[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RTBH no_export

Subject: RTBH no_export
From: contact at winterei.se (Paul S.)
Date: Mon, 4 Feb 2019 08:08:19 +0900
In-reply-to: <[email protected]>
References: <CAAFE2j9FWy7SfWmQazscKuOshXmEkzxZ9asBXUpf6roHFH92vg@mail.gmail.com> <[email protected]> <[email protected]>

+1, exactly what we did. I also recommend implementing 
per-upstream/region blackhole communities (so your users can choose who 
to blackhole as they see fit.)

Often time, DDoS traffic comes from regions that do not intersect with 
legitimate traffic.

On 2/4/2019 03:15 å??å??, Tom Hill wrote:
> On 31/01/2019 20:17, Nick Hilliard wrote:
>> you should implement a different community for upstream blackholing.
>> This should be stripped at your upstream links and replaced with the
>> provider's RTBH community.Â  Your provider will then handle export
>> restrictions as they see fit.
>
> This works wonderfully, from past experience. :)
>

Follow-Ups:
- [EXTERNAL] Re: RTBH no_export
  - From: Nikos.Leontsinis at eu.equinix.com (Nikos Leontsinis)

References:
- RTBH no_export
  - From: tom at ninjabadger.net (Tom Hill)

Prev by Date: RTBH no_export
Next by Date: [EXTERNAL] Re: RTBH no_export
Previous by thread: RTBH no_export
Next by thread: [EXTERNAL] Re: RTBH no_export
Index(es):
- Date
- Thread