Skip to main content
PEERYX Network
EN — English FR — Français ES — Español DE — Deutsch NL — Nederlands
← Back to blog
Scrubbing center architecture Published on May 9, 2026 Reading time: 14 min

How does a DDoS scrubbing center work from routing to clean traffic?

A scrubbing center works as a chain: attract traffic, analyze flows, filter the attack and deliver clean traffic.

How does a DDoS scrubbing center work from routing to clean traffic?
Step 1

Traffic is attracted to mitigation through BGP, tunnel, redirection or protected IP delivery.

Step 2

Flows are classified by volume, PPS, protocol, ports, packet length and observed behavior.

Step 3

Clean traffic is returned to the customer using the handoff model that fits the architecture.

A scrubbing center works as an operational chain: traffic attraction, observation, classification, filtering and clean traffic delivery.

The chain must remain understandable because each step can create a different issue: unnecessary latency, false positives, port saturation, bad return path or loss of visibility during the incident.

Protection model

Where Peeryx fits

A scrubbing center works as a chain: attract traffic, analyze flows, filter the attack and deliver clean traffic.

See protected IP transit Ask for guidance

1. Attract attacked traffic

The first step is to force traffic through the mitigation layer. For a BGP network this can use prefix announcement; for an isolated server it can use a protected IP or tunnel.

Attraction must match the return path. A poorly designed announcement can clean inbound traffic while complicating symmetry, logs or latency.

2. Observe and classify packets

Once traffic arrives, the system measures bandwidth, PPS, ports, protocols, packet lengths and unusual behavior.

The goal is not to block randomly fast. The goal is to find the signal that separates attack traffic from legitimate traffic. In gaming, that nuance matters.

3. Apply mitigation rules

Rules can be static, automatic or generated during the attack. The best decisions remain precise: reduce noise without turning the service into a permanent false positive.

When pressure is too high, upstream reduction can help keep ports and filtering servers within an operable zone.

4. Deliver clean traffic

After filtering, legitimate traffic must return to production. The handoff can be cross-connect, GRE, IPIP, VXLAN, router VM or proxy depending on the service.

This is often where perceived quality is decided: a few milliseconds, a bad MTU or wrong return path can degrade the experience.

5. Operate during the attack

A useful scrubbing center provides actionable information: what is blocked, what passes, why a rule exists and how it can be adjusted.

Without observability, the customer team cannot separate residual attack traffic, an application bug or overly aggressive filtering.

Operational design for How does a DDoS scrubbing center work from

Peeryx favors a readable path: clean traffic attraction, volumetric reduction when needed, more specific filtering afterward and a handoff adapted to the customer.

This avoids selling capacity alone. It makes mitigation usable for networks, hosters, dedicated servers and gaming services.

Conclusion

A scrubbing center works well when every step is controlled: traffic entry, attack interpretation, filtering, delivery and operations.

That full chain is what keeps a service online, not only a large advertised capacity number.

Resources

Related reading

To go deeper, here are other useful pages and articles.

Anti-DDoS latency Reading time: 13 min

Anti-DDoS latency explained: how mitigation affects real service quality

DDoS mitigation can add latency when routing, filtering or clean traffic delivery are poorly designed. Learn what really matters before choosing a protection model.

Read article
DDoS network impact Reading time: 13 min

DDoS impact on a network: links, routers, queues and customer services

A DDoS attack does not only affect the targeted server: it can saturate links, routers, queues and neighbouring services.

Read article
High PPS Anti-DDoS Reading time: 14 min

How to handle 100Mpps+ DDoS traffic without exhausting your infrastructure

Handling 100Mpps+ requires an architecture designed for packet rate, not only for Gbps: early detection, upstream relief, fast filtering and clean traffic delivery.

Read article
Anti-DDoS comparison Reading time: 14 min

Anti-DDoS hardware vs software: what really protects exposed infrastructure?

Comparing Anti-DDoS hardware and software means comparing placement, flexibility, filtering speed, cost and ability to adapt to modern attacks.

