Cogent does let you use RTBH, but on a separate BGP session to a blackhole server. So it's a bit more hassle to set it up policy-wise, because it deviates from the standard. Same story for "former GlobalCrossing", now CenturyLink's AS3549, which is still used for LATAM and Asia.
Best regards, Martijn On 2/4/19 9:39 AM, Nikos Leontsinis wrote: > This is a 20+ year old solution. Ugly because you will block good traffic and > on your effort to protect your network you will block legitimate traffic too > (satisfying the attacker) but most upstream providers > will give you a community to use (Cogent is a notable exception) and tag the > prefix under attack so that the attack will not reach your network. > Sadly most IXs after 20 years they still don't understand the need for this > community but at least someone has written an rfc so that all of us use the > same community. > At least we made some progress there... > > -----Original Message----- > From: NANOG <nanog-boun...@nanog.org> On Behalf Of Paul S. > Sent: Sunday, February 3, 2019 11:08 PM > To: nanog@nanog.org > Subject: [EXTERNAL] Re: RTBH no_export > > +1, exactly what we did. I also recommend implementing > per-upstream/region blackhole communities (so your users can choose who to > blackhole as they see fit.) > > Often time, DDoS traffic comes from regions that do not intersect with > legitimate traffic. > > On 2/4/2019 03:15 午前, Tom Hill wrote: >> On 31/01/2019 20:17, Nick Hilliard wrote: >>> you should implement a different community for upstream blackholing. >>> This should be stripped at your upstream links and replaced with the >>> provider's RTBH community. Your provider will then handle export >>> restrictions as they see fit. >> This works wonderfully, from past experience. :) >> > This email is from Equinix (EMEA) B.V. or one of its associated companies in > the territory from where this email has been sent. This email, and any files > transmitted with it, contains information which is confidential, is solely > for the use of the intended recipient and may be legally privileged. If you > have received this email in error, please notify the sender and delete this > email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, > 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. > 57577889.
