Multi-Layer DDoS Protection Infrastructure
With the G-Core global backbone and XDP-based edge filtering, attack traffic is blocked before reaching your servers. 200+ Tbps capacity, Istanbul PoP connectivity and carrier-grade network security.
Distributed Denial of Service Attacks and Their Impact
A DDoS (Distributed Denial of Service) attack is a type of cyberattack that aims to make a server or network infrastructure unable to serve by flooding it with massive amounts of fake traffic. Attackers send traffic to the target simultaneously from thousands of compromised devices (botnets) across the world.
DDoS attacks can target not only large organizations but also businesses of every size. On an unprotected infrastructure, even a few minutes of attack can lead to serious consequences such as service outage, customer loss and reputation damage.
- Millions of simultaneous requests are sent via botnets
- Line capacity is saturated, rendering the server unreachable
- Causes instant service outages on unprotected infrastructures
- One of the most common and largest cyber threats today
Common DDoS Attack Types You'll Encounter
DDoS attacks are carried out via different protocols and methods. Our infrastructure provides multi-layer protection against all these attack types.
UDP Flood
Network bandwidth is exhausted by sending dense UDP packets to the target. It is a high-volume volumetric attack type and can cause line saturation.
SYN Flood
Server resources are exhausted by abusing the TCP connection establishment. Half-open connections accumulate, causing new connection requests to be rejected.
Amplification
Using protocols like DNS, NTP or Memcached, a small request produces a very large response. Attack traffic is amplified many times over and directed at the target.
Botnet Attacks
Traffic is sent to the target simultaneously from thousands of compromised devices worldwide. Due to its distributed nature, blocking the source becomes difficult.
TCP Flag Anomalies
Packets with invalid TCP flag combinations are sent, targeting security devices and server resources.
Volumetric Attacks
High-bandwidth attacks aimed at saturating the network line. Traffic above line capacity is sent to create a service outage.
Two-Stage Defense: Upstream Filtering + Edge Protection
Our infrastructure is built on a multi-layer and carrier-grade network architecture designed against high-volume DDoS attacks happening on a global scale. All our network traffic is carried over a metro Ethernet line directly connected to the G-Core backbone located in Istanbul.
In the first stage, G-Core's global backbone absorbs attack traffic, blocking high-volume attacks. In the second stage, our XDP-powered custom routing devices at the edge level detect targeted attacks and provide additional protection.
- Attack traffic is filtered on the backbone before reaching the infrastructure
- Line capacity cannot be saturated by DDoS traffic
- Domestic and international traffic flow over a single backbone
- Only clean traffic reaches the servers
Global Network Architecture and Traffic Flow
All traffic targeting our network is filtered and cleaned via G-Core's global backbone infrastructure. Attack traffic is blocked before reaching our infrastructure.
Backbone-Level Protection on the G-Core Backbone
Our infrastructure is directly connected to the G-Core Istanbul PoP via metro Ethernet links provided by the Gibirnet and Türk Telekom carriers. Thanks to this architecture, all traffic to our network is carried over the global G-Core backbone infrastructure.
Traffic passing through G-Core's Istanbul backbone is evaluated by advanced network analysis and filtering systems. UDP flood, SYN flood, amplification attacks and botnet-driven volumetric traffic are detected in real time and filtered at the backbone level.
Thanks to this upstream protection model, attack traffic is cleaned before reaching our infrastructure. Our metro Ethernet line's capacity cannot be saturated by attack traffic and line saturation is prevented.
- Direct metro Ethernet connectivity to G-Core Istanbul PoP
- 200+ Tbps global backbone capacity
- Attack traffic is absorbed at the backbone level
- Line saturation and capacity overflow are prevented
XDP-Based High-Speed Packet Filtering
Following the powerful filtering layer at the upstream level, traffic reaches our custom-developed routing devices at the edge. Instead of standard router platforms, custom network devices with high packet processing capacity are used.
Thanks to XDP (eXpress Data Path) packet processing technology, traffic reaching our network is analyzed at the kernel level and can be filtered at very high packet rates. With the XDP architecture, attack packets are detected and blocked before they consume system resources.
