Protected IP Transit Anti-DDoS | GRE, IPIP, VXLAN, Cross-connect

Delivery architecture

How Peeryx fits between the Internet and your infrastructure

Peeryx is not just an abstract protection layer. The service sits in the network path to absorb the attack, separate legitimate traffic, then deliver that clean traffic back through the model that best matches your topology and operating constraints.

BGP included Under-ASN and AS-SET support GRE / IPIP / VXLAN / cross-connect Symmetric or asymmetric routing

Request a quote View transit offer

Ingress and public exposure

Prefixes can be announced through BGP or delivered through protected IPs depending on whether you keep your own blocks and routing logic or want a faster initial rollout.

Mitigation layer

Continuous legitimate traffic analysis, targeted filters and upstream relief only when attack volume requires it, without arbitrarily slowing useful traffic.

Delivery toward production

Cross-connect, GRE, IPIP, VXLAN or a router VM depending on the integration model and the level of network control your team expects.

Existing infrastructure preserved

Dedicated servers, hosting networks, gaming services, APIs or critical platforms can be protected without forcing a full migration of what is already in production.

What a technical buyer expects to understand immediately

Where traffic enters, how it is filtered, how it gets delivered back and what operational constraints that creates in the real environment.

Delivery models

Choose the right integration model

Depending on your topology, clean traffic can be delivered through protected IPs, GRE, IPIP, VXLAN, cross-connect or a router VM. The right choice depends mainly on the infrastructure already in place and the level of network control you need.

Protected IPs

A practical way to start quickly with clean public exposure and lower early complexity.

GRE tunnel

A standard model for protecting an existing dedicated server without rebuilding the full architecture.

BGP

Best suited when your own prefixes and routing policies need to remain in place.

Production-first approach

The objective remains to add protection without disrupting the customer’s daily operations.

What you are actually buying

Transit first

A clear focus on protected transit for infrastructure, hosting and public-facing services.

Flexible delivery

Cross-connect, GRE, IPIP, VXLAN and router VM delivery models let you fit Peeryx into your existing network design.

Policy control

Five included post-filter firewall rules let you ratelimit, accept or drop traffic after mitigation.

Built for serious traffic

Protection spans L3, L4, L5 and L7, including DDoS targeting all L3/L4 protocols.

Delivery methods

Cross-connect

Protected transit delivered directly in datacenter for low-latency, high-trust interconnection.

GRE tunnel

Fast deployment model for secure protected transit over established GRE encapsulation.

IPIP tunnel

Simple routed delivery option when IPIP better matches your infrastructure constraints.

VXLAN tunnel

Flexible protected delivery for environments built around overlay network designs.

Router VM

Prefer to keep tunnel control on your side? Peeryx can provide a router VM for iBGP or eBGP return paths.

How the service integrates

1. Delivery design

Choose cross-connect, tunnels or router VM based on your existing topology and operational preferences.

2. Protected ingress

Traffic enters the Peeryx mitigation fabric where volumetric and protocol attacks are filtered in real time.

3. Post-filter policy

Firewall rules and behavioral analysis refine the accepted traffic profile after core mitigation.

4. Clean handoff

Filtered traffic is handed back to your infrastructure through the chosen delivery method, with BGP included.

Protected transit pricing

Commit-based pricing keeps the offer transparent while scaling efficiently for larger networks.

100 Mbps → 500 Mbps €1/Mbps

Commit pricing

500 Mbps → 1 Gbps €0.60/Mbps

Commit pricing

1 Gbps → 5 Gbps €0.44/Mbps

Commit pricing

5 Gbps → 10 Gbps €0.29/Mbps

Commit pricing

Overcommit excess: €1.50/month per exceeded Mbps

24h free trial available before purchase

Everything included in the default offer

BGP announcement included
No prefix announcement limit
Under-ASN support included
AS-SET parameter supported
Anti-DDoS firewall included
Behavioral AI-based mitigation included
5 included firewall rules
Additional rules available at low extra cost

Router VM

Router VM delivery option

If you prefer to control the tunneling layer yourself, Peeryx can provide a router VM so you can establish tunnels on your side and route traffic back using iBGP or eBGP according to your design.

Option

Optional Game Anti-DDoS filtering

Add specialized gaming traffic filtering for €190/month when you need deeper rules tailored to game protocols and session patterns.

Activation windows

Tunnel delivery

Up to 24 hours

Cross-connect delivery

Up to 72 hours

Urgent activation

Under 2 hours with €250 setup

Typical use cases

Hosting providers

Protect public-facing customer workloads without sacrificing delivery flexibility.

Infrastructure operators

Add premium Anti-DDoS protected transit to exposed backbone segments and edge services.

Enterprise services

Secure business-critical applications, APIs and platforms against disruptive traffic spikes.

Gaming-related networks

Protect game-adjacent infrastructure while keeping the transit product as the operational core.

Blog

Why this topic matters before choosing an anti-DDoS provider

Before buying protected transit, buyers should understand link saturation, 95th percentile billing, blackholing, asymmetric routing and the difference between static profiles and truly adaptive mitigation.

Architecture guide Reading time: 8 min