Blackholing

TurkIX Blackholing

Protect your network and services from malicious DDoS attacks.

This service mitigates the effects of Distributed Denial of Service (DDoS) attacks against TurkIX members, using customer-triggered blackholing. The mitigation mechanism allows the member, at the time of the attack, to filter the incoming malicious traffic against the targeted prefixes, learned via the member's BGP session with a Route Server.


When a member detects an attack against one of its prefixes, a network update can be issued for the corresponding network prefix with the TurkIX provided Blackhole (BH) community. This will trigger a next-hop change for this prefix, null-routing the traffic to a unique TurkIX BH Next-hop IP address. (BN). As a result, the member's network is protected against the increased traffic load caused by the attack by dropping it at the TurkIX entrance port.


On top of that, when using the BH community, all other Basic or Extended Routing Policies can be also applied.


In general, the blackholed traffic will never reach the member's port !


Additional information is present at the TurkIX Blackholing service presentation bellow or look up our service FAQ section.

Benefits

> Prevent DDoS attacks reaching your network.

> Increase the availability of your services.

> Save resources trying to mitigate the attack by yourself.

Requirements

> TurkIX GIX member.

Specifications

TurkIX Blackholing service is available for members running both IPv4 and IPv6 BGP sessions with the Route Servers.

> BNv4: 193.218.0.99

> BNv6: 2001:67c:29f0::9999

> MAC: a0f3.c170.99a8