Secure Transit protects on-premises, hybrid, and cloud-based networks from DDoS attacks while optimizing network performance by accelerating traffic delivery. This feature is available to all Gcore DDoS Protection customers.
To enable Secure Transit, follow the configuration steps outlined below.
To properly configure DDoS protection and traffic routing, we need details about your network setup and traffic patterns. Complete and submit the DDoS Protection questionnaire as described in our guide on activating DDoS protection.
For Secure Transit to function optimally, the routers at your tunnel endpoints must meet the following specifications:
If you are using an IP address provided by Gcore, you can skip this step.
Your Internet Routing Registry (IRR) entries must match the corresponding origin autonomous system numbers (ASNs). This ensures accurate and secure traffic routing.
To verify the authenticity of your IP address prefixes, use Resource Public Key Infrastructure (RPKI), a security framework that cryptographically links route prefixes to an autonomous system. This validation ensures routing information integrity before passing data to your routers.
To check your prefixes, use any RPKI validation tool or a validation portal provided by your ISP.
Since Secure Transit encapsulates original data packets with additional headers, these headers increase packet size. To prevent fragmentation, adjust the Maximum Transmission Unit (MTU) and Maximum Segment Size (MSS) settings accordingly.
Recommended MSS clamping settings:
This configuration depends on the actual provider of your router. Here are the instructions for some common network providers:
To establish a secure connection between Gcore’s network and your infrastructure, configure tunnels on both the Gcore side and your router. Follow the instructions in the Set Up a GRE Tunnel with Gcore guide.
After submitting your DDoS Protection Questionnaire, we will process and announce your prefixes through the Gcore network using Border Gateway Protocol (BGP). Once completed, all incoming traffic will be routed through Secure Transit for DDoS protection before reaching your infrastructure.
Was this article helpful?
Explore our DDoS protection for servers