Anti-DDoS guidePublished on 2026-05-07Reading time: 11 min
DDoS PPS vs Gbps explained: why packet rate matters
Learn why a DDoS attack can be dangerous at low Gbps but high PPS, and how packet rate changes capacity planning for routers, firewalls, servers and Anti-DDoS platforms.
Gbps measures volume
Gbps shows the traffic volume that must be carried or removed before link saturation.
PPS measures packet pressure
PPS shows how many packet-level decisions the infrastructure must make each second.
Capacity planning needs both
Good sizing combines bandwidth, packet size, NIC queues, CPU budget and upstream filtering.
Gbps is the visible number in most DDoS discussions, but PPS often explains why a service collapses. A flood can be “small” in bandwidth and still overload packet processing, interrupts, firewall state or routing logic.
Teams that buy Anti-DDoS protection should read both metrics. Gbps tells how much capacity is consumed; PPS tells how many packet decisions must be made every second. A credible design needs headroom for both.
Protection model
Where Peeryx fits
Peeryx analyses volume and packet pressure separately to choose the right filtering point: protected transit, dedicated server, tunnel or gaming proxy.
Gbps measures the amount of data per second. PPS measures the number of packets per second. During DDoS, those two numbers can move independently: large packets create volume, small packets create processing pressure.
A 5 Gbps attack with tiny packets can be harder for a server than a 50 Gbps attack made of larger packets, because each packet triggers parsing, queueing, counters, ACL checks or state decisions.
Why PPS changes protection design
PPS matters because routers, firewalls, NIC queues and kernels all have packet processing limits. Once those limits are reached, latency rises, packet loss appears and legitimate sessions fail even if the uplink is not full.
For gaming, the symptom can look like lag. For hosting, it can look like random VPS outages. For transit customers, it can create unexpected CPU pressure on equipment that was sized only by bandwidth.
Possible solutions
Capacity planning should combine port speed, filtering throughput, packet-rate limits, queue layout and upstream relief. Looking only at bandwidth leads to overconfidence.
High-PPS filtering benefits from early drops, simple hot paths, upstream FlowSpec or ACL help when useful, and clear separation between volumetric mitigation and deeper service logic.
PPS and Gbps measure two different pressures: data volume and the number of packet decisions to process. The right model depends on how traffic enters, how precise filtering is and how clean traffic is returned to production.
Routing controls for DDoS PPS vs Gbps explained
Peeryx treats Gbps and PPS as two different risk indicators. Volumetric traffic must be reduced before it fills links, while high-PPS noise must be handled before it burns CPU on the protected endpoint.
This reading is useful for protected IP transit, dedicated protected servers and gaming proxies because each model has a different bottleneck and a different clean-traffic delivery path.
A customer sees only 8 Gbps on graphs but the firewall becomes unstable. The real problem is 12 Mpps of small UDP packets. Buying a bigger port alone would not fix the firewall path; filtering must happen earlier and with less stateful work.
Another customer receives 80 Gbps of larger packets. The port is the first bottleneck, so upstream capacity and traffic shaving matter more than local CPU tuning.
Common mistakes
The first mistake is to advertise only Tbps and ignore Mpps. The second is to test with synthetic large packets and assume the result applies to real attack traffic.
The third is to place a stateful firewall in front of everything. Stateful devices are useful, but during high-PPS floods they can become the bottleneck that attackers wanted to hit.
Why choose Peeryx
PPS and Gbps measure two different pressures: data volume and the number of packet decisions to process.
Carrier-grade delivery
Carrier-grade delivery: this connects “DDoS PPS vs Gbps explained” to CPU and NIC headroom, with useful filtering and clean return.
Network and gaming focus
Network and gaming focus: this connects “DDoS PPS vs Gbps explained” to clean return, with useful filtering and clean return.
Operational clarity
Operational clarity: this connects “DDoS PPS vs Gbps explained” to real traffic volume, with useful filtering and clean return.
No. PPS can exhaust routers, firewalls or CPU long before bandwidth graphs look dramatic.
Can I protect an existing server without moving it?
Yes, but only when handoff capacity, queue depth and filtering path are designed around packet rate as well as Gbps.
Does gaming need a different approach?
Yes. Gaming backends often suffer from packet pressure, jitter and query loss even when total Gbps is moderate.
Should I choose protected transit or a protected server?
Use protected transit when you manage prefixes; choose protected VPS/dedicated services when you want Peeryx to host the exposed edge.
Conclusion
Learn why a DDoS attack can be dangerous at low Gbps but high PPS, and how packet rate changes capacity planning for routers, firewalls, servers and Anti-DDoS platforms.
The right conclusion is operational: mitigation must remain measurable, explainable and adapted to the exposed service. Protocol, latency, filtering point and clean delivery matter as much as advertised volume.
Resources
Related reading
To go deeper, here are other useful pages and articles.
Send Peeryx the service to protect, the preferred handoff model and your latency constraints. We can map a concrete architecture with the filtering point, clean traffic return and operational limits clearly identified.
