Kyiv: +380 44 201-31-30
Укр Pl En

Login

Blackhole (BGP)


Routing Blackhole, as known as Null-route is used to mitigate DDoS attacks which pointed to exhaust victim's internet uplink capacity. When blackhole is enabled, all traffic to victim IP-address is discarded by uplink operator, thus freeing a victim's uplink channel.

In Giganet, Blackhole service works this way:

  1. During incoming DDoS-attack member decides to blackhole victim's IP-address (e.g. 192.0.2.1/32).
  2. Member forms a BGP announce 192.0.2.1/32 tagged with community 59613:666 and sends it to our route servers.
  3. Our routeservers validate the announced prefix against a prefix-list: they check whether member owns the announced IP-address/prefix
  4. When all validation checks are passed, the route server changes announce Next-Hop attribute to 185.1.63.254, then prefix reannounces to all Global Exchange members. Address 185.1.63.254 is handled by Giganet equipment, and resolves to MAC-address 66:66:66:66:66:66. Traffic to that MAC-address is blocked by L2 ingress ACL on every port.

How to use it:

  1. To enable blackhole to specified prefix: create a route to desired IP-address/prefix on your router, then announce it to Giganet route servers with BGP community attribute 59613:666. After few seconds, all traffic to this prefix will be discarded.
  2. To disable blackhole: widthdraw prefix announced with 59613:666 community attribute.