This tutorial offers attendees a view of some common practices for operating a blackhole service. As security concerns abound in the Internet, operators and providers are constantly exploring methods for protecting their networks and customers. During this intermediate-level tutorial we assume that attendees have basic IGP and BGP networking skills. We then build on this basic knowledge by discussing announcement methods for blackholing traffic across the network. In addition, some options for counting and logging the discarded traffic are discussed. Throughout the tutorial, operational and configuration commands from multiple vendors are used to illustrate the tutorial concepts.

A brief outline of the material follows:

1. Assumptions
2. Discard options
   • Static route to null0
   • Discard interface
3. Mapping addresses to blackhole services
   • BGP advertisements
   • Communities
   • Multihop options
   • Altering next hop
4. Injecting routes
   • Dedicated server
   • Accepting routes from customers
   • Accepting routes from peers
5. Accounting and Counting Options
   • Filters
   • ACLs
   • Counters
   • Syslog
   • Logging
6. Who to discard?
   • Attacks from customers
   • Attacks to customers
   • Unallocated address space (bogons?)
   • Attacks from peers

Wayne Gustavus Wayne Gustavus is a member of the IP Operations Support team for Verizon Internet Services. He is a Cisco Certified Internetwork Expert and has over 10 years experience in the networking industry. His current responsibilities at Verizon include supporting the national, multi-vendor router network that provides IP services for consumer and business customers. Wayne is a member of the NSP-SEC community and is active in Verizon's security operations, including the Inter-NOC Dial-By-ASN (INOC-DBA) network, anti-DDoS efforts, and blackhole routing infrastructure.