AS203446
DDoS Protection via GRE Tunnel
SMARTNET / GRE Protection

DDoS Protection via GRE

Remote DDoS mitigation for networks outside our facilities. Route traffic through SMARTNET, filter attacks, and receive clean traffic back over GRE.

View offer How it works Limitations
GRE Mitigation

Remote scrubbing without colocating your hardware

GRE protection is for customers who operate infrastructure outside SMARTNET but still want traffic filtered through our mitigation platform. Your prefixes are routed to SMARTNET, attack traffic is removed, and clean traffic is delivered to your router over a GRE tunnel.

01

Traffic enters SMARTNET

We receive the protected traffic through BGP announcement or routing policy and pass it into the mitigation path.

02

Attacks are filtered

Network-layer and transport-layer attacks are filtered before they reach your infrastructure.

03

Clean traffic returns via GRE

Clean packets are encapsulated and delivered to your endpoint over the GRE tunnel.

Use Case

When GRE protection makes sense

GRE is useful when you need protection quickly, cannot move hardware, or want to protect a remote ASN without ordering a physical cross-connect.

GRE
Remote delivery

Protection without placing hardware inside our rack.

BGP
Prefix routing

Suitable for customers with their own ASN and prefixes.

IPv4
IPv4 support

IPv4 protected prefixes routed through SMARTNET.

24/7
Portal + support

Customer portal visibility and support via ticket.

Technical Requirements

Requirements before ordering

GRE is simple, but it still needs a correctly sized and stable endpoint. Bad tunnel endpoints create problems that mitigation cannot fix.

Routing

  • BGP or static routing
  • Customer-owned or routed IP space
  • Correct route objects / ROAs recommended
  • Clear list of protected prefixes

Tunnel endpoint

  • Stable endpoint connectivity
  • Sufficient CPU for GRE encapsulation
  • Correct MTU / MSS handling
  • Router capable of expected throughput

Traffic profile

  • Expected clean traffic commit
  • Main protocols and ports
  • Game / voice / VPN workload details
  • Known attack history if available

Operational access

  • Delta customer portal access
  • Ticket contact for routing changes
  • MTR / WinMTR for troubleshooting
  • Accurate service and destination details
Limitations

GRE is practical, but not magic

GRE tunnels run over the internet between both endpoints. If the tunnel endpoint or the upstream path to it is unstable, overloaded or far away, the protected service will still suffer.

Not ideal for latency-critical games

For game servers and other latency-sensitive services, a physical interconnect to SMARTNET is usually better than GRE. GRE adds encapsulation and depends on the quality of the internet path between both endpoints.

MikroTik GRE is not recommended

Many MikroTik routers are not able to handle GRE traffic above 1 Gbps reliably. We do not provide support for performance issues caused by MikroTik-based GRE endpoints.

No cross-continent tunnel support

We do not recommend using SMARTNET GRE tunnels when the customer endpoint is outside Europe. Cross-continent GRE makes packet loss and latency issues harder to debug and is not suitable for serious latency-sensitive workloads.

Mitigation Scope

What GRE protection can cover

GRE delivery does not change the mitigation model. It is still network-layer and transport-layer protection, not Layer 7 application filtering.

Covered attack types

UDP floods
TCP floods
ICMP floods
Amplification floods
Resource exhaustion
Other protocol floods
PCAP replay patterns
Zero-day pattern detection

Not covered by GRE mitigation

Layer 7 HTTP(S) floods
Real application bot traffic that looks valid to the network
Application logic abuse
Problems caused by overloaded customer tunnel endpoints
Offer

GRE DDoS protection

Remote mitigation via GRE tunnel. Suitable for remote networks, BGP customers and infrastructure that cannot be moved into SMARTNET facilities.

GRE tunnel

  • BGP or static routing
  • IPv4 and IPv6 support
  • SMARTNET mitigation platform
  • Clean traffic returned over GRE
  • /30 IPv4 and /128 IPv6 tunnel addressing
  • 1 Gbps 95/5 clean traffic included
  • Customer portal visibility
260 €
per month

Custom GRE

  • Higher clean-traffic commit
  • Multiple tunnels possible
  • Custom routing policy
  • Special workload review
  • Suitable for providers and larger networks
Custom pricing
Contact us for details

Better alternative

  • Physical cross-connect
  • Lower latency than GRE
  • Better troubleshooting
  • Suitable for game and voice services
  • 1G / 10G / 25G / 40G ports
View DDoS offers
FAQ

GRE protection FAQ

Contact

Need remote DDoS protection?

Send your prefixes, tunnel endpoint, traffic profile and protected services. We will tell you whether GRE is suitable or whether a physical interconnect makes more sense.

Contact us Looking Glass