Routing Blackhole, as known as Null-route is used to mitigate DDoS attacks which pointed to exhaust victim's internet uplink capacity. When blackhole is enabled, all traffic to victim IP-address is discarded by uplink operator, thus freeing a victim's uplink channel.
In Giganet, Blackhole service works this way:
- During incoming DDoS-attack member decides to blackhole victim's IP-address (e.g. 192.0.2.1/32).
- Member forms a BGP announce 192.0.2.1/32 tagged with community 59613:666 and sends it to our route servers.
- Our routeservers validate the announced prefix against a prefix-list: they check whether member owns the announced IP-address/prefix
- When all validation checks are passed, the route server changes announce Next-Hop attribute to 22.214.171.124, then prefix reannounces to all Global Exchange members. Address 126.96.36.199 is handled by Giganet equipment, and resolves to MAC-address 66:66:66:66:66:66. Traffic to that MAC-address is blocked by L2 ingress ACL on every port.
How to use it:
- To enable blackhole to specified prefix: create a route to desired IP-address/prefix on your router, then announce it to Giganet route servers with BGP community attribute 59613:666. After few seconds, all traffic to this prefix will be discarded.
- To disable blackhole: widthdraw prefix announced with 59613:666 community attribute.