DDoS protection using BGP/GRE Tunnel

Services
- Infrastructure
  - iColocation
- Compute
  - cMetal
- Storage
  - sObject
  - sBlock
- Networking
- Protection
  - pBackup
  - pDDoS
Solutions
- Ecommerce
- Security
- Gaming
- Hosting
- Management
- Finance
- System Integrator
Dashboard

Psychz - Sharad

Votes: 0Posted On: May 26, 2017 03:08:13

We provide the best remote DDos protection services through GRE tunnelling.
This is how our Remote DDos Protection works!

1. The first step of the process is BGP announcement. Let us first discuss BGP in brief. BGP or Border Gateway Protocol isthe protocol used to route traffic among various Anonymous Systems (these are basically different networks with no supervision over one another). You need to announce your IP prefix on our network so that we can handle your network in case of DDos attacks.

2. The second step is BGP redirect. The BGP is responsible for routing your data to other networks. In case of a DDos attack, BGP redirect is implemented that redirects your traffic to our network (scrubbing centers), where we can examine the traffic and mitigate attacks.

3. BGP redirect is implemented to allow the traffic to enter our network. Once the BGP redirect is implemented, the traffic has to be send to our network. This is accomplished with the technique known as GRE tunnelling. GRE(Generic Routing Encapsulation) tunnel is a secure connection (a virtual tunnel) through which the traffic is diverted to our network.

4. Once your traffic reaches our network, we process your data through many levels of filtering to seperate the dirty traffic from the clean one. The data goes through initial levels of scrubbing at the core router itself. Ads traffic analyzer is used to analyze the traffic and distinguish between the traffic. After layer 1-7 scrubbing, the traffic undergoes final stages of filtering before it is returned to your network through GRE tunnel.

What is required to get setup with remote DDoS protection?

You will need your own IP space, ASN, and a router that is able to do BGP (Border Gateway Protocol) and GRE (Generic Routing Encapsulation) tunnels. To get setup, we'll need an LOA (Letter of Authorization) authorizing the announcement of your IP block (prefix) on our network.
Prefix is an IP block assigned to you from ARIN. LOA are Letter of Authorization where you will specify the prefix we are allowed to announce. The LOA must include your company letter head, ASN number, and a statement that says AS40676 is allowed to announce your prefix.

Is there is a cost associated with announcing and withdrawing prefixes for remote DDoS?

When a tunnel along with GRE is built, you do not need to announce prefixes all the time. You can wait until an attack occurs where you can announce the prefix to initiate the mitigation process. note you can only announce a /24 which is the smallest a BGP route allows for a provider to recognize that prefix. There are no charges when announcing and withdrawing prefixes. The flexility is in the network operator's decision.

Therefore, you get guaranteed DDos protection at affordable prices.

To view our DDos mitigation techniques in detail visit https://www.psychz.net/ddos-mitigation.html