3 Feb
2019
3 Feb
'19
6:08 p.m.
+1, exactly what we did. I also recommend implementing per-upstream/region blackhole communities (so your users can choose who to blackhole as they see fit.) Often time, DDoS traffic comes from regions that do not intersect with legitimate traffic. On 2/4/2019 03:15 午前, Tom Hill wrote:
On 31/01/2019 20:17, Nick Hilliard wrote:
you should implement a different community for upstream blackholing. This should be stripped at your upstream links and replaced with the provider's RTBH community. Your provider will then handle export restrictions as they see fit.
This works wonderfully, from past experience. :)