nanog mailing list archives
Re: RTBH no_export
From: "Paul S." <contact () winterei se>
Date: Mon, 4 Feb 2019 08:08:19 +0900
+1, exactly what we did. I also recommend implementing per-upstream/region blackhole communities (so your users can choose who to blackhole as they see fit.)
Often time, DDoS traffic comes from regions that do not intersect with legitimate traffic.
On 2/4/2019 03:15 午前, Tom Hill wrote:
On 31/01/2019 20:17, Nick Hilliard wrote:you should implement a different community for upstream blackholing. This should be stripped at your upstream links and replaced with the provider's RTBH community. Your provider will then handle export restrictions as they see fit.This works wonderfully, from past experience. :)
Current thread:
- Re: RTBH no_export Randy Bush (Feb 01)
- <Possible follow-ups>
- Re: RTBH no_export Tom Hill (Feb 03)
- Re: RTBH no_export Paul S. (Feb 03)
- RE: [EXTERNAL] Re: RTBH no_export Nikos Leontsinis (Feb 04)
- Re: [EXTERNAL] Re: RTBH no_export i3D . net - Martijn Schmidt (Feb 04)
- Re: [EXTERNAL] Re: RTBH no_export Vincent Bernat (Feb 04)
- RE: [EXTERNAL] Re: RTBH no_export Nikos Leontsinis (Feb 04)
- Re: RTBH no_export Paul S. (Feb 03)
- Message not available
- Re: [EXTERNAL] Re: RTBH no_export John Kristoff (Feb 04)