<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

Nexusguard Blog

Cybersecurity best practices and DDoS defence strategies

Latest Stories

Featured Stories

Nexusguard Product
By
February 24, 2021

Direct Connect vs GRE Tunnels

Connectivity Alternatives to GRE Tunnelling


While the implementation of GRE (Generic Routing Encapsulation) tunnels to deliver clean traffic back to protected networks is the most common deployment method used in today’s networked world, Nexusguard’s Origin Protection (OP) allows for Direct Connect from CSPs’ network edge as an alternative means of returning clean traffic directly from our scrubbing centres to customer networks.

For CSPs whose data centres are geographically located in the vicinity of our POPs or co-located with our data centres, they can opt for a direct connection with our network by establishing a direct physical connection with Nexusguard’s scrubbing centres. CSPs who are located near us can set up 1 and 10 Gbps Ethernet fibre connections to achieve a direct connect, while those who are co-located with us can utilize the data centre’s services to establish a cross connect.

 

Nexusguard Direct Connect + GRE Combined Solution

GRE is the principal deployment method used for the delivery of clean traffic pertinent to Nexusguard’s OP service, and although Direct Connect is an alternative method, it is not designed to replace GRE, rather it is used to further enhance the overall solution when combined with GRE.

Direct Connect vs GRE Tunnels 1Figure 1 - Direct Connect Configuration

In order to reap maximum benefits including guaranteed SLA, predictable network latency and unlimited attack coverage, Direct Connect is not normally offered as a lone solution, but predominantly as a combined offering with GRE.

Direct Connect vs GRE Tunnels 2

Figure 2 - Direct Connect + GRE Combined Solution

 

Direct Connect for non-co-located IDCs

Direct Connect is not restricted to IDCs within the proximity of Nexusguard PoPs or sharing the same IDC, point-to-point connectivity can also be extended through Virtual Private Connect (VPC) service providers at their location.

 

Use Case

For service providers with high bandwidth requirements, typically requiring 1 Gbps and above of clean bandwidth, the deployment of Direct Connect combined with GRE tunnelling is a highly effective solution that offers increased availability and better protection to customer networks. 

 

Direct Connect is typically applied to areas or countries with customers located in the vicinity of Nexusguard PoPs or sharing the same IDC, and where traffic is usually high owing to a large number of users, while connections to our other strategically located scrubbing centres are interlinked through GRE tunnels. 

 

The combination of Direct Connect and GRE really comes into its own during very large attacks, since attack traffic is shared and distributed between our logically connected scrubbing centres via GRE and directly connected scrubbing centres, thus ensuring that customer networks are always fully protected.

 

Summary of Combined Solution Benefits
- Low Latency and Packet Loss – For direct connections, traffic is routed through a LAN rather than over the public Internet, and hence latency and packet loss are eliminated. 

 

- Large Bandwidth Capacity – Allows for extremely large amounts of traffic to be distributed across networks.

 

- Improved Network Performance – Traffic that is kept local can result in faster connections between the two peered networks.

 

- Better Network Ranking – The ability to show your network at a higher tier than others, and therefore improve its perception across the Internet.

 


Nexusguard’s Origin Protection guards against threats that target network resources. Learn more Origin Protection

 

Deploying a combination of Direct Connect and GRE tunnelling is a highly effective solution that delivers increased availability, unlimited attack coverage and guaranteed protection to customer networks.