RTBH no_export

• Previous message (by thread): RTBH no_export
• Next message (by thread): [EXTERNAL] Re: RTBH no_export
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+1, exactly what we did. I also recommend implementing 
per-upstream/region blackhole communities (so your users can choose who 
to blackhole as they see fit.)

Often time, DDoS traffic comes from regions that do not intersect with 
legitimate traffic.

On 2/4/2019 03:15 午前, Tom Hill wrote:
> On 31/01/2019 20:17, Nick Hilliard wrote:
>> you should implement a different community for upstream blackholing.
>> This should be stripped at your upstream links and replaced with the
>> provider's RTBH community.  Your provider will then handle export
>> restrictions as they see fit.
>
> This works wonderfully, from past experience. :)
>

• Previous message (by thread): RTBH no_export
• Next message (by thread): [EXTERNAL] Re: RTBH no_export
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]