Kyiv: +380 44 201-31-30

Blackhole (BGP)

Routing Blackhole, as known as Null-route is used to mitigate DDoS attacks which pointed to exhaust victim's internet uplink capacity. When blackhole is enabled, all traffic to victim IP-address is discarded by uplink operator, thus freeing a victim's uplink channel.

In Giganet, Blackhole service works this way:

  1. During incoming DDoS-attack member decides to blackhole victim's IP-address (e.g.
  2. Member forms a BGP announce tagged with community 59613:666 and sends it to our route servers.
  3. Our routeservers validate the announced prefix against a prefix-list: they check whether member owns the announced IP-address/prefix
  4. When all validation checks are passed, the route server changes announce Next-Hop attribute to, then prefix reannounces to all Global Exchange members. Address is handled by Giganet equipment, and resolves to MAC-address 66:66:66:66:66:66. Traffic to that MAC-address is blocked by L2 ingress ACL on every port.

How to use it:

  1. To enable blackhole to specified prefix: create a route to desired IP-address/prefix on your router, then announce it to Giganet route servers with BGP community attribute 59613:666. After few seconds, all traffic to this prefix will be discarded.
  2. To disable blackhole: widthdraw prefix announced with 59613:666 community attribute.