To help our customers mitigate the effects of Distributed Denial of Service (DDoS) attacks against their networks, we offer customer-triggered blackholing. Blackholing allows network operators to signal a blackhole by using the BGP BLACKHOLE community.
DDoS traffic is dropped
When you detect a DDoS attack against your network, you can announce the affected prefixes as Blackholes by using the BGP BLACKHOLE community.
As a result, all the traffic flowing to the victim will instead be dropped on the DE-CIX platform, so that your resources are protected against the increased loads caused by the attack. The blackholed traffic will never reach your access.
What's more, you can apply specific communities (policy control) to signal blackholed routes only to a subset of peers.
In Frankfurt and Dubai, there’s a dedicated Blackholing route server (rsbh) available.
Blackholing is free of charge
The Blackholing service is available at all DE-CIX exchanges, except Berlin, Moscow, St. Petersburg, and the Internet Exchanges in India, and is free of charge. Our Blackholing support is available for peers running both IPv4 and IPv6.
Use Remote Blackholing to fight DDoS attacks even closer to the source
With Remote Blackholing, you can announce Blackholes at remote DE-CIX Internet Exchanges. As a result, DDoS traffic is dropped closer to the source of origin, your peering and transit connections are freed up from the DDoS traffic. Learn more.