Skip to Content
DDoS MitigationGetting Started with DDoS Mitigation

🚀 Getting Started with PacketStream DDoS Mitigation Service

PacketStream provides three types of DDoS Protection integration methods to respond to various environments.
Each type is optimized according to customer network structure and owned assets.

1. Direct Protection

A protection service provided based on Public IP managed by PacketStream.
DDoS Protection is applied immediately by integrating with PacketStream products without separate configuration.

Features

  • Uses PacketStream-managed IP
  • Basic L3/L4 Protection automatically applied
  • L7 Protection selectable based on application characteristics

Compatible Products

  • PacketStream Virtual Server (Cloud VM)
  • PacketStream Baremetal Server
  • PacketStream CDN Service

Usage Flow

  1. Service application → Protection applied when creating servers/resources
  2. No separate routing configuration required
  3. Basic DDoS filtering activated
  4. L7 defense settings can be added when needed

2. BYOIP / BYOAS Protection (Bring Your Own IP / AS)

A method where customers integrate their own IP Prefix or ASN with PacketStream for protection.
Mainly suitable for customers operating their own IP resources.

Features

  • Uses customer-owned IP Prefix or ASN
  • Prefix Advertisement through BGP sessions
  • Supports Prefix Filtering and Community-based Blackhole

Compatible Products

  • PacketStream Transit Service
  • PacketStream DIA (Dedicated Internet Access)

Usage Flow

  1. Submit Prefix and ASN information
  2. Set up BGP session with PacketStream
  3. Normal traffic routing and protection applied when DDoS occurs
  4. Manual response possible through Blackhole Community when needed

Note: Prefix requires RPKI and ROA registration.

3. Remote Protection

PacketStream DDoS Protection can be used even in external data centers or customer on-premises environments.
Traffic is processed through PacketStream network using GRE tunnels, etc.

Features

  • Supports GRE, IP-in-IP tunneling
  • Access to PacketStream protection network through tunnels
  • Compatible with managed IP, BYOIP, and BYOAS

Usage Flow

  1. Set up GRE tunnel with PacketStream
  2. Configure Tunnel Endpoint IP router
  3. Static IP Route or BGP Advertisement (for BYOAS)
  4. Only clean traffic with mitigated attack traffic delivered to customer network
ItemDetails
Tunnel TypeGRE or IP-in-IP (WireGuard support available)
Tunnel EndpointsPublic IP Address required (both sides)
MTU AdjustmentRecommended to set MTU to 1400 bytes or less when using GRE
BGP OptionBGP session configuration possible on GRE tunnel (optional)
Failover ConsiderationDual GRE tunnel configuration recommended (Primary/Backup)

MTU Considerations:
GRE tunnels basically add packet overhead (24 bytes).
Tunnel interface and server MTU should be adjusted to 1400 bytes to prevent fragmentation issues.

DDoS Mitigation IntroductionDDoS Mitigation Plans