On Jun 20, 2019, at 11:39 AM, Doug McIntyre <merlyn@IPHOUSE.NET> wrote:
On Thu, Jun 20, 2019 at 04:33:12PM +0000, Frank Bulk wrote:
https://www.seattleix.net/blackholing
Does MICE have an blackholng functionality equivalent to SIX?
I was visiting with a DDoS mitigation vendor this morning and was curious if there was a way we could automatically mitigate DoS attack traffic coming from a MICE peer.
You can adjust the routing with communities, ie. in the MICE communities aera of http://micemn.net/technical.html
you could block-hole the AS that is sending you that traffic.
unfortunately, that just has the effect of traffic going elsewhere - not a blackhole effect. the communities in place would just cause the route not to be advertised to said peer, and the traffic would just ingress your network via a different path. In the case of a DDOS, it’s likely you have multiple ASN’s targeting you. https://www.seattleix.net/blackholing <https://www.seattleix.net/blackholing> SIX, as an example, has a blackhole IP address, and the route servers matching a blackhole community to set next hop to this to sink the traffic on the switch fabric. Perhaps something we should look into for MICE. — Andrew Hoyos hoyosa@gmail.com