Blackholing means diverting the flow of malicious data towards a specific next-hop (Blackhole), where traffic is discarded, guaranteeing protection for networks and hosts located within the blackholed prefix.
By activating the RTBH mechanism towards the Namex Route Servers you can block the attack and its related traffic at the edge of the Namex switching infrastructure (through the use of L2 ACL applied on all customer ports) thus avoiding that the member’s router is subject to excessive workload and resource consumption.
To activate RTBH on the Route Servers selectively the members can use the standard communities supported by our Route Servers to discriminate the sources of the attack, together with the application of the BGP BLACKHOLE COMMUNITY.
It is also possible to benefit from the blackhole server to mitigate DDoS attacks on bilateral sessions.
All the configuration details to activate the feature can be found in the Namex customer portal, at the address: https://my.namex.it/content/1/route-servers
We would like to underscore that this new feature is a further step forward to guarantee security and reliability to all the members who have active BGP peering sessions towards our switching infrastructure.
This adds to the prefix filtering active on the Route Server infrastructure, that already mitigates the incorrect propagation of routing information. We remind you that the following features are already active:
– Automatic generation of filters from the information contained within the Internet Routing Registry (IRRdb filtering)
– The prefixes received are filtered according to their ROA RPKI status: Invalid ROA are blocked and not propagated to the peers, instead ROAs with Valid and Not Found status are exported
– Protection on bogon/martian announcements and default routes.