- XDP-based kernel-level packet processing
- High PPS (packet per second) processing capacity
- Anomalous connection density and packet flow analysis
- TCP flag anomalies and SYN-based attack mitigation
- Dynamic IP blacklisting and attack signature analysis
- Advanced protocol and port-based filtering
A Protection Model That Stops Attacks at the Source
Upstream Backbone Filtering is the method of detecting and filtering DDoS attack traffic at the internet backbone level before it reaches the target infrastructure. In this model, attack traffic never enters the hosting network; it is absorbed on the global backbone, and only clean traffic is delivered to the infrastructure.
In other protection methods (local firewall, GRE tunnel, scrubbing center), attack traffic first reaches the hosting network or an intermediate point and is then filtered. In that case, attack traffic can saturate the line, and a service outage occurs before traffic reaches the filtering device. In the upstream model, filtering happens at the backbone level, eliminating the risk of line saturation.
Think of it this way: a local firewall is like placing security at the door of your building — if the crowd overruns the door, the building collapses. Upstream filtering is filtering at the city's entry point — malicious traffic doesn't even get close to your building.
- Attack traffic is blocked at the backbone before reaching the infrastructure
- Line capacity cannot be saturated with attack traffic
- A backbone with hundreds of Tbps capacity absorbs the attack
- Much more effective protection than a local firewall or GRE tunnel
- No latency increase; clean traffic is delivered directly
Network Protection Capacity Comparison
Compare the global capacity of the G-Core backbone network our infrastructure is connected to with other protection providers.
Capacity figures are based on information published on the official websites of the respective providers. Current values may differ.
Why Classic Hosting Protection Falls Short
Most hosting providers use local firewalls or GRE tunnels placed in front of the server for DDoS protection. In these methods, attack traffic first enters the hosting network and is then filtered. The problem is: once attack traffic floods the network line, filtering becomes meaningless.
In our architecture, attack traffic never reaches our infrastructure. G-Core's global backbone absorbs the attack at the source. It's like filtering at the entry point of a city instead of placing security at the door of a building.
- Rivals: The attack enters the network, then is filtered (too late)
- Us: The attack is blocked at the backbone, never enters the network
- Rivals: Service outage occurs at line saturation
- Us: Line capacity cannot be saturated with attack traffic
Latency and Service Continuity During a DDoS Attack
While other providers reroute traffic abroad during an attack, latency multiplies. On our infrastructure, traffic is filtered without leaving Istanbul, so latency does not increase.
Typical DDoS Protection Provider
StormWall, Voxility, BelCloud, etc.DDoS traffic heads to the hosting network
Traffic is forwarded via GRE tunnel or BGP to a scrubbing center in Europe
Traffic follows the Istanbul → Europe → Scrubbing → Return route
Brief downtime or packet loss may occur until protection becomes active
Kolan IT Infrastructure
G-Core Backbone + Edge XDPDDoS traffic heads to the G-Core global backbone
Attack traffic is blocked at the G-Core Istanbul PoP at the upstream level
Clean traffic passes through the XDP-powered edge router and reaches the servers
Traffic does not leave the country; it is delivered directly via the Istanbul PoP
DDoS Protection Provider Comparison
See the difference by comparing our infrastructure's DDoS protection architecture with other providers.
