Operators and hosters
Peeryx adds a premium protection layer without forcing a single delivery model. The service integrates into real topologies with BGP and multiple handoff options.
Anti-DDoS protected IP transit
Peeryx: protected IP transit and clean traffic delivery for exposed infrastructure
Peeryx protects services that are already in production through a readable network model: exposure through BGP or protected IPs, adaptive mitigation, then legitimate traffic delivered back through cross-connect, GRE, IPIP, VXLAN or a router VM depending on your topology.
BGP, protected IPs and clean traffic handoff
Protected IP transit with BGP included, under-ASN and AS-SET support
Clean-traffic delivery through cross-connect, GRE, IPIP, VXLAN or a router VM
Protection for infrastructure already in production without forced migration
24h trial to validate the integration design before a larger rollout
Anti-DDoS protected IP transit
Peeryx protected IP transit
Starting from €1/Mbps
- 100 Mbps minimum commit at 95th percentile
- BGP included
- Tunnel, cross-connect or router VM
- Advanced Anti-DDoS filtering included
Peeryx for exposed environments and technical teams
15+ Tbps
Protected IP transit, clean traffic delivery and readable network integration for environments that are already live.
Protected IP transit Anti-DDoS
BGP included
Protected IPs or customer prefixes
GRE / IPIP / VXLAN
Cross-connect / router VM
Pre-filtering before XDP / DPDK
L3 to L7 by service
24h trial depending on scenario
Peeryx for exposed environments and technical teams
Peeryx protects public exposure without complicating integration
Peeryx is built for operators, hosters, gaming platforms, SaaS and critical services that need a real network product: protect public exposure, keep BGP control and get legitimate traffic back cleanly without rebuilding the whole production environment.
- Choose between protected transit, protected IPs, GRE, IPIP, VXLAN, cross-connect or a router VM
- Keep your prefixes, your edge or even an existing dedicated server when that fits the design
- Assess latency, operating cost, handoff quality and routing constraints in concrete terms
- Start the conversation with a technical scope that is already usable
Gaming and real-time services
For latency-sensitive services, the goal is to absorb and filter the attack while keeping a return path aligned with sessions, egress and application constraints.
SaaS, APIs and critical platforms
Peeryx is more usable than a simple blackhole or an opaque mitigation layer: the customer can understand where traffic enters, how it is filtered and how it returns to production.
Technical buyers
The value of Peeryx is not a vague protection promise. It is a readable network model built around prefixes, mitigation, handoff, routing and service continuity.
Protected IP transit, clean traffic delivery and readable network integration for environments that are already live.
Where Peeryx creates the most value
Protect public exposure without breaking what already works
The right Peeryx scenario is not a blind replacement of your network. It is a protection layer that fits the existing environment, keeps production readable and preserves the right level of customer control.
- Keep prefixes, ASN, edge design and BGP policy when the design requires it
- Hand traffic back to an existing dedicated server, cluster, proxy or backbone
- Pre-filter upstream before your own XDP, DPDK or custom anti-DDoS proxy logic
- Choose a handoff model that matches latency targets, port constraints and daily operations
Hosters and private cloud teams
Peeryx helps protect exposed customer workloads without forcing a full migration or a single connection model.
Operators and backbone teams
The service keeps a real network language: prefixes, handoff, BGP, target latency and clean traffic returned to the infrastructure that matters.
Gaming, real-time and sensitive services
When latency, session stability and traffic-path clarity matter, Peeryx gives a more serious framework than a generic opaque scrubber.
Pre-filtering before custom logic
Peeryx can act as the upstream anti-DDoS layer, then hand traffic back to your own XDP, DPDK or specialized proxy stack.
Peeryx can protect end to end or play the role of the upstream anti-DDoS layer before your internal network or application logic takes over.
How Peeryx works
Peeryx intercepts the attack, filters precisely and hands back only useful traffic
Peeryx sits between the Internet and your production as a specialized network layer. Depending on the scenario, your prefixes are announced toward the platform or your services are exposed through protected IPs, then legitimate traffic is returned through the delivery model that best fits your environment.
