HyFabric
Platform Features

Built to defeat
every restriction

HyFabric combines a gigabit-class proxy network with cryptographic obfuscation, intelligent traffic shaping, and a six-layer security stack — engineered to stay connected where others fail.

Start free trial Read the docs

1 Gbps+

Per-node throughput

10,000

Concurrent sessions

50+

Global locations

0

Logs stored

How it works

Your traffic, invisibly routed

Every packet leaving your device is cryptographically disguised before it touches the network. HyFabric's QUIC-based transport handles packet loss and reordering at the protocol level — delivering consistent speeds even on lossy, throttled, or restricted connections.

QUIC transport adapts to packet loss — unlike TCP-based VPNs, performance stays high on degraded links
Unauthenticated probes receive HTTP 404 — your server is indistinguishable from a normal HTTPS site
TLS 1.3 with valid certificates from trusted CAs — no custom roots required

Live connection path

Your device
Obfuscation
HyFabric node
Destination

TLS 1.3

All connections

Obfuscated

Looks like noise

1 Gbps+

Per node

50+ nodes

Global coverage

Anti-Censorship

Port hopping defeats the blockers

When ISPs or firewalls block specific ports, HyFabric automatically rotates through a range of ports on a schedule. Your session continues without interruption — QUIC routes by connection ID, not port number, so rotation is completely transparent.

Primary port :443 is always active and never rotated
Up to 4 hop ports active simultaneously — clients follow the same rotation
Existing connections survive rotation with zero interruption
Works alongside traffic obfuscation for double protection

Active ports — rotating every 30s

:443Primary
:20003
:20017
:20031
:20055

Port 443 is always active. Hop ports cycle automatically.

Traffic Obfuscation

Every packet looks like random noise

Salamander obfuscation disguises every UDP datagram as cryptographically random noise before it leaves your device. DPI systems that inspect traffic signatures cannot identify the protocol — it is statistically indistinguishable from random data.

DPI sensors cannot fingerprint QUIC, Hysteria 2, or any known protocol
Statistical traffic analysis is defeated — no repeating patterns
Enabled automatically based on your plan and node configuration

Packet structure

Salt (8 bytes)

e4 f2 91 aa 03 7c b8 d1

Obfuscated payload

3f 8a c2 ⊕ keystream...

keystream = BLAKE2b-256(password_hash ‖ salt)
Per-packet random salt — no two packets share a keystream
Stateless XOR — encrypt and decrypt are the same operation
8-byte overhead per datagram — negligible performance cost

Weighted Fair Queuing

Application-aware traffic prioritization

Most VPNs treat all packets equally, meaning a background OS update can cause your VoIP call or game to lag. HyFabric performs inner-stream inspection to assign priority classes to every flow in real-time.

Gaming traffic is accelerated via a zero-delay fast path
Streaming traffic guarantees buffer-free 4K playback
Bulk downloads are smoothly deprioritized to preserve node health

Live weighted fair queue

Gaming / Real-time4× PRIORITY
Streaming (Netflix, YouTube)2× PRIORITY
Bulk (Windows Update)0.5× PRIORITY

Algorithmic Shaping

Mathematically impossible to overload

Instead of hard bandwidth caps that fail under load, HyFabric constantly recalculates the true hardware capacity of the node and applies a continuously refined Exponential Moving Average (EMA) to smooth out traffic spikes.

Leaky-bucket algorithm ensures perfectly fair distribution among users
Nodes automatically adapt to hardware-level or ISP-level congestion
Guarantees stable latency even at 99% CPU utilization
Node Capacity: 1 GbpsUsers: 10
Hardware Ceiling
EMA Fair Share
Load

As load increases, the algorithm smoothly depresses the per-user limit. The hardware ceiling is never breached.

Resource Efficiency

Pre-TLS DDoS Rejection

Cryptographic handshakes are computationally expensive. When a node is under attack, verifying bad TLS certificates burns CPU. HyFabric drops malicious traffic before the TLS handshake even begins.

