Peeryx Network Anti-DDoS technology
Operator-grade Anti-DDoS protection designed to stay transparent
Peeryx Network protects prefixes, game servers, websites, applications and critical infrastructure by combining upstream capacity, high-performance local filtering and behavioral awareness of legitimate traffic.
The goal is not only to block an attack. The goal is to reduce dangerous traffic before saturation, clean what reaches our filtering servers, then deliver legitimate users with the most stable latency possible.
Upstream
FlowSpec
DPDK
Clean traffic
Peeryx Network
BGP · GRE · IPIP · VXLAN · Cross-connect
In plain terms
In plain terms
Peeryx Network filters the attack before it takes services offline. Upstream rules reduce the volume, mitigation servers clean the remaining traffic in depth, and legitimate traffic is handed back cleanly to your infrastructure.
Peeryx
The Peeryx mitigation cycle
Observe
Understand normal traffic for the protected service.
Detect
Identify the real attack signature.
Reduce
Use FlowSpec and transit providers to shrink the volume.
Clean
Filter deeply on Peeryx DPDK servers.
Deliver
Hand legitimate traffic back to the customer without voluntary cut-off.
01
Operator-grade Anti-DDoS infrastructure
Peeryx Network places filtering servers at the network edge, on points of presence designed to receive traffic before it reaches the protected infrastructure. Traffic crosses the mitigation layer in bridge mode, which enables filtering without imposing heavy application logic or unnecessary complexity on the customer side.
This model protects many use cases: protected IP transit, BGP prefixes, GRE/IPIP/VXLAN tunnels, gaming reverse proxy, dedicated servers and sensitive infrastructure.
- Filtering before customer infrastructure
- Clean handoff for legitimate traffic
- BGP, tunnel and cross-connect compatible
02
Filtering servers optimized for very high-PPS attacks
Peeryx servers use an internally developed and optimized mitigation engine based on DPDK. This technology processes packets close to the network hardware, with low latency and high packet-per-second capacity.
The hardware design relies on NVIDIA/Mellanox ConnectX-6 or ConnectX-7 network cards, AMD Ryzen Threadripper PRO processors up to 96 cores, RSS distribution and PCIe architectures designed to maximize throughput per port. Depending on the attack type and filtering profile, a server is designed to exceed 500 Mpps of processing capacity.
- NVIDIA/Mellanox ConnectX-6 and ConnectX-7 cards
- DPDK, RSS and multi-core processing
- Built for high-PPS floods, not only Gbps
03
Intelligent protection, not a generic static filter
Overly generic Anti-DDoS filtering can block players, break real-time applications or disrupt business protocols. Peeryx uses behavioral analysis: used ports, protocols, usual volumes, packet sizes, destinations and normal service variations.
When an attack starts, mitigation compares incoming traffic with the expected behavior. Rules are adjusted to block enough of the attack while preserving useful traffic, even when the attacker tries to imitate part of the legitimate traffic.
- Normal-traffic baseline
- Reduced false positives
- Rules adapted to the service actually being protected
04
Distributed capacity and upstream reduction through several transit providers
Peeryx Network relies on multiple points of presence and multiple IP transit providers. The goal is to avoid depending on a single link or provider when the attack becomes volumetric.
With 100G/400G ports and available transit-provider capacity, Peeryx can leverage more than 50 Tbps of upstream capacity to reduce large attacks before they saturate final links. The preferred logic is to avoid systematic blackholing: reduce upstream first, then clean locally.
- Multi-transit architecture
- More than 50 Tbps of upstream capacity
- Goal: reduce the attack without intentionally cutting the IP
05
BGP FlowSpec: fast reaction and highly selective rules
When an attack is detected, Peeryx can automatically generate BGP FlowSpec rules that target the observed characteristics: protocol, ports, TCP flags, packet lengths or impacted destinations.
FlowSpec asks transit providers to drop or limit part of the dangerous traffic before it reaches Peeryx. The filtering servers then take over for deeper analysis of the remaining traffic.
- Attack detection
- Selective rule generation
- Upstream reduction followed by local cleaning
06
A Marseille point of presence for latency and the Mediterranean region
The Marseille point of presence is strategic for France, Italy, Spain, Switzerland, Germany, Portugal and a large part of the Mediterranean region, including Algeria, Morocco and Tunisia.
Good Anti-DDoS protection should not only absorb attacks: it must also preserve network quality during normal operation. Peeryx therefore designs routes and delivery modes to limit added latency.
- Low latency toward Southern Europe
- Strategic position toward the Mediterranean region
- Delivery designed for network stability
07
Profiles built for gaming and real-time services
A FiveM, Garry’s Mod, Rust, Minecraft or Hytale server is not protected like a standard website. Ports, UDP, real-time exchanges and latency sensitivity require more precise mitigation.
Peeryx provides specialized filtering profiles for gaming and real-time use cases to reduce disconnects, lag, packet loss and false positives during attacks.
- FiveM, Garry’s Mod, Rust, Minecraft, Hytale
- Adapted UDP/TCP protection
- Priority on game continuity and stability
08
Post-filtering firewall and customization
After automatic mitigation, Peeryx can apply a post-filtering firewall layer. It can block unused ports, limit specific flows, protect administration services or adapt rules to the constraints of a precise infrastructure.
This layer strengthens security without replacing mitigation: it acts after traffic has already been cleaned by the Anti-DDoS protection.
- Block unused ports
- Restrict sensitive flows
- Customize protection to your architecture
09
Protection designed to be invisible for end users
The best Anti-DDoS protection is the one end users do not notice. Peeryx aims to preserve low latency, fewer false positives, network stability and service continuity even during attacks.
The technology analyzes, adjusts and protects in real time. It is not just a capacity promise; it is designed to deliver traffic that is actually usable.
- Low latency
- Network stability
- Service continuity during mitigation
Peeryx Network
Want to validate your Anti-DDoS scenario?
Tell us about your prefixes, ports, games, applications, tunnels or BGP constraints. We will propose a clear architecture adapted to your real use case.