[c-nsp] ddos rtbh service

Josh Baird joshbaird at gmail.com
Tue Apr 7 09:44:46 EDT 2015


7018 supports RTBH in most markets as of the middle of last year.  See
7018:86.  Below is some information:

==============================================
Remote-Triggered BlackHole (RTBH) Routing.
==============================================

AT&T's as7018 network in the USA now supports Remote-Triggered
BlackHole Routing, or RTBH.  Customers receiving a high volume of
denial-of-service (DoS) attack traffic destined to certain of their
IPs may prefer to have the AT&T network discard all traffic destined
for those IPs.  With RTBH, customers may cause the AT&T network to
discard all traffic towards specific portions of their IP ranges.
Customers signal their request for the AT&T network to discard traffic
to specific customer destinations by advertising BGP routes for the IP
block(s) to be discarded with the RTBH BGP community of 7018:86.

Both attack traffic and valid traffic will be discarded.  Because of
this fact, RTBH is sometimes viewed as completing the denial of
service that the attackers had started, as it results in all traffic
towards the destination under attack being discarded before reaching
the ultimate destination.  Customers considering using RTBH should
recognize that RTBH is not a traffic scrubbing service such as AT&T's
DDoS Protect Service.  For further information regarding AT&T's DDoS
Protect Service, interested customers should contact their AT&T sales
team.

Restrictions:

 - Customers may announce the RTBH community 7018:86 on IPv4 routes of
   length [ /25 - /32 ] inclusive, and on IPv6 routes of length [ /49
   - /128 ] inclusive.

 - AT&T will reject bgp announcements with community 7018:86 for
   IPv4 prefixes /24 or shorter, and IPv6 prefixes /48 or shorter.

 - AT&T will accept RTBH announcements only for IP blocks belonging to
   each customer.  Customers interested in utilizing RTBH should
   contact AT&T MIS Customer Care in advance to ensure that their
   route filters are configured to accept long prefixes.

 - The AT&T RTBH mechanism is signaled 'in-band', i.e. on the same
   ebgp session as a customer's other bgp routes.  For customers
   preferring to signal RTBH routes separately from their other bgp
   routes, they may procure an additional MIS connection and dedicate
   it to the RTBH signaling.  Since no traffic destined to RTBH route
   will flow over the customer's access link, a dedicated RTBH-only
   link may be sized much smaller than the customer's other link(s).

On Tue, Apr 7, 2015 at 9:31 AM, Aaron <aaron1 at gvtc.com> wrote:

> I'm using cogent and twc (time warner cable's) ddos rtbh service for
> stopping attacks out in the cloud before they flood my internet links. and
> it works nice and fast.
>
>
>
> Cogent is using a special bgp neighbor location for signaling bgp /32's
> into
> it.
>
> TWC uses a community for tagging bgp /32's into it.
>
>
>
> Now, I'm getting a third internet connection with AT&T. how do they do it ?
> Any insight into how you all use AT&T for this and what group at AT&T do
> y'all talk to in order to get this setup , I'd appreciate.  (when I did it
> with cogent, as usual, those guys seem laid back, and fast at what I
> usually
> ask of them.. TWC seemed a little harder for me to get through the layers
> of
> the company in order to finally talk to the right person..)
>
>
>
>
>
> Aaron
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list