[71448] in North American Network Operators' Group
DDoS mitigation with BGP communities
daemon@ATHENA.MIT.EDU (Matthew Crocker)
Mon Jun 14 23:28:57 2004
To: 'nanog@merit.edu' <nanog@merit.edu>
From: Matthew Crocker <matthew@crocker.com>
Date: Mon, 14 Jun 2004 23:28:24 -0400
Errors-To: owner-nanog-outgoing@merit.edu
Hello,
I just experienced my first official DDoS attack against my network.
I never realized how helpless I was :(. I had roughly 70 mbps of
traffic aimed at one IP. The IP wasn't even in use, I'm assuming
someone typed the wrong IP and meant to send it somewhere else. I shut
it down by removing the /24 announcement. This was fine except for
the customers on that /24. I know my upstreams have special
communities I can set via BGP announcements that effectively say 'route
packets to this network to null0'. My question is, what do I need to
put on my router (i.e. code examples) to inject the /32 into the BGP
announcements. I try to be a good net citizen and announce aggregate
blocks. I had to break my /21 up so I could announce everything but
the /24 in the middle. Any help would be greatly appreciated.
Routers are a couple 7500 series running 12.0.xx
-Matt
