Hi Guys, im confused on what to test for DDOS protection using blackhole. Can anyone help me differentiate or tell the advantages of RTBH? and why not simply use Type-blackhole in ROS.
Thanks all.
is it only because it can propagate to your own IBGP peers or Edge routers without doing it manually on each?
Yeap.
Imagine you have a network with multiple edge routers and you want to blackhole a prefix.
Without RTBH you would have to add the blackhole routes to each router manually (or via API).
With RTBH you only do it on one router and it propagates to all your other routers.
But you have to be careful not to advertise those prefixes to your eBGP peers.
Here’s a better explanation and an example (cisco) on RTBH http://packetlife.net/blog/2009/jul/6/remotely-triggered-black-hole-rtbh-routing/
Also a nice presentation on the subject: http://mum.mikrotik.com/presentations/US16/presentation_3386_1462512745.pdf
To be more accurate, this depends on your policies. You may want to advertise those blackholes to your upstreams with a specific BGP Community so they blackhole the destinations in their routers before traffic even reaches you.
This is useful in DDoS situations.
There’s also FastNetMon that automates this
http://mum.mikrotik.com/presentations/EU16/presentation_2960_1456752556.pdf
hi Cha0s,
we only have single upstream, so its better to use mikrotik owned route-type=blackhole? since no other edge router is involved and it will be less configuration rather than manually creating Null interface.