Remote ProtectionProtected transit over GRE, IPIP, and BGP.

Clean traffic is delivered over GRE or IPIP tunnels with BGP on our anycast network. Announce your prefixes, bring your own IP or ASN, and keep attack volume off your upstream.

GRE

Tunnel support

IPIP

Tunnel support

BGP

Prefix announcement

BYOAS

Bring your own ASN

Fiber infrastructure carrying protected BGP and tunnel traffic

How it works

Your prefixes ride our protected network instead of raw internet noise.

Remote Protection is built for operators who need more than a filtered port list. Your IP space is announced through NorthShield, tunneled over GRE or IPIP, and protected before traffic ever stresses your internal routing design.

  • GRE and IPIP tunnel connectivity
  • BGP prefix announcement on protected edge
  • BYOIP and BYOAS onboarding
  • Filtered transit before origin handoff

Capabilities

Your prefixes, announced through our protected network.

Remote Protection connects your infrastructure to NorthShield using GRE or IPIP tunnels, then routes your traffic through a filtered edge with BGP-based prefix control.

Connectivity

GRE and IPIP tunnels

Connect your infrastructure to NorthShield over GRE or IPIP tunnels designed for protected transit, stable handoff, and clean traffic delivery to your endpoint.

Routing

BGP route announcement

Your IP prefixes are announced through our protected network using BGP, keeping traffic inside the mitigation fabric instead of exposed upstream paths.

Bring your IPs

BYOIP support

Use your own IP addresses on NorthShield's protected edge without changing how your services are presented to customers, players, or internal users.

Bring your ASN

BYOAS support

Announce your autonomous system through our network model when your routing design requires ASN-level control and operational ownership.

Edge filtering

Protected transit

Attack traffic is filtered before it reaches your tunnel endpoint, preserving origin capacity, route stability, and prefix reputation during active events.

Operations

Transit onboarding

We document tunnel parameters, BGP policy, prefix announcements, failover expectations, and escalation paths before production cutover.

Routing model

From tunnel setup to BGP announcement.

Your IP space is brought onto NorthShield's protected fabric through GRE or IPIP tunnels and BGP sessions. Attack traffic is filtered before it reaches your endpoint, while legitimate traffic follows the announced path your operations team expects.

  1. 01Establish GRE or IPIP connectivity to the NorthShield edge.
  2. 02Announce prefixes with BGP across the protected network.
  3. 03Use BYOIP when your service identity depends on your own addresses.
  4. 04Use BYOAS when ASN-level routing control is part of your design.
Scrubbing edge infrastructure used for protected BGP transit

Coverage

For operators that need protected IP transit.

Remote Protection fits hosting providers, SaaS platforms, network operators, and infrastructure teams that need filtered transit with BGP control over their announced prefixes.

Plan BGP protection
  • GRE and IPIP tunnel provisioning
  • BGP session and prefix policy design
  • BYOIP onboarding and validation
  • BYOAS routing review
  • Protected transit path engineering
  • Origin handoff and failover planning
  • Attack event summaries
  • Routing change documentation

Announce your prefixes through a protected edge.

Share your IP ranges, ASN requirements, tunnel preferences, and traffic profile. We will design the right GRE, IPIP, and BGP protection path.

Review my transit design