Nmap Attacker Scanner
Top-200 ports, OS detection, service versions, Pillar 4 scoring
MITRE ATT&CK Mapping
Auto-enrichment from Suricata + Wazuh rules, tactic badges
🔗
4-Tier ASN Resolution
GeoIP + Flow + RIB LPM + Peer table = 100% coverage
📡
Discoveries Tab
Live host discovery feed with source, direction, SIEM correlation

v4.5 — Threat Detection Expansion

Based on NIST SP 800-41/207, MITRE ATT&CK, and CISA research — 5 new ML detectors, 8-gate blackhole pipeline, Claude AI Arbiter
🧠
ThreatClassifier (10 Classes)

Class-driven mitigation: 10 threat classes (noise, recon, behavioral, c2_suspect, c2_confirmed, tunnel, botnet, volumetric, amplification, carpet_bomb) routed to 3 defense layers. Replaces score-threshold blackholing.

🤖
Claude AI Arbiter (Gate 8)

Final safety gate: Claude Opus 4.6 asks “can the FortiGate handle this?” before any BGP blackhole. Safe-side default: AI unavailable = DENY. ~bash.30/day. Full audit trail.

🛡
8-Gate Blackhole Pipeline

IP validation → Infrastructure → ASN whitelist (22 CDN) → Volume gate → Classification → TOCTOU → Router SSH → AI Arbiter. Every gate must pass.

🔍
5 New NIST/MITRE Detectors

QUIC Anomaly (encrypted C2 on UDP/443), Protocol Mismatch (T1572 tunnel detection), BGP-Traffic Correlation (ISP-unique hijack confirmation), DGA/Fast-Flux (botnet fan-out), Encrypted C2 Profiler (JA3 + flow).

🌐
PTR Auto-Protection

DNS reverse lookup auto-protects RIPE Atlas (377+ hosts), DNS Root Servers, RIPE NCC, NLNOG RING. Toggleable from Settings GUI.

Configurable Safety Gates

Volume Gate (1MB–1GB), AI Arbiter toggle, Early Release (auto-release when threat subsides), 22 CDN/cloud ASN whitelist — all adjustable from Settings.

v4.7 — Observability & Platform Hardening

Native event-loop instrumentation, on-demand CPU profiling, persistent sessions, tuned PostgreSQL, 5-minute license heartbeat
📈
Native Event Loop Instrumentation

Libuv-level event loop delay histogram + CPU utilization ratio + post-major-GC heap sampling via Node.js perf_hooks, always-on at <0.1% overhead. Direct UI-freeze measurement — 11 new Prometheus gauges surface max, p50/p95/p99, utilization, and GC pauses.

🔎
On-Demand CPU Profile & Heap Snapshot

V8 inspector.Session endpoints capture .cpuprofile (5–120s) and .heapsnapshot into /tmp, downloadable via admin-gated endpoint with filename allowlist. Line-level flame graphs in Chrome DevTools or speedscope.app — no –inspect flag, no external port, runs on the live production process.

📊
Profiler Dashboard (4 Tabs)

Settings > Profiler: Overview (4 health KPI cards with threshold colouring + SVG sparklines + GC summary + top 5 hottest spans), Spans (detailed table), Profiling Tools (CPU profile + heap snapshot buttons + captures list), Configuration. Everything an operator needs to diagnose a freeze in one page.

Cooperative Yield Helper

profiler.createYielder(thresholdMs) wrapper converts unbounded CPU bursts into bounded-latency bursts without per-call-site setImmediate plumbing. Fast-path is a single Date.now() comparison. Wired into the three heaviest ML inference loops (isolation forest, K-means, temporal embeddings).

🔒
Persistent Session Store

user_sessions PostgreSQL table (token PK + user_id FK CASCADE + denormalised username/role + indexed expires_at) hybrid-cached in memory for O(1) sync reads on every authenticated request. Operator sessions survive systemctl restart — no re-login after every deploy. 30-day TTL, hourly expiry cleanup.

🛢
PostgreSQL Buffer Pool Tuning

shared_buffers 12 GB, effective_cache_size 24 GB, work_mem 64 MB, checkpoint_timeout 15 min, max_wal_size 8 GB on a 47 GB host alongside Node + ClickHouse. Cache hit ratio steady at 99%+. The /metrics endpoint events query was rewritten from count(*) filter(where) full-scan to index-only subselects (8.4s → 1.1s).

🔑
License Server & 5-min Heartbeat

Standalone license authority with Ed25519 signing + clone-resistant hardware UID (SHA-256 of SMBIOS product UUID + machine-id + rootfs UUID + primary MAC). 5-minute heartbeat cadence so revocations propagate fast. 4 editions, admin GUI with audit log, daily SQLite backup.

Transactional Email Branding

Consistent "Powered by RoutePulse" footer with explicit https://routepulse.goline.ch link across every outbound email: peering requests, peering-down notifications, user invites, SMTP tests, AI reports, notification alerts, reminders. Outlook-compatible HTML in every flow.

