LAIIX RTBH User Guide
This user guide aims to provide an overview of LAIIX Remote Triggered Black Hole filtering service (“IIX RTBH”) and help you understand the operation, capabilities and benefits.
1. What is IIX RTBH? What is the benefit?:
- The number of DDoS attacks has been significantly increasing and affecting the members’ business.
- IIX RTBH provides an effective technique for the mitigation of DDoS attacks at LAIIX (“IIX”). The unwanted traffic will be dropped before entering IIX.
2. How does IIX RTBH Work? (In a Nutshell)
- IIX has an IIX RTBH server which has the Black Hole IP address on the peering VLAN (220.127.116.11/24). The Black Hole IP address is associated with a unique MAC address (Black Hole MAC address). The server provides ARP responses to the Black Hole IP address.
- All IIX member ports are pre-configured with an IIX RTBH L2 ACL to drop all traffic destined to the Black Hole MAC address.
- If a bi-lateral peering member (not using Thunderbird route server) detects malicious traffic, the member needs to announce the prefix being attacked with the next hop address set to the IIX RTBH IP address to the peer.
- If a multi-lateral peering member (using Thunderbird route server) detects malicious traffic, the member needs to set the BGP community 65535:666 for the prefix being attacked to the Thunderbird route server.
- All malicious traffic will be sent to IIX RTBH IP address and be discarded by the IIX RTBH L2 ACL filtering all traffic destined to IIX RTBH MAC address.
3. LAIIX RTBH Information
- Black Hole IP Address: 18.104.22.168/24
- Black Hole IPv6 Address: 2001:504:a::a501:3538:7/64
- Black Hole Mac Address: AA:BB:CC:DD:EE:FF (Example)
- Black Hole BGP community: 65535:666
For additional information please refer to RFC 5635 for further reading.
LAIIX is available at the following Los Angeles Metro Locations:
- 1 Wilshire
- 626 Wilshire