Protected transit or protected IPs depending on the need
BGP included with under-ASN and AS-SET support
GRE / IPIP / VXLAN / cross-connect / router VM
Compatible with symmetric or asymmetric routing
Controlled network exposure
BGP announcements for your prefixes or exposure through protected IPs depending on the level of control you want, rollout speed and the way your network already operates.
Mitigation built around real traffic
Filtering is designed to preserve legitimate traffic, with continuous observation, targeted signatures and upstream relief only when attack volume truly requires it.
Delivery matched to your topology
Cross-connect, GRE, IPIP, VXLAN or a router VM: Peeryx does not force a single model. The right handoff depends on your edge, hoster, target latency and operating style.
Existing infrastructure preserved
Dedicated servers, clusters, gaming platforms, APIs and critical services can stay where they are. The goal is to protect what already runs before considering wider changes.
How Peeryx receives traffic, how mitigation is applied, how clean traffic comes back and how much network control the customer keeps.
Deployment diagrams
Two concrete ways to get clean traffic back
The same mitigation layer can be delivered in different ways depending on whether you keep your own prefixes, your routing logic, your existing dedicated server or your current hosting topology.
Protected IP transit
For prefixes announced through BGP with clean traffic handed back toward your edge or network.
Peeryx network blueprint
From exposed traffic to clean traffic
A readable model: protected ingress, mitigation, handoff decision and clean delivery aligned with your topology.
Protected ingress
Targeted mitigation
Clean traffic handoff
- Prefix announcements and BGP included
- Designed for operators, hosters and exposed services
- Can run in symmetric or asymmetric mode
Existing infrastructure protection
Keep an OVH or Hetzner dedicated server, or another production setup, and get clean traffic back through a tunnel or another suitable handoff.
Existing dedicated server integration
Protection without rebuilding production
Peeryx can clean traffic upstream and hand legitimate traffic back to a server that is already live.
Fast deployment
Preserve existing infra
Clean return path
- GRE tunnel or another delivery model
- Full migration is not mandatory
- Designed for environments already in production
Delivery models
Choose the right integration model
Depending on your topology, clean traffic can be delivered through protected IPs, GRE, IPIP, VXLAN, cross-connect or a router VM. The right choice depends mainly on the infrastructure already in place and the level of network control you need.
Protected IPs
A practical way to start quickly with clean public exposure and lower early complexity.
GRE tunnel
A standard model for protecting an existing dedicated server without rebuilding the full architecture.
BGP
Best suited when your own prefixes and routing policies need to remain in place.
Production-first approach
The objective remains to add protection without disrupting the customer’s daily operations.
A network offer built to protect without forcing a redesign
Peeryx is for teams that want a service they can evaluate clearly: whether you keep your own prefixes, an existing dedicated server, your edge or asymmetric routing, the objective is to hand back clean traffic properly while preserving operations.
Prefixes, ASN and BGP policies can remain in place depending on the scenario
Clean traffic can be handed back to an existing dedicated server, cluster, proxy or backbone
Upstream pre-filtering is possible before your own XDP, DPDK or custom proxy logic
Integration is designed for real production environments, not just a lab diagram
Peeryx protected IP transit
Starting from €1/Mbps
- 100 Mbps minimum commit at 95th percentile
- BGP included
- Tunnel, cross-connect or router VM
- Advanced Anti-DDoS filtering included
- Post-filter firewall included
- 5 included firewall rules
- 24h free trial
Transit pricing
Readable pricing for teams comparing a real protected transit service with handoff models adapted to customer network constraints.
100 Mbps → 500 Mbps
€1/Mbps
Commit pricing
500 Mbps → 1 Gbps
€0.60/Mbps
Commit pricing
1 Gbps → 5 Gbps
€0.44/Mbps
Commit pricing
5 Gbps → 10 Gbps
€0.29/Mbps
Commit pricing
Minimum commit: 100 Mbps at 95th percentile
Excess outside commit: €1.50/month per exceeded Mbps
What Peeryx enables in production
A production-ready offer without making your architecture heavier than it needs to be
Peeryx is not only about absorbing attacks. The offer is built to simplify BGP announcements, preserve network flexibility and keep filtering options that remain genuinely useful once clean traffic is delivered back.
