RTBH no_export

Paul S. contact at winterei.se
Sun Feb 3 23:08:19 UTC 2019

+1, exactly what we did. I also recommend implementing 
per-upstream/region blackhole communities (so your users can choose who 
to blackhole as they see fit.)

Often time, DDoS traffic comes from regions that do not intersect with 
legitimate traffic.

On 2/4/2019 03:15 午前, Tom Hill wrote:
> On 31/01/2019 20:17, Nick Hilliard wrote:
>> you should implement a different community for upstream blackholing.
>> This should be stripped at your upstream links and replaced with the
>> provider's RTBH community.  Your provider will then handle export
>> restrictions as they see fit.
> This works wonderfully, from past experience. :)

More information about the NANOG mailing list