DE-CIX Blackholing Support
To help its customers mitigate the effects of Distributed Denial of Service (DDoS) attacks against their networks, DE-CIX offers customer-triggered blackholing.
The key point of the feature is to allow network operators to announce their prefixes to corresponding peer groups/route servers with a unique Blackhole Next-hop IP address (BN). Therefore, when the customer detects a DDoS attack against one of its networks, the network operator can issue a routing update for the corresponding network prefix with the DE-CIX provided BN address as a next-hop. As a result, all the traffic flowing to the victim will instead be dropped on the DE-CIX' platform, so that customers' resources are protected against increased load caused by the attack. In other words the blackholed traffic will never reach the customer's port! What's more, customers can of course apply specific communities to the blackholed routes, thereby obtaining behaviour that is similar to source-based blackholing.
DE-CIX Blackholing Support is available for peers running both IPv4 and IPv6, unique BNv4 and BNv6 are provided by DE-CIX accordingly:
- BNv4: 80.81.193.66
- BNv6: 2001:7f8::1a27:66:95
- MAC: de:ad:be:ef:66:95
For further information (e.g. customer routers configuration examples), please have a look at the DE-CIX Blackholing Support presentation below or look up our FAQ.
If you have any questions, please do not hesitate to contact us. Mailto sales (at) de-cix.net or contact support (at) de-cix.net if you have questions regarding the implementation.
DE-CIX-Blackholing-Support.pdf