📡
Auto-Synced Prometheus Version Label

External label routepulse_version in prometheus.yml is rewritten and SIGHUP-reloaded on every release via scripts/release.js. Telegram alerts routed through Alertmanager always show the currently-running build — no more stale version drift across deployments.

AI & Machine Learning

Autonomous SOC analyst with an 18-model ML pipeline and 15 cross-model correlation rules
Neural Brain Canvas
Neural Brain Canvas

18-model ML pipeline visualization with ~1,200 neurons (from ~80 seed), 14-node 25-edge pipeline graph, 10 brain regions, Hebbian LTP/LTD synapses, and real-time detection flash animations at 60fps.

AI Insights
AI Insights

5 automated analysis types: Anomaly Auto-Analysis, Daily Digest, Shift Handover, Threshold Intelligence, and 24-72h Predictive Alerts.

🤖
ANIE 6-Layer Pipeline
L1 MITRE enrichment, L2 investigation, L3 threat hunting, L5 self-tuning, L6 memory
💬
AI Analyst Chat
Claude-powered BGP investigation with 8 real-time tools
AI Threat Mitigation
7-day flow profiles, NEUTRALIZE / OBSERVE / SAFE verdicts
🧬
Auto-Tune Engine v2
Scanner ASN auto-approve, stale cleanup, threshold tuning
🔗
Correlation Engine v5
15 cross-model rules incl. beacon convergence, lateral movement
💲
AI Cost Optimization
$282/day reduced to $1-3/day, 4-layer digest pipeline
🔮
Threat Intel Model
3-source fusion, 0.18 ensemble weight, 52K+ indicators
📋
ML Host Auto-Categorize
130+ infra hosts from 8 sources, 70+ role categories
🧬
Temporal Embeddings
8-dim per-host behavioral trajectory, Mahalanobis distance
📡
Beaconing Detector
Inter-arrival CV + Shannon entropy, catches jittered C2
🕸
Graph Change Detection
Persistent edge graph, lateral movement, hub formation
🛡
Hijack Impact Simulator
CAIDA BFS, RPKI/ASPA resilience score 0-100, tier analysis
🌍
Outage Correlation
5 signal types, 10-min window, active/recovering lifecycle
BGP Digital Twin
Peer down/add/depreference what-if on live RIB
📋
AI Incident Response
5 playbooks, auto-trigger on CRITICAL, TTD/TTM/TTR SLA
🧪
Red Team Framework
10 attack scenarios, detection matrix, evasion resistance
Conviction Engine
SPRT + Thompson Sampling + Causal Verification, 3-tier
🎓
Active Learning
Uncertainty sampling, operator review prioritization
📊
Evaluation Framework
P/R/F1 per model from ground truth, weekly + boot
📌
Prefix Watchlist
Custom prefix monitoring, origin/path/subprefix alerts
🏥
Host Roles (5-tab)
Uncategorized, Classified, Discovered, Well-Known, Categories
👻
Dark IP Detection
CAIDA ghost method, outbound <0.1% + avg packet <100B
📡
Streaming Telemetry
gNMI/gRPC ready framework, SNMP enhanced, 1s resolution
🔍
Prefix Intelligence
4-tab deep dive: Security, Traffic, Visibility, Anomalies
💪
18/18 ML Scoring
All models contribute to host threat score via AS→IP propagation
Immediate Scoring
18 models on same IP → bypass 2-min timer, instant re-score

Infrastructure & Monitoring

Comprehensive platform operations: health scoring, SNMP polling, probes, and 40 settings pages (fully audited)
Network Health
Network Health Score

Composite 0-100 score from 5 categories: Router Health, Peer Health, Own Prefix Health, Anomaly Rate, and Prefix Stability with animated gauge.

Settings
40 Settings Pages

6 NOC/SOC groups: Infrastructure, Routing & Peering, Detection & Security, Notifications, Traffic & Analytics, and Administration.

📡
SNMP BGP Monitoring
SNMPv2c polling on 6 routers, FSM state tracking, MikroTik API
🎯
Data Plane Probing
ICMP ping, TCP connect, HTTP GET with threshold alerting
🔄
Worker Auto-Restart
Exponential backoff, circuit breaker, DB cleanup on OOM
Service Control Panel
Restart 5 services, CPU/RAM gauges, live log viewer
👤
RBAC User Management
Admin/Viewer roles, email invites, 24h session TTL
🗝
API Key Management
Centralized keys: MANRS, PeeringDB, Shodan, AbuseIPDB, Claude
📦
Cache Management
PeeringDB SQLite, CAIDA, Whois LRU, RPKI VRP pre-warming
📝
Log Level Control
4 levels, file logging with daily rotation, 3-day retention
💾
Backup & Restore
9-table ZIP export/import, atomic transactions, preview panel
🗑
Data Retention
Per-table retention config, daily auto-purge, manual triggers
🔌
WebSocket Push
Socket.io server-push, eliminates 12 req/min per tab
🔒
AES-256-GCM Encryption
Credential encryption at rest, ENCRYPTION_KEY env var

