LISTSERV 16.0 - MICE-DISCUSS Archives

On Jun 20, 2019, at 11:39 AM, Doug McIntyre <[log in to unmask]> wrote:
> On Thu, Jun 20, 2019 at 04:33:12PM +0000, Frank Bulk wrote:
>> https://www.seattleix.net/blackholing
>> 
>> Does MICE have an blackholng functionality  equivalent to SIX?
>> 
>> I was visiting with a DDoS mitigation vendor this morning and was curious if there was a way we could automatically mitigate DoS attack traffic coming from a MICE peer.
> 
> 
> You can adjust the routing with communities, ie. in the MICE communities aera of
> http://micemn.net/technical.html
> 
> you could block-hole the AS that is sending you that traffic. 

unfortunately, that just has the effect of traffic going elsewhere - not a blackhole effect. the communities in place would just cause the route not to be advertised to said peer, and the traffic would just ingress your network via a different path. In the case of a DDOS, it’s likely you have multiple ASN’s targeting you.

https://www.seattleix.net/blackholing 

SIX, as an example, has a blackhole IP address, and the route servers matching a blackhole community to set next hop to this to sink the traffic on the switch fabric.
Perhaps something we should look into for MICE.


—
Andrew Hoyos
[log in to unmask]