Read article
Scrubbing center guide Reading time: 14 min

What is a scrubbing center and why does it matter for DDoS protection?

A scrubbing center receives attacked traffic, filters DDoS noise and delivers cleaner traffic back to the customer.

Read article
Scrubbing center architecture Reading time: 14 min

How does a DDoS scrubbing center work from routing to clean traffic?

A scrubbing center works as a chain: attract traffic, analyze flows, filter the attack and deliver clean traffic.

Read article
Anti-DDoS guide Reading time: 13 min

Real-time DDoS mitigation: filtering attacks before the service drops

Real-time DDoS mitigation means detecting abnormal traffic, applying precise filtering and delivering clean traffic before links, firewalls or game servers collapse.

Read article
Anti-DDoS guide Reading time: 13 min

Why firewalls fail against DDoS attacks

Classic firewalls protect policies and sessions, but DDoS attacks target capacity, packet rate and state exhaustion before the application can respond.

Read article
Anti-DDoS guide Reading time: 13 min

DDoS mitigation architecture: from attack detection to clean traffic delivery

A strong DDoS mitigation architecture combines upstream capacity, routing control, fast packet filtering, service-aware rules and clean traffic delivery via BGP, tunnel or cross-connect.

Read article
Anti-DDoS guide Reading time: 13 min

High PPS attack mitigation: protect routers, firewalls and game servers

High PPS attacks can break packet processing with modest bandwidth. Learn how to mitigate small-packet floods before routers, firewalls, VPS and gaming services lose stability.

Read article
Anti-DDoS guide Reading time: 11 min

How to detect a DDoS attack before it takes your service offline

Learn the practical signs of a DDoS attack: traffic spikes, high PPS, failed connections, abnormal UDP/TCP patterns, overloaded firewalls and degraded gaming or web services.

Read article
Anti-DDoS guide Reading time: 11 min

DDoS vs DoS: difference, impact and protection choices

Understand the difference between DoS and DDoS attacks, why it changes the mitigation design and when to choose protected IP transit, a protected server, VPS or gaming proxy.

Read article
Anti-DDoS guide Reading time: 11 min

UDP flood protection: protect servers, VPS and gaming traffic

A practical guide to protect exposed UDP services without breaking legitimate traffic for games, VPS, dedicated servers, protected transit and real-time applications.

Read article
Anti-DDoS guide Reading time: 11 min

DDoS PPS vs Gbps explained: why packet rate matters

Learn why a DDoS attack can be dangerous at low Gbps but high PPS, and how packet rate changes capacity planning for routers, firewalls, servers and Anti-DDoS platforms.

Read article
Anti-DDoS guide Reading time: 16 min

Enterprise DDoS protection: protect critical services without slowing growth

A practical guide to enterprise DDoS protection for exposed services, hosting platforms, dedicated servers, BGP networks and gaming infrastructure across Europe.

Read article
Anti-DDoS guide Reading time: 16 min

How Anti-DDoS works: from raw attack traffic to clean delivery

Understand how Anti-DDoS filtering absorbs volumetric attacks, separates legitimate users from hostile traffic and delivers clean traffic to transit, servers and gaming services.

Read article
DDoS guide Reading time: 14 min

Memcached DDoS attack mitigation: protect transit, dedicated servers and gaming networks

Memcached amplification can create extremely large reflected UDP floods. Learn how to mitigate it with upstream filtering, protected transit and clean traffic delivery.

Read article
DDoS guide Reading time: 14 min

NTP amplification attack protection: how to mitigate this DDoS vector

NTP amplification can turn small spoofed requests into much larger UDP responses sent toward your IP. Learn how to filter it without breaking legitimate services.

