Arvig® BGP Community Based RTBH

OVERVIEW: Arvig Border Gateway Protocol (BGP) Community Based Remote-Triggered Black Hole (RTBH) is a method that allows network administrators to block unwanted traffic to a specific host address destination. This is done by directing traffic to a Null0 interface. The Black Hole routing mitigates the Denial of Service (DoS) attack and it also drops all legitimate traffic destined for the host address.

The use of Border Gateway Protocol (BGP) Communities allows network administrators to determine which host prefix should be Black-Holed, when it should start and when it should be removed.

REQUIREMENTS:

  • Customer must have an active business internet connection with Arvig
  • Customer must have a BGP peering relationship with Arvig
  • Only host prefixes are supported with the Arvig RTBH BGP community: IPv4 (/32) or IPv6 (/128)
  • Send BGP Community 16904:666 with the host prefix to be Black-Holed

EXCLUSIONS:

  • If Arvig receives a host prefix without RTBH community, the host route will be dropped
  • If Arvig receives a prefix with a mask length of /24 or shorter with the RTBH community, the RTBH community will be removed from the community list
  • If Arvig receives a prefix not authorized by the customer the prefix will be dropped.
  • Arvig will not forward customer RTBH prefixes to Arvig transit or IXP neighbors, the prefix will be published to all Arvig border routers only

PROCESS: Once Arvig receives a valid host prefix with the RTBH community from the customer via BGP, Arvig’s router will install the prefix attribute by setting the next-hop address. All traffic to Null0 will be dropped. Arvig’s border routers will be updated with the appropriate Null0 route for the customer prefix. Once the customer removes the advertisement of the valid host prefix with RTBH, Arvig will then remove the Null0 route from all border routers as fast as BGP updates occur.