Distributed denial-of-service attacks (DDoS) congest the links of attacked operators.
Blackholing consists of sending the traffic to a specific address in which this traffic is discarded.
In case of DDoS attack, sending the traffic from the addresses attacked to a blackhole allows to decongest the lines and work normally on the rest of the network.
CATNIX sets up a blackhole server for their members, where they can send the traffic of their IP attacked addresses to the blackhole, decongesting those attacked lines. In this way, traffic is redirected to the blackhole server and the switch is filtered so that it does not reach its destination, mitigating DDoS attacks.
How does it work?
CATNIX adopts the RFC 7999 and uses blackhole communities to designate DDoS attacks. Also, it has been agreed to set up these communities on the route servers, so that announcing the attacked prefix from the attacked network itself, the route server sends to the blackhole address the assigned traffic to that prefix.
The service is available with a blackhole server (22.214.171.124/24 in IPv4 and 2001:7F8:002A:0:1:1:6:5666/48 in IPv6) and the community’s configuration 65535:666 (0xFFFF029A) at all three route servers (126.96.36.199, 188.8.131.52 and 184.108.40.206).
Whenever is needed for the route server to send traffic from one of your prefixes (preferable to be closer to / 32 in IPv4 and / 128 in IPv6) to Blackhole, it can be labeled to that community and announce it to any of the route servers (220.127.116.11, 18.104.22.168 i 22.214.171.124).