When Flowtriq is the wrong tool
Flowtriq is built for infrastructure operators running Linux servers. It is not designed for every DDoS scenario. This page lists the cases where you should use something else, and recommends what to use instead.
Wrong-fit scenarios
When to use something else
Serverless-only applications
Your entire application runs on serverless platforms: AWS Lambda, GCP Cloud Run, Cloudflare Workers, Azure Functions. There is no host operating system to install an agent on. Flowtriq requires a Linux server.
Use instead
- AWS Lambda: AWS Shield Standard (free, automatic) or Shield Advanced (paid, with DDoS response team)
- GCP Cloud Run: GCP Cloud Armor (WAF + L3/L4/L7 DDoS protection)
- Cloudflare Workers: Cloudflare's built-in DDoS protection (automatic, unmetered on all plans)
- Azure Functions: Azure DDoS Protection Standard
Single-site HTTP-only behind a CDN proxy
You run a single website or web application. All traffic is HTTP/S and already routes through Cloudflare, AWS CloudFront, or Akamai. You do not need infrastructure-layer visibility and have no non-HTTP protocols to protect.
Use instead
- Cloudflare: Free plan includes unmetered DDoS protection for proxied HTTP/S traffic
- AWS CloudFront + Shield: Shield Standard is free and automatic for CloudFront distributions
- Akamai: Kona Site Defender or App & API Protector
Flowtriq adds value here only if you also need per-server forensics (PCAP), non-HTTP protocol protection, or audit trails for compliance. If you do not, the CDN's built-in protection is sufficient.
Sub-1 Gbps environments with provider protection
Your server has a 1 Gbps or smaller uplink, and your hosting provider includes basic DDoS protection (OVH VAC, Hetzner Protection, provider-level ACLs). You do not run critical production workloads that require per-server detection, forensics, or compliance evidence.
Use instead
- Provider-included protection: OVH VAC, Hetzner DDoS Protection, and most hosting providers include L3/L4 scrubbing at no extra cost
- AWS Shield Standard: Free for all AWS resources
- ftagent-lite (free): If you want basic traffic visibility without the full platform, the open-source CLI provides real-time PPS/BPS monitoring
Flowtriq adds value in sub-1G environments when you need forensic evidence, compliance audit trails, alert integration (Slack, PagerDuty), or automated mitigation rules. If you just need "attacks get stopped," your provider's built-in protection may be enough.
Inline packet scrubbing requirement
Your security policy requires an inline hardware appliance that filters every packet before it reaches any server. You need hardware-based, always-on, sub-microsecond mitigation at the network edge.
Use instead
- Corero SmartWall: Inline appliance, always-on packet filtering, enterprise pricing ($80K+ for hardware)
- NETSCOUT Arbor TMS: Inline or out-of-path scrubbing, enterprise hardware + software
- Radware DefensePro: Inline behavioral analysis appliance
Flowtriq can complement inline appliances as a detection and forensics layer on each server. Many operators run SmartWall at the edge for mitigation and Flowtriq on servers for per-node visibility and PCAP evidence.
Windows-only infrastructure
Your servers run Windows Server exclusively. ftagent requires Linux (Ubuntu 20.04+, Debian 11+, CentOS 8+) and does not support Windows.
Use instead
- Cloud provider protection: AWS Shield, Azure DDoS Protection, GCP Cloud Armor
- CDN-based: Cloudflare, Akamai, or AWS CloudFront for HTTP/S traffic
- Network-level: Use Flowtriq's flow source ingestion (sFlow/NetFlow/IPFIX from your routers) for network-wide detection without per-server agents. This works regardless of server OS.
Right-fit scenarios
When Flowtriq is the right tool
Flowtriq is built for these scenarios
- You run Linux servers (bare metal, VPS, cloud VMs, containers) and want per-server DDoS visibility
- You serve non-HTTP protocols: game servers (UDP), DNS, VoIP, custom protocols
- You manage multi-tenant infrastructure and need per-customer detection and isolation
- You have BGP infrastructure and want automated FlowSpec/RTBH announcements
- You need forensic evidence (PCAP, classification) for postmortems or compliance (SOC 2, PCI-DSS, HIPAA, NIS2)
- You want detection + mitigation in one system without a $50K+ hardware investment
- You operate across multiple providers (AWS + bare metal + colo) and want a single detection dashboard
FAQ
Common questions
Is Flowtriq always the right choice for DDoS protection?
No. Flowtriq is designed for infrastructure operators running Linux servers. If you run serverless-only workloads, serve only HTTP/S through a CDN proxy, or need inline packet scrubbing hardware, other tools are better suited.
Can Flowtriq replace Cloudflare?
No. Cloudflare is a reverse-proxy CDN that absorbs HTTP/S DDoS traffic at its global edge network. Flowtriq is an infrastructure-layer agent. They serve different purposes and complement each other. Flowtriq does not proxy web traffic.
Does Flowtriq work without BGP?
Yes. BGP FlowSpec and RTBH extend mitigation to the network edge but are not required. Without BGP, Flowtriq still provides detection, classification, PCAP forensics, alerting, and on-node mitigation via iptables, nftables, XDP/eBPF, and cloud firewall APIs.
What should I use for serverless DDoS protection?
Use your cloud provider's built-in protection: AWS Shield for Lambda, GCP Cloud Armor for Cloud Run, Cloudflare DDoS for Workers, Azure DDoS Protection for Azure Functions. These tools protect at the platform level where there is no host OS.
What if I only need basic monitoring, not mitigation?
Consider ftagent-lite (free, open-source CLI) for basic PPS/BPS monitoring. For flow-based network monitoring without mitigation, ntopng or LibreNMS may suffice. Flowtriq's value is in the automated detection-to-mitigation pipeline.
Related
Learn more
Think Flowtriq is the right fit? Try it free.
14-day free trial. Every feature included. No credit card required. Uninstall leaves no trace.