RTBH no_export
Paul S.
contact at winterei.se
Sun Feb 3 23:08:19 UTC 2019
+1, exactly what we did. I also recommend implementing
per-upstream/region blackhole communities (so your users can choose who
to blackhole as they see fit.)
Often time, DDoS traffic comes from regions that do not intersect with
legitimate traffic.
On 2/4/2019 03:15 午前, Tom Hill wrote:
> On 31/01/2019 20:17, Nick Hilliard wrote:
>> you should implement a different community for upstream blackholing.
>> This should be stripped at your upstream links and replaced with the
>> provider's RTBH community. Your provider will then handle export
>> restrictions as they see fit.
>
> This works wonderfully, from past experience. :)
>
More information about the NANOG
mailing list