[EXTERNAL] Re: RTBH no_export

• Previous message (by thread): [EXTERNAL] Re: RTBH no_export
• Next message (by thread): [EXTERNAL] Re: RTBH no_export
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Cogent does let you use RTBH, but on a separate BGP session to a
blackhole server. So it's a bit more hassle to set it up policy-wise,
because it deviates from the standard. Same story for "former
GlobalCrossing", now CenturyLink's AS3549, which is still used for LATAM
and Asia.

Best regards,
Martijn

On 2/4/19 9:39 AM, Nikos Leontsinis wrote:
> This is a 20+ year old solution. Ugly because you will block good traffic and on your effort to protect your network you will block legitimate traffic too (satisfying the attacker) but most upstream providers
> will give  you a community to use (Cogent is a notable exception) and tag the prefix under attack so that the attack will not reach your network.
> Sadly most IXs after 20 years they still don't understand the need for this community but at least someone has written an rfc so that all of us use the same community.
> At least we made some progress there...
>
> -----Original Message-----
> From: NANOG <nanog-bounces at nanog.org> On Behalf Of Paul S.
> Sent: Sunday, February 3, 2019 11:08 PM
> To: nanog at nanog.org
> Subject: [EXTERNAL] Re: RTBH no_export
>
> +1, exactly what we did. I also recommend implementing
> per-upstream/region blackhole communities (so your users can choose who to blackhole as they see fit.)
>
> Often time, DDoS traffic comes from regions that do not intersect with legitimate traffic.
>
> On 2/4/2019 03:15 午前, Tom Hill wrote:
>> On 31/01/2019 20:17, Nick Hilliard wrote:
>>> you should implement a different community for upstream blackholing.
>>> This should be stripped at your upstream links and replaced with the
>>> provider's RTBH community.  Your provider will then handle export
>>> restrictions as they see fit.
>> This works wonderfully, from past experience. :)
>>
> This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.

• Previous message (by thread): [EXTERNAL] Re: RTBH no_export
• Next message (by thread): [EXTERNAL] Re: RTBH no_export
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]