19 July 2022

Remote-triggered Blackholing vs Blackholing Advanced

Distributed Denial of Service (DDoS) attacks are becoming more and more harmful and not only do the targets of such attacks themselves suffer, but the whole infrastructure of a network operator can also be affected. The DE-CIX Blackholing feature to mitigate DDoS attacks has been very popular and our customers have asked us to extend its functionalities. Enter Blackholing Advanced.

Blackholing Advanced is an extension of the existing Blackholing service and whether you use Blackholing or Blackholing Advances, dropping DDoS packets is enabled by using BGP routes marked with a blackholing community attribute. The main difference is the effectiveness of each mechanism.

100% effective and more fine-grained filtering possibilities

Remote-triggered Blackholing relies on the goodwill of your peering ASes to drop traffic for you, which cannot always be taken for granted. A DE-CIX study shows that when it comes to blocking traffic to host routes (the most common case, e.g. /32 for IPv4), on average only roughly 50% of the traffic or less is dropped.

The benefit of Blackholing Advanced is that it drops traffic with 100% reliability by directly using the DE-CIX hardware. Moreover, while remote-triggered Blackholing removes traffic for targeted IPs only, Blackholing Advanced lets you filter specific packet headers and rate-limit traffic, which enables additional use cases.

Dr.-Ing. Matthias Wichtlhuber, Senior Researcher at DE-CIX, has written a white paper "DDoS Mitigation with Blackholing Advanced" explaining the difference between Blackholing and Blackholing Advanced and how to how to use Blackholing Advanced to protect your network. Download it now.