Ingress and public exposure
Prefixes can be announced through BGP or delivered through protected IPs depending on whether you keep your own blocks and routing logic or want a faster initial rollout.
Anti-DDoS protected IP transit
Protected IP transit and clean traffic delivery for exposed infrastructure
Anti-DDoS mitigation built for real network environments: prefixes announced through BGP or protected IPs, adaptive filtering, then legitimate traffic handed back through cross-connect, GRE, IPIP, VXLAN or a router VM.
Production-ready delivery models
Anti-DDoS protected IP transit
Protected IP Transit
Starting from €1/Mbps
- 100 Mbps minimum commit at 95th percentile
- BGP included
- Tunnel, cross-connect or router VM
- Advanced Anti-DDoS filtering included
24h free trial on every offer
15+ Tbps
Cross-connect, GRE, IPIP, VXLAN, router VM and BGP announcements depending on the integration model.
15+ Tbps protection
BGP included
GRE / IPIP / VXLAN
Cross-connect
Router VM
24h free trial
L3 / L4 / L5 / L7
Delivery architecture
How Peeryx fits between the Internet and your infrastructure
Peeryx is not just an abstract protection layer. The service sits in the network path to absorb the attack, separate legitimate traffic, then deliver that clean traffic back through the model that best matches your topology and operating constraints.
BGP included
Under-ASN and AS-SET support
GRE / IPIP / VXLAN / cross-connect
Symmetric or asymmetric routing
Mitigation layer
Continuous legitimate traffic analysis, targeted filters and upstream relief only when attack volume requires it, without arbitrarily slowing useful traffic.
Delivery toward production
Cross-connect, GRE, IPIP, VXLAN or a router VM depending on the integration model and the level of network control your team expects.
Existing infrastructure preserved
Dedicated servers, hosting networks, gaming services, APIs or critical platforms can be protected without forcing a full migration of what is already in production.
Where traffic enters, how it is filtered, how it gets delivered back and what operational constraints that creates in the real environment.
Deployment diagrams
Two concrete ways to get clean traffic back
The same mitigation layer can be delivered in different ways depending on whether you keep your own prefixes, your routing logic, your existing dedicated server or your current hosting topology.
Protected IP transit
For prefixes announced through BGP with clean traffic handed back toward your edge or network.
Peeryx architecture
Protected transit
Adaptive mitigation and clean delivery
- Prefix announcements and BGP included
- Designed for operators, hosters and exposed services
- Can run in symmetric or asymmetric mode
Existing infrastructure protection
Keep an OVH or Hetzner dedicated server, or another production setup, and get clean traffic back through a tunnel or another suitable handoff.
Flexible deployment
GRE / BGP delivery
Protection without full migration
- GRE tunnel or another delivery model
- Full migration is not mandatory
- Designed for environments already in production
Delivery models
Choose the right integration model
Depending on your topology, clean traffic can be delivered through protected IPs, GRE, IPIP, VXLAN, cross-connect or a router VM. The right choice depends mainly on the infrastructure already in place and the level of network control you need.
Protected IPs
A practical way to start quickly with clean public exposure and lower early complexity.
GRE tunnel
A standard model for protecting an existing dedicated server without rebuilding the full architecture.
BGP
Best suited when your own prefixes and routing policies need to remain in place.
Production-first approach
The objective remains to add protection without disrupting the customer’s daily operations.
Built for deployments that have to work in production
Peeryx is designed for network teams, hosters, gaming platforms and critical services that need a protection model they can actually operate: where traffic enters, how it is filtered, how it returns to production and what that means for routing.
BGP announcement included at no extra cost
No prefix announcement limit
Under-ASN support included
AS-SET supported out of the box
Protected IP Transit
Starting from €1/Mbps
- 100 Mbps minimum commit at 95th percentile
- BGP included
- Tunnel, cross-connect or router VM
- Advanced Anti-DDoS filtering included
- Post-filter firewall included
- 5 included firewall rules
- 24h free trial
Transit pricing
Clear pricing for operators, hosting providers, exposed TCP/UDP services and latency-sensitive infrastructure.
100 Mbps → 500 Mbps
€1/Mbps
Commit pricing
500 Mbps → 1 Gbps
€0.60/Mbps
Commit pricing
1 Gbps → 5 Gbps
€0.44/Mbps
Commit pricing
5 Gbps → 10 Gbps
€0.29/Mbps
Commit pricing
Minimum commit: 100 Mbps at 95th percentile
Excess outside commit: €1.50/month per exceeded Mbps
Delivery and integration capabilities
BGP announcement included and free
No prefix announcement limit
Under-ASN support included
AS-SET parameter supported
Anti-DDoS firewall included
Behavioral AI-based protection included
5 post-filter firewall rules included
Additional rules available at low extra cost
+190€/mois
Optional Game filtering
Game Anti-DDoS filtering is available as a €190/month add-on for transit customers. It adds more specialized rules for gaming traffic while minimizing the risk of impacting legitimate sessions.
Activation timelines
Tunnel delivery
Up to 24 hours
Cross-connect delivery
Up to 72 hours
Urgent option
+€250 setupActivation in under 2 hours
Specialized application shielding alongside the core network offer
Reverse Proxy Game offers answer targeted application needs. The core of the site, however, remains protected transit, network mitigation and clean traffic delivery toward existing infrastructure.
Blog
Technical guides and architecture notes
Content written for technical buyers: delivery models, protection for infrastructure already in production, latency, asymmetric routing and the criteria that matter before you buy.
Protected IP transit: understand the model
Link saturation, 95th percentile, blackholing, asymmetric routing and clean traffic delivery: the fundamentals before comparing providers.
Read the articleProtect an existing dedicated server with GRE or BGP
How to keep an OVH or Hetzner server in production and get legitimate traffic back without rebuilding the whole infrastructure.
Read the articleGRE, BGP or protected IPs: which model fits best?
The strengths, limits and deployment cases of the main anti-DDoS delivery models depending on topology and network control.
Read the articleTransit FAQ
Is BGP included with transit delivery?
Yes. BGP is included by default on the transit offer, whether delivery is made through tunnel, cross-connect or router VM.
Is there a limit on announced prefixes?
No. Prefix announcements are not artificially limited, and under-ASN operation with AS-SET support is available.
Can I use my own router logic?
Yes. Peeryx can provide a router VM if you prefer to manage tunnels yourself and return traffic through iBGP or eBGP.
What is included in the default filtering stack?
The offer includes Anti-DDoS mitigation, a post-filter firewall and behavioral AI-based analysis, plus five included firewall rules.
Let’s discuss your real topology, not a generic scenario
Share your prefixes, links, routing model, current hoster and the way you want clean traffic delivered back. We reply with a credible deployment design and a quote.