Rejects millions of malicious packets per second with zero CPU penalty
Automatically quarantines offending IP ranges globally
Valid user traffic passes through completely unaffected
Pre-TLS Filter
Engine

Security

Six layers of active probe defence

Every HyFabric node runs a multi-layer probing shield. Scanners and DPI probes are not just rejected — they are tarpitted, fed a fake response at 1 byte per 5 seconds to exhaust their resources while revealing nothing useful.

Pre-TLS rate limiting blocks scanning at the network layer — free to reject
Anti-replay cache prevents credentials being reused even milliseconds later
Credential auth returns HTTP 404 — server is indistinguishable from plain HTTPS
Timestamp drift check means stolen tokens expire within 60 seconds

Probing Shield — layer scan

Layer 1Per-IP rate limiting
Layer 2TLS fingerprint check
Layer 3Anti-replay protection
Layer 4Auth masquerade (HTTP 404)
Layer 5Timestamp drift validation
Layer 6Auth frame timeout

Kernel Bypass

Microsecond latency via eBPF

Traditional VPNs process packets in user space, suffering from heavy context-switching penalties. HyFabric uses eBPF (XDP) to process and shape packets directly at the network card level — bypassing the OS kernel entirely for line-rate gigabit throughput.

Zero-copy networking — packets are routed without copying memory
Line-rate UDP shaping performed directly in the kernel fast-path
Drastically reduces CPU load allowing 10,000+ sessions per node

Packet Processing Path

Standard VPNHigh latency
User Space App
OS Kernel
Network Card (NIC)
HyFabric Hardware Fast-PathMicrosecond latency
User Space (Bypassed)
OS Kernel (Bypassed)
Network Card + eBPF

Global Intelligence

Instant, telemetry-driven routing

When you connect, you aren't assigned a random server. The orchestrator actively evaluates real-time telemetry from the entire fleet — cross-referencing node load, geographic proximity, and ping — to dynamically route you to the absolute optimal node.

Nodes report metrics to the control plane every 15 seconds via Redis
Congested or high-latency routes are automatically excluded from rotation
Session map proximity clustering ensures even distribution in dense regions

Top-K Best Node Selection

Node A
Load84%
Ping45ms
Node B
Load62%
Ping120ms
Node C
Load12%
Ping14ms
Node D
Load91%
Ping32ms

DashMap Telemetry Evaluation

Zero-Downtime Infrastructure

Instant fleet updates without dropping sessions

Enterprise reliability means no maintenance windows. HyFabric coordinates global engine upgrades via an instant Redis Pub/Sub architecture. Nodes seamlessly swap binaries and restart while preserving all active QUIC connections.

Zero-latency Pub/Sub delivery ensures all nodes upgrade simultaneously
Active connections survive the engine restart process
Auto-presigned updates verify cryptographic signatures before installing

Live Fleet Deployment

Fleet Version: v1.2.1
Active Sessions: 10,482Dropped: 0

Privacy

Zero logs. Nothing stored. Ever.

HyFabric operates a strict zero-log policy enforced at the infrastructure level. No connection logs, no traffic logs, no DNS queries, no IP addresses. There is nothing to hand over because nothing is recorded.

SSRF egress filtering blocks connections to private/internal IP ranges
Each node cryptographically bound to its identity at install time
Compromised nodes cannot impersonate other nodes — verified by the control plane
Which websites you visitNever logged
When or how long you connectNever logged
Your real IP address post-connectionNever logged
DNS queries made through the proxyNever logged
Your email (billing only)Stored
Your plan tierStored

Client compatibility

Works with every major client

Import your subscription link or config file — no custom app required.

Shadowrocket
Hiddify
Clash Meta
Sing-box
NekoBox
HY2 CLI

Ready to break through?

Start your free trial today. No credit card required — connect in under 2 minutes.

Get started free View pricing