Due to the fact that recently increased DDoS-attacks came the question – what to do? And who is guilty?
Reliable solution is to do not let the compromised traffic to come to your router. How to do it? Very easy. Blackhole community. All you need to do – just announce its own prefix, which under attack, with blackhole community. Your ISP’s route servers will redirect traffic to this prefix to null (discard it).
Configuration example on cisco 7606.
conf t
ip route 192.168.1.2 255.255.255.255 null 0
ip prefix-list OWN_PREFIXES seq 15 permit 192.168.1.2/32
route-map blackhole permit 10
set community 0:666 0:777 9002:666 48625:666
router bgp 65001
address-family ipv4
network 192.168.1.2 mask 255.255.255.255 route-map blackhole
Some ISP’s have their own blackhole community – maybe 0:666 or 0:777 or something else.
Don’t forget add to main community to the ISP keyword additive:
route-map map-CloudIX-Out permit 100
set community 29076:2023 29076:2043 29076:2123 additive
networkpointblog 