Blackholing

Drop DDoS traffic

To help our customers mitigate the effects of Distributed Denial of Service (DDoS) attacks against their networks, we offer customer-triggered Blackholing. 

Blackholing via the route servers

1. Customers advertise their IP/IPv6 prefix(es) tagged with the BGP BLACKHOLE Community (50263:666).
2. Accepted prefix length by the 1-IX EU Route-Servers is /32 for IPv4 (only if BLACKHOLE is set)
3. Accepted prefix length by the 1-IX EU Route-Servers is /128 for IPv6 (only if BLACKHOLE is set)
4. Prefix validation (RIR and RPKI filtering) is applied as usual, to prevent unauthorized Blackholing
5. The 1-IX EU Route Servers rewrite the next-hop of the advertised IP/IPv6 prefix(es) to the address of the Blackhole next-hop 
6. Then the 1-IX EU Route Servers advertise this prefixes to all peers
7. All of the peers MUST accept /32 for IPv4 and /128 for IPv6 with BGP BLACKHOLE Community (50263:666)
8. Blackhole next-hop has a unique MAC address (determined by ARP/NDP)
9. All frames with destination MAC address of Blackhole next-hop are dropped inside 1-IX EU switching platform