Remote Triggered Black Hole routing

Tele2 offers remotely triggered black hole (RTBH) routing. By setting the community 1257:666 on a BGP prefix, all traffic to that prefix can be discarded in Tele2s network.

Background

With a denial-of-service (DoS) attack, in addition to the service degradation of the target, there is possible collateral damage such as bandwidth consumption, processor utilization and potentiel service loss elsewhere in the network. One method to mitigate the damaging effects of such an attack is to black hole (discard / drop) traffic destined to the IP address or addresses being attacked.

Remote triggered black hole (RTBH) routing is a method, leveraging BGP as control plane, for discarding traffic to a certain address or addresses. By announcing prefixes marked with a community (1257:666), traffic to that prefix will be discarded in Tele2s network.

BGP announcement

The announcement of black hole prefixes can be performed over the same BGP session that normal prefixes are announced over, i.e. it does not require a dedicated BGP session to a route-reflector or similar. RTBH prefixes must have a CIDR prefix length of /29 or longer (/30, /31, or /32) for IPv4. RTBH is not supported for IPv6.

Tele2 typically performs strict prefix filtering for BGP customers. If you are uncertain on how your BGP session is filtered, please assume that strict prefix filtering is applied. The strict prefix filter needs to allow the announcement of the more specific black hole routes.

Do note how the typical maximum-prefix limit of customers is set to 400 prefixes for IPv4 including all routes, ie both the normal announcement and black hole routes.

If you are uncertain over the filtering of your BGP session or plan to announce a very large amount of black hole routes or already have a very large announcement of routes, please seek contact with your account manager or technical contact to verify and/or modify the prefix filter and maximum-prefix limit in place.