Howto: BGP layer 3 configuration for the DDoS filter

The DDoS filter is capable to filter also Layer 3 BGP traffic. And the principle is the same, you are able to enable the filter per ip or per subnet in your client panel and make specific settings per filter.

For enabling the service for your Layer 3 service, multiple configuration steps should be taken:


BGP for colocations users what are directly connected to both Serverius Routers:
After agreeing on the settings you need to configure BGP second session in a separate vlan. (or via the separate port if your hardware not supports setting vlan on uplink port)

In the end we should have two BGP sessions on each router with similar announcements from the client.

Then you can add and remove DDoS protection for individual IP from your ranges.
You can do this by using DDoS filter settings in your client panel.
After add separate IP to DDoS filter in your client pannel you will receive cleared incoming traffic for this IP through second BGP session, all outgoing traffic will away from you directly to your customers through your main BGP session.


BGP for GRE and cross-connect and VLAN users what are not directly connected to Serverius Routers:
After approval of the settings you should configure GRE tunnel with the router. Then you need to configure the BGP session through this GRE tunnel on your side.

In to this BGP session you should make announce with your IP ranges that need to DDoS protection.
After starting announce in Serverius your incoming traffic with DDoS attack comes in the network and after cleaning out to you through the GRE tunnel.
Outgoing traffic away from you directly to your customers through your default gateway.

FYI: Minimal IP subnet for announcing through GRE is /24 (256 IPs) and each IP subnets for announcing should have route object in Ripe DB.

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Auto null settings are not working anymore. Why?

After you add a ip (subnet) to the DDoS filter, your auto null settings does nto work anymore....

DDoS filter general FAQ's

Where are your filtering node located? The  filtering nodes are located in 2 locations in the...

Does my GRE tunnel allow me to announce my ip subnets to the internet?

Yes. When you using a GRE tunnel to connect your external router to the DDoS cleaning street, it...

I have a DDoS on a shared hosting server with a single ip. Can you see on what website it is targeted to?

Yes. If you have a ddos on a shared hosting website url what is hosted on a server what is using...

I need urgent DDoS filter support. How do I get in contact with an Engineer?

I need urgent DDoS filter support. How do I get in contact with an Engineer?The DDoS filter is...