NYIIX RTBH

NYIIX RTBH User Guide

This user guide provides an overview of the NYIIX Remote Triggered Black Hole filtering service (“IIX RTBH”) to guide your understanding of its operation, capabilities and benefits.

JOIN NYIIX TODAY!

Benefits of RTBH in fighting DDoS attacks:

The number of DDoS attacks has been significantly increasing and affecting the members’ business.

IIX RTBH provides an effective technique for the mitigation of DDoS attacks at NYIIX (“IIX”).

The unwanted traffic will be dropped before entering IIX.

How IIX RTBH Works: (In a Nutshell)

IIX has an IIX RTBH server which has the Black Hole IP address on the peering VLAN (198.32.160.0/24). The Black Hole IP address is associated with a unique MAC address (Black Hole MAC address). The server provides ARP responses to the Black Hole IP address.
All IIX member ports are pre-configured with an IIX RTBH L2 ACL to drop all traffic destined to the Black Hole MAC address.
If a bi-lateral peering member (not using Thunderbird route server) detects malicious traffic, the member needs to announce the prefix being attacked with the next hop address set to the IIX RTBH IP address to the peer.
If a multi-lateral peering member (using Thunderbird route server) detects malicious traffic, the member needs to set the BGP community 65535:666 for the prefix being attacked to the Thunderbird route server.
All malicious traffic will be sent to IIX RTBH IP address and be discarded by the IIX RTBH L2 ACL filtering all traffic destined to IIX RTBH MAC address.

NYIIX RTBH Addresses:

Black Hole IPv4 Address: 198.32.160.7/24
Black Hole IPv6 Address: 2001:504:1::a501:3538:7/64
Black Hole Mac Address: AA:BB:CC:DD:EE:FF (Example)
Black Hole BGP community: 65535:666

For additional information please refer to RFC 5635 for further reading.

Learn More About NYIIX RTBH and How to Join.

Enter your email to get in touch or find out more.