| Provider | Capacity | Istanbul PoP | Protection Model | Assessment |
|---|---|---|---|---|
| Kolan IT Our Infrastructure | 200+ Tbps | Direct Connection | Upstream Backbone Filtering | Backbone-level filtering, no line saturation |
| Cloudflare | ~348 Tbps | Yes | Anycast CDN Proxy | CDN/proxy-based; direct server IP protection requires additional configuration |
| Akamai (Prolexic) | ~20 Tbps | Limited Edge | CDN Proxy + Scrubbing | Strong in the enterprise segment, but expensive |
| Path.net | ~12 Tbps | Limited | Scrubbing Center | Traffic is rerouted to a scrubbing center |
| StormWall | ~5 Tbps | Abroad | GRE Tunnel | Traffic is rerouted abroad via a tunnel; latency increases |
| BelCloud | ~3 Tbps | Abroad | Scrubbing Network | Belarus-based, high latency for Turkey traffic |
| Voxility | ~2 Tbps | Mostly EU | Scrubbing Network | Europe-based, latency is high in Turkey |
| AuroLogic / RoyaleHosting | ~1 Tbps | None | Local Filtering | Limited capacity; may fall short on large-scale attacks |
| Local Firewall Hosting | 10-40 Gbps | Transit | Local Firewall | Once the attack enters the network, filtering happens; the line may fill up |
The capacity and infrastructure data in the table is based on information published on the official websites of the respective providers. The data is informational and current values may differ.
Advantages Delivered by the DDoS Protection Infrastructure
The key advantages our multi-layer network security architecture provides to our customers.
99.99% Uptime
Thanks to upstream filtering, your services keep running without interruption even during high-volume attacks. We deliver a real uptime experience.
Low Latency
Thanks to the Istanbul PoP connection, domestic traffic in Turkey stays around 3-8 ms. An infrastructure optimized for game servers and real-time applications.
XDP Packet Filtering
Ultra-fast attack detection with XDP-based kernel-level packet processing. With high PPS capacity, performance far beyond standard routers.
Traffic Behavior Analysis
Advanced anomaly detection is provided via PPS-based traffic inspection, anomalous connection density analysis and attack signature filtering.
Dynamic IP Blacklisting
Attack sources are detected in real time and dynamic IP blacklists are created. Supported by rate limiting and connection control mechanisms.
Optimized for Game Servers
An infrastructure optimized for game servers that require low ping and stable connectivity. Custom filtering rules against UDP flood and protocol-based attacks.
Are You Under Attack?
If you're currently facing a DDoS attack or your infrastructure is under threat, get in touch with us right away. Our expert team will assess the situation and provide a solution as quickly as possible. We also support migrating your existing infrastructure to our DDoS-protected platform.
A Global Backbone Infrastructure with 200+ Tbps Capacity
G-Core is a global technology provider offering high-capacity network infrastructure, CDN and DDoS protection solutions worldwide. Built on a backbone infrastructure with 200+ Tbps capacity, G-Core includes direct connections to hundreds of data centers and internet exchange points worldwide.
Thanks to its distributed PoP architecture, traffic is routed from the point closest to the user. At the same time, it enables large-scale DDoS attacks to be detected and filtered at the backbone level. With direct connections to Tier-1 carriers and major internet exchanges, it carries global internet traffic in the most efficient way.
- 200+ Tbps global backbone capacity
- 210+ distributed PoPs (Points of Presence)
- Direct connectivity to Tier-1 carriers
- CDN, edge computing and DDoS protection solutions
Our DDoS-Protected Server Solutions
Our multi-layer DDoS protection infrastructure is included as standard with all our server plans.
VDS Server (TR)
A DDoS-protected, stable and reliable virtual server infrastructure with a Xeon-powered KVM VDS server in the Turkey location.
ExplorePremium VDS (TR)
Low latency, high performance and advanced DDoS protection with an AMD Ryzen 9 5950X-powered Premium VDS server.
ExploreGermany VDS
A robust and protected infrastructure for Europe-focused projects with Germany VDS servers hosted in the Nuremberg location.
ExploreWhat Kolan Customers Say
Reviews from customers using our hosting and server services.
Frequently Asked Questions About DDoS Protection
Find answers to everything you're curious about — DDoS attacks, protection architecture, upstream filtering and network security — here.
DDoS (Distributed Denial of Service) is a distributed denial-of-service attack. Attackers send massive amounts of traffic to a target simultaneously from thousands of compromised devices (botnets) around the world, aiming to make the server or network infrastructure unable to serve. UDP flood, SYN flood, amplification and volumetric attacks are the most common DDoS attack types.
