With a denial-of-service (DoS) attack, in addition to the service degradation of the target, there is possible collateral damage such as bandwidth consumption, processor utilization and potentiel service loss elsewhere in the network. One method to mitigate the damaging effects of such an attack is to black hole (discard / drop) traffic destined to the IP address or addresses being attacked.
Remote triggered black hole (RTBH) routing is a method, leveraging BGP as control plane, for discarding traffic to a certain address or addresses. By announcing prefixes marked with a community (1257:666), traffic to that prefix will be discarded in Tele2s network.
The announcement of black hole prefixes can be performed over the same BGP session that normal prefixes are announced over, i.e. it does not require a dedicated BGP session to a route-reflector or similar. RTBH prefixes must have a CIDR prefix length of /29 or longer (/30, /31, or /32) for IPv4. RTBH is not supported for IPv6.
Tele2 typically performs strict prefix filtering for BGP customers. If you are uncertain on how your BGP session is filtered, please assume that strict prefix filtering is applied. The strict prefix filter needs to allow the announcement of the more specific black hole routes.
Do note how the typical maximum-prefix limit of customers is set to 400 prefixes for IPv4 including all routes, ie both the normal announcement and black hole routes.
If you are uncertain over the filtering of your BGP session or plan to announce a very large amount of black hole routes or already have a very large announcement of routes, please seek contact with your account manager or technical contact to verify and/or modify the prefix filter and maximum-prefix limit in place.