BGP announcement included and free
No prefix announcement limit
Additional rules available at low extra cost
01
BGP and routing control
Everything needed to announce your prefixes cleanly and integrate the service without friction on the routing side.
- BGP announcement included and free
- No prefix announcement limit
- Under-ASN support included
- AS-SET parameter supported
02
Filtering already included
A serious mitigation baseline available from day one, without needing to assemble multiple separate layers first.
- Anti-DDoS firewall included
- Behavioral AI-based protection included
03
Operational flexibility
Rules and extensions that can grow with the environment without redesigning the whole delivery model.
- 5 post-filter firewall rules included
- Additional rules available at low extra cost
+190€/mois
Optional game filtering
Add a specialized filtering layer for services like Minecraft Java or FiveM while keeping the same network foundation and clean-traffic delivery model.
Deployment windows
Tunnel delivery
Up to 24 hours
Cross-connect delivery
Up to 72 hours
Urgent option
+€250 setupActivation in under 2 hours
Specialized protection for Minecraft Java and FiveM
Reverse Proxy Game offers extend the Peeryx core when an application needs more specific filtering. The foundation stays the same: network protection, serious mitigation and clean traffic delivery back to the customer environment.
Blog
Technical guides and architecture notes
Content written for technical buyers: delivery models, protection for infrastructure already in production, latency, asymmetric routing and the criteria that matter before you buy.
How do you mitigate a DDoS attack above 100Gbps?
Link, PPS, CPU, upstream relief and clean handoff: the real framework behind credible 100Gbps mitigation.
Read the articleBGP Flowspec for DDoS: useful or dangerous?
What Flowspec does well, what it should never do alone and how to fit it into a safe multi-layer strategy.
Read the articleUpstream Anti-DDoS pre-filtering: when to use it and why it changes everything
Upstream Anti-DDoS pre-filtering is not a magic layer. Used correctly, it removes obvious noise early, protects links and leaves the smarter layers enough room to keep working.
Read the articleDedicated Anti-DDoS filtering server: when is it the best compromise?
A dedicated Anti-DDoS filtering server takes pressure away from production, allows finer logic and gives you better control over clean traffic delivery. It is not always mandatory, but it is often the best balance between cost and flexibility.
Read the articleAnti-DDoS clean traffic delivery: why the handoff matters as much as mitigation
Many websites talk about mitigation capacity and far fewer talk about clean traffic delivery. Yet a credible Anti-DDoS design does not stop at scrubbing: legitimate traffic still has to be delivered back to the right target properly.
Read the articleGaming Anti-DDoS: why generic filtering is not always enough
Gaming does not only need volume absorption. It also needs player experience protection, low false-positive rates and handling of protocol behaviours that do not look like a normal web frontend.
Read the articlePeeryx FAQ
Is Peeryx only focused on gaming?
No. The core Peeryx offer is Protected IP Transit Anti-DDoS for operators, hosters, SaaS, APIs, critical services and exposed infrastructure. Gaming offers are specialized add-ons.
Do I need to migrate my whole infrastructure to use Peeryx?
No. Peeryx can protect infrastructure already in production and return clean traffic through BGP, GRE, IPIP, VXLAN, cross-connect or a router VM depending on your design.
Can I keep my prefixes, ASN and BGP logic?
Yes. BGP announcement is included, under-ASN support is available and AS-SET can be supported when the integration scenario requires it.
Can Peeryx be used as pre-filtering before internal or custom filtering?
Yes. Depending on the architecture, Peeryx can absorb, clean and hand traffic back to your infrastructure so that you keep part of the control or additional filtering internally.
Let’s discuss your real architecture
Share your prefixes, links, current hoster, routing model and the way you want clean traffic handed back. We will return with a credible deployment design and a quote.