Remote Protection

For remote protection, via GRE, we have multiple recommendations to ensure the highest quality of service delivery and uptime.

• Multiple GRE tunnels to your POP
  • If you have redundant devices where you are terminating your GRE tunnels, it is recommended to land a tunnel(s) on each.
  • If only one device, it is recommended to land multiple tunnels to the device.
• Terminate GRE tunnels directly on carrier interfaces
  • Generally speaking, carriers will use public IP addresses for the peering/connection between your router and theirs. Terminating the tunnel to this interface on your device ensures we get a consistent route to your device, and terminating to multiple diverse interfaces ensures multiple diverse routes to your network for the GRE tunnels. 
• Never terminate a GRE tunnel on a prefix you potentially want protected.
  • If a GRE tunnel is assigned within a prefix, that prefix is no longer eligible for mitigation as it could cause recursive routing, our system will reject any prefix advertised to us that has a GRE tunnel within it. 
• Route traffic symmetrically
  • Ensure you are routing your traffic symmetrically to Path so you can utilize our advanced stateful layer 7 mitigation. 
• Never announce a prefix to Path Network and any other carrier at the same time.
  • Path should be your only upstream for a prefix to ensure we receive all attack traffic, and to ensure we see all flows to accurately track state.