RE: [EXTERNAL] Re: RTBH no_export

[Nikos Leontsinis <Nikos.Leontsinis () eu equinix com>]

This is a 20+ year old solution. Ugly because you will block good traffic and on your effort to protect your network 
you will block legitimate traffic too (satisfying the attacker) but most upstream providers
will give  you a community to use (Cogent is a notable exception) and tag the prefix under attack so that the attack 
will not reach your network.
Sadly most IXs after 20 years they still don't understand the need for this community but at least someone has written 
an rfc so that all of us use the same community.
At least we made some progress there...

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Paul S.
Sent: Sunday, February 3, 2019 11:08 PM
To: nanog () nanog org
Subject: [EXTERNAL] Re: RTBH no_export

+1, exactly what we did. I also recommend implementing
per-upstream/region blackhole communities (so your users can choose who to blackhole as they see fit.)

Often time, DDoS traffic comes from regions that do not intersect with legitimate traffic.

On 2/4/2019 03:15 午前, Tom Hill wrote:
> On 31/01/2019 20:17, Nick Hilliard wrote:
> > you should implement a different community for upstream blackholing.
> > This should be stripped at your upstream links and replaced with the
> > provider's RTBH community.  Your provider will then handle export
> > restrictions as they see fit.
>
> This works wonderfully, from past experience. :)

This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has 
been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the 
use of the intended recipient and may be legally privileged. If you have received this email in error, please notify 
the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, 
The Netherlands. Registered in The Netherlands No. 57577889.