Read article
TCP Anti-DDoS guide Reading time: 15 min

ACK flood protection: mitigate TCP DDoS attacks without blocking real sessions

An ACK flood targets the part of TCP that should normally look legitimate: packets that appear to belong to established connections. The problem is not only bandwidth. High packet rate, spoofed ACKs and asymmetric paths can exhaust firewalls, load balancers, routers or servers before the application understands what is happening. Good mitigation must reduce the flood early while preserving real sessions that already exist.

Read article
DDoS architecture guide Reading time: 15 min

DDoS amplification attack explained: why small requests can become massive floods

A DDoS amplification attack uses third-party services to turn small spoofed requests into much larger responses sent to the victim. The target does not only receive traffic from the attacker. It receives reflected traffic from many legitimate servers on the Internet, often using UDP-based protocols. Understanding amplification is essential before choosing protected IP transit, a scrubbing model or a gaming proxy, because the failure point is usually upstream capacity rather than the application itself.

Read article
DNS Anti-DDoS guide Reading time: 15 min

DNS amplification DDoS mitigation: protect exposed infrastructure without blocking legitimate DNS

DNS amplification is one of the most common UDP reflection patterns because DNS is widely available, response sizes can be larger than requests and spoofed traffic can be directed at a victim. The mitigation challenge is precise: blocking all UDP/53 may stop a graph, but it can also break DNS-dependent services. A serious design separates open resolver abuse, reflected floods and legitimate DNS traffic before the attack reaches the customer edge.

Read article
Volumetric mitigation 9 min read

How do you mitigate a DDoS attack above 100Gbps?

Link, PPS, CPU, upstream relief and clean handoff: the real framework behind credible 100Gbps mitigation.

Read the article
DDoS guide Reading time: 7 min

How to stop a DDoS attack without losing network control

A practical guide to stopping a DDoS attack while keeping clean traffic delivery, routing control and a credible upstream mitigation model.

Read article
UDP Anti-DDoS guide Reading time: 14 min

UDP flood mitigation: stop a UDP DDoS without breaking legitimate traffic

A UDP flood is not just “a lot of UDP packets”. Depending on the service, it can saturate a link, exhaust a firewall, trigger useless responses or disrupt a real-time protocol such as gaming, VoIP, DNS, VPN or a UDP-based application. Good mitigation is not about blocking UDP everywhere. It is about separating obvious noise from useful traffic, protecting upstream capacity and delivering clean traffic with low latency.

Read article
TCP Anti-DDoS guide Reading time: 15 min

SYN flood protection: mitigate TCP DDoS attacks without blocking real connections

A SYN flood is not only about sending many packets. It abuses the TCP opening phase to create pressure on connection queues, stateful firewalls, load balancers and exposed servers. Effective protection must filter early, avoid state exhaustion and keep legitimate users able to establish sessions.

Read the article
Anti-DDoS guide Reading time: 15 min

Volumetric vs application-layer DDoS: differences, risks and the right mitigation model

A volumetric DDoS attack and an application-layer DDoS attack do not break a service in the same way. The first mainly tries to saturate network capacity, ports, packet rate or upstream paths. The second targets service logic: HTTP, APIs, authentication, game proxies or expensive requests. Understanding the difference helps choose a mitigation design that actually works instead of relying on a generic Anti-DDoS promise.

Read article
Scrubbing center guide Reading time: 14 min

What is a scrubbing center and why does it matter for DDoS protection?

A scrubbing center receives attacked traffic, filters DDoS noise and delivers cleaner traffic back to the customer.

Read article
DDoS guide Reading time: 8 min

Anti-DDoS server for dedicated infrastructure

How to position an Anti-DDoS server when you need a cleaner edge before your own routing, XDP or application filters.

Read article
DDoS guide Reading time: 7 min

PPS vs Gbps in DDoS mitigation

Why packet rate matters as much as bandwidth when evaluating DDoS mitigation, filtering servers and upstream relief.

Read article

Describe your traffic and topology

Send Peeryx the service to protect, the preferred handoff model and your latency constraints. We can map a concrete architecture with the filtering point, clean traffic return and operational limits clearly identified.

Talk to an engineer Protected IP transit