Blackholing

BKNIX defines a blackhole next-hop IP address for each address family in each peering LAN which mapped to a blackhole MAC address as shown below
Protocol Blackhole IP Address Blackhole MAC Address
IPv4 203.159.69.0 DE:AD:BE:EF:F8:29
IPv6 2001:deb:0:68::dead DE:AD:BE:EF:F8:29
Traffic sent to this blackhole MAC address will be dropped towards incoming direction at the edge port where the packet is coming from therefore reducing the packet flow toward the victim network.

BKNIX supports well-known BGP Community for Blackholing in Route Server.
BGP Community Description
65535:666 Blackhole
Please see RFC 7999 “BLACKHOLE Community” for more detail.

Currently we offer the following options:

  • Blackhole route must be marked with community 65535:666
  • Size of Blackhole route should specific as /32 for IPv4 and /128 for IPv6 only.
  • Advertising Blackhole route to certain BGP neighbors respecting BGP community for prefix redistribution described on this page.
Example

Config guide
router bgp (your AS)
.
.
.
address-family ipv4
  network your.own.ip.address mask 255.255.255.255 route-map bknix-rs-rtbh
  .
  .
  .
exit-address-family
!
!
route-map bknix-rs-rtbh permit 10
 set community 65535:666	#In order to announce to specific peers, you can add other communities defined in this section.
!
ip route your.own.ip.address 255.255.255.255 Null0	#Because BGP will not announce prefix doesn't exist in your routing table