Our infrastructure uses a two-stage defense mechanism. In the first stage, all traffic passes through G-Core's global backbone and attack traffic is filtered at the backbone level. In the second stage, our XDP-powered custom routing devices at the edge level detect targeted attacks and provide additional protection. As a result, attack traffic is blocked before reaching your servers.
Upstream filtering is blocking attack traffic at the internet backbone level before it reaches your infrastructure. Classic hosting providers try to filter attack traffic after taking it into their own networks, which can cause line capacity to fill up. With upstream filtering, attack traffic is absorbed on G-Core's 200+ Tbps capacity global network and line saturation is prevented.
G-Core is a global network provider with 200+ Tbps backbone capacity worldwide, 210+ distributed PoPs and direct connections to Tier-1 carriers. It offers CDN, edge computing and DDoS protection solutions. Thanks to our direct metro Ethernet connection to the Istanbul PoP, low latency and high-capacity protection are provided for Turkey traffic.
XDP (eXpress Data Path) is a high-performance packet processing technology that runs at the Linux kernel level. Unlike traditional firewall solutions, packets are processed at the kernel level, allowing filtering at much higher packet rates (PPS). As a result, attack packets are detected and blocked before they consume system resources.
Our infrastructure protects against UDP flood, SYN flood, amplification (DNS, NTP, Memcached), TCP flag anomalies, botnet-driven volumetric traffic, protocol-based attacks and all other types of distributed denial-of-service attacks. Both volumetric (bandwidth-targeting) and protocol-based (resource-exhaustion) attacks are automatically detected and filtered.
Yes, our multi-layer DDoS protection infrastructure is included as standard with all our VDS, Premium VDS and Germany VDS plans. There is no extra charge. All your servers are secured with upstream filtering over the G-Core backbone and XDP-based protection at the edge.
Thanks to the upstream filtering model, attack traffic is absorbed on G-Core's global backbone before reaching our infrastructure. As a result, our line capacity cannot be saturated with attack traffic and your services keep running uninterrupted even during high-volume attacks. We offer a 99.99% uptime guarantee.
With local firewall protection, attack traffic first enters the hosting network and an attempt is made to filter it in front of the server. However, when attack traffic exceeds line capacity, a service outage occurs before reaching the firewall. With upstream protection, attack traffic is filtered on the internet backbone and never enters the infrastructure. As a result, no line saturation occurs and service continuity is preserved.
Thanks to our direct metro Ethernet connection to G-Core's Istanbul PoP, traffic within Turkey is carried with low latency of 3-8 ms. This is a major advantage for both web services and game servers. In addition, because traffic is filtered without leaving the country, no latency increase occurs.
We're by Your Side on Network Security
Get in touch with us to learn more about our DDoS protection infrastructure, network security architecture and server solutions. Our expert team is available 24/7.
Blog & News
Stay up to date with the latest from the hosting world and security best practices.
ESXi Nedir? VMware Hipervizörünün Çalışma Mantığı ve Avantajları
Tek bir fiziksel sunucu üzerinde onlarca bağımsız işletim sistemini aynı anda, birbirinden yalıtılmış biçimde çalıştırabilmenin temelinde sanallaştırma yazılımları yatar. Bu alanda dünyada en yaygı...
Originally in Turkish Read MorevCenter Nedir? Ne İşe Yarar ve Neden Gereklidir?
Tek bir sanallaştırma sunucusunu yönetmek kolaydır; ancak sunucu sayısı arttıkça her birini ayrı ayrı yönetmek hızla içinden çıkılmaz hâle gelir. İşte tam bu noktada VMware…
Originally in Turkish Read MorevSphere Nedir? VMware Sanallaştırma Platformunu Tanıyın
Sunucu sanallaştırmasıyla ilgilenen herkes er ya da geç VMware vSphere adıyla karşılaşır. Ancak vSphere’in tam olarak ne olduğu, ESXi ve vCenter’dan farkının ne olduğu çoğu…
Originally in Turkish Read MoreUninterrupted Service with Multi-Layer DDoS Protection
With upstream filtering over the G-Core global backbone, XDP-based edge protection and 200+ Tbps capacity, your servers keep running uninterrupted even under attack.