[j-nsp] ddos rtbh service

Aaron aaron1 at gvtc.com
Tue Apr 7 15:09:18 EDT 2015

Someone just sent me this... you will have to check its validity

7018 supports RTBH in most markets as of the middle of last year.  See
7018:86.  Below is some information:

Remote-Triggered BlackHole (RTBH) Routing.

AT&T's as7018 network in the USA now supports Remote-Triggered
BlackHole Routing, or RTBH.  Customers receiving a high volume of
denial-of-service (DoS) attack traffic destined to certain of their
IPs may prefer to have the AT&T network discard all traffic destined
for those IPs.  With RTBH, customers may cause the AT&T network to
discard all traffic towards specific portions of their IP ranges.
Customers signal their request for the AT&T network to discard traffic
to specific customer destinations by advertising BGP routes for the IP
block(s) to be discarded with the RTBH BGP community of 7018:86.

Both attack traffic and valid traffic will be discarded.  Because of
this fact, RTBH is sometimes viewed as completing the denial of
service that the attackers had started, as it results in all traffic
towards the destination under attack being discarded before reaching
the ultimate destination.  Customers considering using RTBH should
recognize that RTBH is not a traffic scrubbing service such as AT&T's
DDoS Protect Service.  For further information regarding AT&T's DDoS
Protect Service, interested customers should contact their AT&T sales


 - Customers may announce the RTBH community 7018:86 on IPv4 routes of
   length [ /25 - /32 ] inclusive, and on IPv6 routes of length [ /49
   - /128 ] inclusive.

 - AT&T will reject bgp announcements with community 7018:86 for
   IPv4 prefixes /24 or shorter, and IPv6 prefixes /48 or shorter.

 - AT&T will accept RTBH announcements only for IP blocks belonging to
   each customer.  Customers interested in utilizing RTBH should
   contact AT&T MIS Customer Care in advance to ensure that their
   route filters are configured to accept long prefixes.

 - The AT&T RTBH mechanism is signaled 'in-band', i.e. on the same
   ebgp session as a customer's other bgp routes.  For customers
   preferring to signal RTBH routes separately from their other bgp
   routes, they may procure an additional MIS connection and dedicate
   it to the RTBH signaling.  Since no traffic destined to RTBH route
   will flow over the customer's access link, a dedicated RTBH-only
   link may be sized much smaller than the customer's other link(s).

-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
Colin Baker
Sent: Tuesday, April 07, 2015 9:28 AM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] ddos rtbh service

On 2015-04-07 08:31, Aaron wrote:
> Now, I'm getting a third internet connection with AT&T. how do they do 
> it ?
> Any insight into how you all use AT&T for this and what group at AT&T 
> do y'all talk to in order to get this setup , I'd appreciate.  (when I 
> did it with cogent, as usual, those guys seem laid back, and fast at 
> what I usually ask of them.. TWC seemed a little harder for me to get 
> through the layers of the company in order to finally talk to the 
> right person..)

We inquired about this a few years ago, and they didn't support it.  As far
as I can tell, they still don't - or at least it's not documented anywhere.
juniper-nsp mailing list juniper-nsp at puck.nether.net

More information about the juniper-nsp mailing list