Integration & API

Extensible platform with REST API, monitoring dashboards, MCP server, and 47 notification types across 3 channels
🔔
47 Notification Types
Telegram + Email + Webhook + Recipes across 8 categories
📅
Scheduled Reports
Daily/weekly/monthly via Email, Telegram, Webhook. AI digest 06:00 UTC
📄
Compliance PDF Reports
3 templates, 12 sections, GOLINE branding, PDFKit engine
🌐
REST API (7 endpoints)
/api/v1/ with rp_xxx key auth, 60 req/min rate limit
📊
Prometheus /metrics
40+ metrics: routers, peers, RPKI, flows, ML, anomalies, CPU, RAM
📈
Grafana Dashboard
28-panel template, 7 rows, downloadable JSON, setup guide
🤖
MCP Server
11 tools via Streamable HTTP, Claude Desktop + Cursor support
🔗
Webhook Recipes
Slack blocks, Discord embeds, PagerDuty incidents, Jira issues
📧
Email Templates
GOLINE-branded HTML, Outlook / Gmail / Thunderbird compatible
📡
Live Event Feed
Socket.io broadcast of all system events to connected clients
🔍
AS Enrichment
CAIDA, PeeringDB SQLite, RIPE Whois, GeoIP2, Team Cymru, RDAP
📖
Changelog
In-app 400+ version history with category badges and search

Cloudflare Magic Transit & RTBH

On-demand DDoS protection and Remote Triggered Black Hole routing — integrated natively into RoutePulse
☁️🛡️ Real-time DDoS Protection

Webhook endpoint receives Cloudflare alerts in real-time (5s Telegram delivery). 11 alert types: L3/L4 DDoS, MNM auto-advertisement, tunnel health, BGP hijack. Smart debounce: 10s for DDoS (consolidates multiple CF webhooks), instant for critical. CF payload parser extracts Gbps/Mpps from all alert formats. Tested with 7 Gbps / 14.5 Mpps real DDoS attacks.

📡 BGP Prefix Management

Advertise/withdraw 5 on-demand prefixes (4 IPv4 + 1 IPv6) with verify-after-write safety (GET confirms PATCH before updating state — prevents BGP blackhole on API failure). Manual advertise skips auto-withdraw. Auto-withdraw check every 15s with instant calm detection from webhooks. 5-retry API resilience (0/3/8/15/30s backoff, 60s timeout).

📋 124 DDoS L3/L4 Rules

Full searchable table of all Cloudflare managed DDoS rules. 70 service presets for custom overrides (Web, VPN, VoIP, Database, Gaming, Industrial/IoT). Simple + Advanced wirefilter editor.

🗄 Tunnels, CNI & Static Routes

GRE/IPsec tunnel + CNI monitoring with near real-time throughput (5-min window from magicTransitNetworkAnalyticsAdaptiveGroups). CNI V2 interconnect status (Equinix ZH4, 10G). DDoS intelligence dashboard: Protection Ratio (pass vs drop), Top Attack Sources (ASN + country), Mitigation Edge Locations (CF PoPs). 14 static routes with priority-based failover.

🎯
RTBH Blackhole (IPv4/IPv6)
Inject/withdraw /32, /24 (IPv4) and /128 (IPv6) via persistent SSH. BGP community 65535:666 upstream signaling.
🧹
Router Route Verification
Live SSH query confirms active blackhole routes on upstream routers. Full audit trail.
Auto-Withdraw Logic
15-minute calm period auto-withdraws prefixes (15s check interval). Attack-end webhook starts countdown instantly. Manual advertise skips auto-withdraw. Verify-after-write prevents state desync.
📊
Attack Statistics
Peak attack tracking, aggregate events (total Mbps/pps/sources), per-prefix history. Smart micro-mitigation filtering (<1000 pps = info, not notified). 8 redesigned Telegram templates with auto Gbps/Mpps formatting.

Built for Enterprise

Performance, reliability, and security at every layer
<1 μs
Threat indicator lookup
Bloom filter, 52K+ indicators
~3s
Blackhole route injection
Automated mitigation response
100%
ASN resolution coverage
Four-tier resolution chain
1,300x
Query acceleration
Materialized views, optimized storage
99%
AI cost reduction
From $282/day to $1-3/day
40K+
Flows/min sustained
Zero packet loss ingestion

300 features, 98 pages, 39 tRPC routers, ~690 endpoints. Designed and built entirely in-house. High-performance binary protocol parsers, columnar analytics engine (35 ClickHouse tables), real-time streaming architecture, 18-model ML pipeline with adaptive ensemble learning and 15 cross-model correlation rules, Conviction Engine (SPRT + Thompson Sampling), 6-layer autonomous AI engine (ANIE), and native SIEM integration (Suricata IDS + FortiGate IPS). AES-256-GCM encryption at rest, RBAC access control, full audit trail, NIS2/DORA-ready compliance reporting.

Built on open standards: MANRS · RIPE RPKI · PeeringDB · MISP · NIST CSF

Built for AS202032

RoutePulse is engineered and operated by the GOLINE SOC team — providing 24/7 BGP analytics, threat intelligence, and automated defense for our network infrastructure.

Visit RoutePulse
GOLINE SA · Via Croce Campagna 2, CH-6855 Stabio, Switzerland · soc@goline.ch