DataCenter Defender - GRE


The Datacenter Defender (DCD) platform is a network designed by DOSarrest that will essentially ingest all traffic for specific subnets, that is destined for any datacenter or hosting company, filter out nefarious from legitimate traffic, and then tunnel the legitimate traffic back over to the target datacenter/hosting company. Traffic flow is asymmetric, meaning the responses do not need to come back through DOSarrest, ensuring a quick response for legitimate requests.

The DCD is protocol agnostic, meaning we can accommodate any Internet services, whether it be web, mail, dns, etc.


Intended Audience

The DCD is intended for datacenter operators, hosting companies, and any enterprise who have:

  • At least a /24 to a /16 of contiguous ip space, either assigned directly from an Regional Internet Registry (ARIN, RIPE, etc.), or from another company or business that will allow DOSarrest to route these blocks
  • The ability to terminate one or more GRE tunnels, either on routing infrastructure or Linux/Unix systems
  • A requirement to avoid collateral damage in their operations, where a Volumetric attack can potentially affect multiple customers and/or services.

It would also be ideal but not necessary if the end customer were able to:

  • Provide Sflow/Netflow/Jflow telemetry to a DOSarrest flow collector, so DOSarrest operations can proactively react to attacks occurring.
  • Do multihop BGP for dynamic routing adjustments (customer can either have DOSarrest ingest traffic for select subnets, or route it on their own, on-demand)


  • Avoid Collateral Damage that can result from large attacks that can saturate uplinks within an enterprise network, either at the edge or within the core andaggregation layers
  • Speed. Having an asymmetrical traffic flow will ensure the fastest possible response times for end visitors with legitimate requests
  • The DCD is ISP neutral, meaning the end customer can have any set of network topology and transit solutions.

Current Deployment

Currently the DCD network operates out of all our locations, Vancouver, New York, Los Angeles, London, Singapore, and Hong Kong.


How it Works

  • DOSarrest advertises at minimum a /24 of ip space to the Global Internet. This is done either manually by DOSarrest personnel, or by the end customer via multihop BGP.
  • Inbound traffic for the subnet/s in question will come to the DCD platform, where it will be analyzed and inspected by carrier grade Flow and IDS platforms. If the customer is able to provide network Flow telemetry, DOSarrest can provide proactive monitoring of attacks as well as do regression analysis on the traffic flows.
  • Filters will be put in place based on the results of the analytics, which will drop all illegitimate traffic. Clean traffic will be tunneled back to the customer network, where it will be routed accordingly.
  • Response traffic will be routed natively, meaning it does not come back through the tunnel. Response traffic is typically the higher bandwidth flow direction and as such is faster when routed directly to the end visitor.

Experience, Technology, and Focus

Ready to get started? Contact us now and get a free quote!

Get A Free Quote