Blackholing is typically used to fight massive DDoS attacks which congest the physical connection between DE-CIX and a customer router. A detailed description of how Blackholing works at DE-CIX is available here.
Besides signaling a blackhole via direct peering, you can signal blackholes via the route servers at all exchanges except certain partner locations.
Blackholing via direct peering
You have to set the corresponding next-hop manually (please see table below) when signaling a blackhole in a direct peering session.
Please also ask your peers to accept up to /32 for IPv4 and up to /128 for IPv6 from you to allow the service to work correctly.
Blackholing via the route servers
If you want to blackhole a certain IP prefix by using the conventional or Blackholing route servers, there are two ways of achieving this:
- The BGP announcement carrying the IP prefix that should be blackholed is marked with the BLACKHOLE BGP Community (65535:666). This is the recommended way as it makes handling a lot easier.
or - The BGP announcement carrying the IP prefix that should be blackholed contains as next-hop a pre-defined Blackhole IP address. The table below lists the IPv4 and IPv6 Blackhole IP addresses for the different DE-CIX IXPs.
Internet Exchange | Blackhole next-hop IPv4 address | Blackhole next-hop IPv6 address | BGP BLACKHOLE community |
---|---|---|---|
Frankfurt | 80.81.193.66 | 2001:7f8::1a27:66:95 | 65535:666
|
ASEAN | 103.162.254.66 | 2001:df6:480::94f9:b:dead | |
Athens (SEECIX) | 185.1.172.66 | 2001:7f8:f5::de1a:b:dead | |
Barcelona | 185.1.119.66 | 2001:7f8:10a::e1ca:b:dead | |
Chicago | 149.112.11.66 | 2001:504:102::f528:b:dead | |
Copenhagen | 185.0.4.66 | 2001:7f8:139::3:1359:b:dead | |
Dallas | 206.53.202.66 | 2001:504:61::f423:42:1 | |
Dubai (UAE-IX) | 185.1.8.66 | 2001:7f8:73::efbe:42:1 | |
Dusseldorf | 185.1.170.66 | 2001:7f8:9e::de3a:42:1 | |
Esbjerg | 185.0.17.66 | 2001:7f8:143::3:e21:b:dead | |
Hamburg | 185.1.210.66 | 2001:7f8:3d::a8f4:42:1 | |
Helsinki | 185.0.5.66 | 2001:7f8:13a::3:1358:b:dead | |
Istanbul | 185.1.48.66 | 2001:7f8:3f::50eb:42:1 | |
Jakarta | 103.159.71.126 | 2001:df5:7880::2614:b:dead | |
Karachi (PIE Karachi) | 58.181.127.66 | 2001:df2:b940:0:2:2413:b:dead | |
Kinshasa (ACIX) | 196.60.92.66 | 2001:43ff:6000::93a7:b:dead | |
Kristiansand | 185.0.6.66 | 2001:7f8:13b::3:1341:b:dead | |
Kuala Lumpur | 103.119.234.66 | 2403:4ac0:1::9532:b:dead | |
Lagos (AF-CIX) | 196.49.90.66 | 2001:43f8:1690::93a1:b:dead | |
Leipzig | 185.1.245.66 | 2001:7f8:df:0:3:1f77:b:dead | |
Lisbon | 185.1.131.66 | 2001:7f8:d5::aad1:42:1 | |
Madrid | 185.1.192.66 | 2001:7f8:a0::be99:42:1 | |
Malaysia | 103.119.232.66 | 2403:4ac0::951f:b:dead | |
Marseille | 185.1.47.66 | 2001:7f8:36::50ed:42:1 | |
Mexico | 45.68.64.254 | 2806:424::4:280a:b:dead | |
Munich | 185.1.208.66 | 2001:7f8:44::b87c:42:1 | |
New York | 206.82.104.66 | 2001:504:36::f63a:63:34 | |
Nordics | 185.0.8.66 | 2001:7f8:13e::3:12c2:b:dead | |
Oslo | 185.0.7.66 | 2001:7f8:13c::3:1336:b:dead | |
Palermo | 185.1.46.66 | 2001:7f8:32::61fb:42:1 | |
Penang (PIX) | 103.10.57.66 | 2001:deb:c001:0:2:7de:b:dead | |
Phoenix | 149.112.27.66 | 2001:504:116::6:1bca:b:dead | |
Richmond | 206.53.137.66 | 2001:504:44::6:218:b:dead | |
Ruhr region (Ruhr-CIX) | 185.1.197.66 | 2001:7f8:106::e223:b:dead |
Please do not set the NO-EXPORT or NO-ADVERTISE community on the BGP announcements marked as blackhole as this tells the route servers not to re-distribute this announcement. The route servers will add NO_EXPORT automatically.
Configuration examples of how to setup a BGP session to the route servers can be found in the route server guides.