All Articles 4 min read
BGP GRE Tunnel IX Peering Cross-Connect Onboarding

Three Ways to Connect: BGP-Based DDoS Mitigation for Every Network

CoreTech offers three BGP connection methods — Cross-Connect, GRE Tunnel, and IX Peering. Learn which one fits your network architecture and how to get protected fast.

CoreTech Network Engineering
Three Ways to Connect: BGP-Based DDoS Mitigation for Every Network

One of the first questions new customers ask is: “How do I connect my network to CoreTech?”

Unlike proxy-based DDoS services that only protect HTTP traffic, CoreTech operates at the BGP routing level. This means we protect your entire IP address space — every protocol, every port, every service. Not just websites.

We offer three connection methods. All three deliver identical CoreEdge™ and CoreDetection™ protection. The right choice depends on your network setup, latency requirements, and how fast you need to get protected.

Method 1: Cross-Connect

A direct physical connection between your router and our scrubbing equipment in the same facility.

How it works: You establish a BGP session over a dedicated Ethernet link. We announce your IP prefixes, scrub incoming attack traffic, and deliver clean traffic back to you across the same connection.

What you get:

  • Physical ports: 10G, 25G, 40G, or 100G
  • Latency added: Virtually zero (same facility)
  • Bandwidth: Full line-rate filtering
  • Setup time: 1-3 business days

Best for:

  • ISPs and hosting providers collocated at shared datacenters
  • Gaming networks requiring absolute minimum latency
  • High-bandwidth enterprises with dedicated infrastructure
  • Organizations that want the highest reliability connection

This is the gold standard — lowest latency, highest throughput, maximum reliability.

Method 2: GRE Tunnel

A virtual tunnel between your network and the nearest CoreTech scrubbing center, established over the public internet. No physical infrastructure required.

How it works: We configure a GRE tunnel between your edge router and our network. BGP sessions run inside the tunnel. We scrub all incoming traffic and return only clean packets through the tunnel.

What you get:

  • No physical infrastructure needed
  • Latency added: Typically 1-5ms depending on distance
  • Bandwidth: Limited only by your internet uplink
  • Setup time: Same-day deployment — can be configured in minutes

Best for:

  • Cloud-hosted infrastructure (AWS, GCP, Azure, OVH, Hetzner)
  • Remote networks without presence at our facilities
  • Emergency onboarding during active attacks
  • Temporary protection while a cross-connect is being provisioned

GRE is the fastest way to get protected. We’ve onboarded customers in under 30 minutes during active DDoS attacks using this method.

Method 3: Internet Exchange (IX) Peering

If both CoreTech and your network are present at the same Internet Exchange, we establish a private BGP peering session over the IX fabric.

How it works: You peer with CoreTech over the IX switching fabric. Your traffic is scrubbed at our IX-connected nodes with no tunnel overhead and no additional physical ports.

What you get:

  • Uses your existing IX port — no extra hardware
  • Latency added: Sub-millisecond (same IX fabric)
  • Bandwidth: Up to your IX port capacity
  • Setup time: 1-2 business days

Best for:

  • ISPs and carriers already present at shared IXs
  • Content networks wanting efficient peering-based protection
  • Multi-IX networks that want geographically distributed scrubbing
  • Organizations looking for the most cost-effective connection

CoreTech is present at multiple major Internet Exchanges globally.

Quick Comparison

FeatureCross-ConnectGRE TunnelIX Peering
Lowest latency
Fastest deployment
No physical infrastructure
Highest throughput
Works from any location
Most cost-effective

Pro tip: Many customers use multiple methods simultaneously. For example: a primary cross-connect for production traffic and a GRE tunnel as a failover path. Or IX peering at two exchanges with GRE backup for redundancy.

What Every Connection Includes

Regardless of which method you choose, you get:

  • Full CoreEdge™ + CoreDetection™ protection — identical mitigation across all methods
  • Dedicated BGP sessions configured by our network engineering team
  • 24/7 SOC monitoring with 10-minute critical response SLA
  • Client Portal access — real-time attack dashboard, firewall management, traffic analytics
  • API and Webhook integration — for automated workflows and notifications
  • Dedicated Slack channel — direct communication with our engineering team

Getting Started

New customers typically go from first contact to fully protected within 1-3 business days — or same-day for emergency deployments via GRE tunnel.

Start with our 10-day free trial to experience full protection with zero commitment.

Contact our network engineering team →

Tags: BGP GRE Tunnel IX Peering Cross-Connect Onboarding

Want to see this in action?

Get a live demonstration of CoreTech's DDoS mitigation platform.

Request Demo Explore Technology →

Related Articles

Architecting Global Resilience: Anycast and BGP in Modern DDoS Mitigation
Architecture

Architecting Global Resilience: Anycast and BGP in Modern DDoS Mitigation

Discover how intelligent BGP routing and global Anycast networks form the backbone of next-generation, terabit-scale DDoS mitigation, ensuring zero-latency protection and absolute infrastructure resilience.

What Is BGP Blackholing and Why It's Not Enough to Stop DDoS Attacks
BGP

What Is BGP Blackholing and Why It's Not Enough to Stop DDoS Attacks

BGP blackholing is one of the oldest DDoS defenses in networking — but it works by sacrificing your service to save your network. Learn when blackholing makes sense, when it doesn't, and what the alternatives look like.