K-Clean Filtering DDoS Attacks Using 500G Peering Network


  • In the event of a DDoS attack, the traffic is redirected by K-Clean using the GRE tunneling technology for a filtering process, and only normal traffic is delivered to the original PoP.

  • This is recommended to companies operating servers above a certain scale.

Request Consultation


  • Network bypass service using tunneling instead of proxy redirection
  • Possible to directly block attacks from the IP address of the origin site
  • Pre-configuration of the GRE tunnel and maintenance of the settings during normal time
    (requires equipment supporting the GRE tunneling function)
  • Notification of network bypass using GRE tunnel in the event of an attack

Configuration Diagram and Method of Use

1. GRE tunnel using fixed IP addresses such as a serial number
2. External notification from target network band (BGP or Static) shelter in the event of an attack
3. Purification of the attack traffic entering the shelter through a two-step filtering process
4. Forwarding of purified service traffic to the customer’s server using the GRE tunnel

K-CLEAN GRE Configuration Diagram
* It is necessary for DDoS circuit providers to allow IP range of third party operators and BGP secondary AS.
* It is necessary for the network equipment to provide the GRE protocol function.

Functions by Product

Product SOS Anti-DDoS GRE Circuit
Product Details

· Defense based on domain delegation

· L7 caching function

· WEB Service


· Defense against TCP attacks (10G)

· Blocking overseas attacks

· Global service (Option)

· Addition of domains

· Installation of customer’s servers in the K-Clean Zone


· Defense against TCP attacks (10G)

· Detection and blocking of abnormal packets

· Guaranteed server speed of 1Gbit/sec

· Application of the GRE Protocol

· Network bypass service

· Defense against direct attacks from IP addresses

· Notification for bypassing of the GRE tunnel

· Direct connection with the DDoS interconnection network

· Approval of application of customer’s own DDoS solution

· Non-controlled for up to 100G

· Traffic guaranteed

ICMP, UDP Filtering
Blocking of abnormal IP packets
Blocking of abnormal TCP packets
Blocking of abnormal UDP packets
Blocking of abnormal ICMP packets
Blocking of LAND attack packets
Defense against UDP flooding
Defense against ICMP flooding
SYN Flooding
TCP Flooding
HTTP Flooding
Defense against Fragment Flooding
L7 pattern check
Defense against spoofed IP addresses
Defense against DRDoS
URL Behavior Anomaly
Caching Behavior Anomaly
DNS Query Flooding
Defense against DNS Amplification attack
Defense against SYN flooding
Blocking of abnormal IP addresses
Improved SSL performance (SSL offload)
HTTP acceleration and optimization (compression, cache, TCP reuse)
Load Balancing
Health Monitoring
GRE Tunneling
Full subnet protection without changes to the IP address (using BGP)
* If maintaining service quality is difficult, an upstream provider may take a preemptive action to ensure stability of its service.

For inquiries regarding the K-Clean GRE