Remote Trigger Black Hole

Remote Trigger Black Hole functionality allows customers who are under a DDoS attack to block traffic coming in to their Internet port.

Remote Trigger Black Hole functionality will allow customers to announce down to a IPv4 /24-32 route and down to a IPv6 /48-128 route to LSHIY and have all traffic to that network blocked at LSHIY's backbone.

In order for you to use the blackhole filtering on LSHIY eBGP peering configuration you will need to tag your blackholed routes with this following community 65535:666 (This is the standard blackhole community as outlined in RFC 7999.)

We have blackhole servers in 3 locations that are synchronized with each other, and you can send a Black Hole-tagged route to any of them. It is recommended that you connect to the Black Hole Server closest to you. You can also connect to all servers for backup.

Hostname	Location
blackhole-iad.bb.lshiy.net	Ashburn VA, US
blackhole-fra.bb.lshiy.net	Frankfurt, DE
blackhole-sin.bb.lshiy.net	Singapore, SG

We recommend that you use a server outside your network as the Remote Trigger Black Hole. It is recommended that you choose a server with the smallest plan from Vultr. The server used for Remote Trigger Black Hole does not require high configuration, usually 1 core CPU and 1GB memory are sufficient. When you have an external server ready, you can configure it as follows.

Install Required Packages

Debian/UbuntuFedora/RHEL

apt install bird2 git

dnf install bird git

Configuring the BIRD Service

cd /etc/bird/ && rm -rf bird.conf
git clone https://github.com/lshiy/blackhole-bird2-script.git
cp blackhole-bird2-script/* .

The BIRD configuration script example we wrote has only 2 files. The configuration method and usage are very simple.

• bird.conf BIRD main configuration file. Includes variables and core filter configuration.
• blackhole.conf This file is used to perform black hole operations and connect to LSHIY's remote black hole server.

bird.conf

define myas = 64496;
define v4_loopback = 192.0.2.1;
define v6_loopback = 2001:db8::1;
define v4_my_prefixes = [
    192.0.2.0/24+
];
define v6_my_prefixes = [
    2001:db8::/48+
];

• myas If you have an existing BGP session with us, your own public ASN will be used. If you do not have a public ASN, we will assign you a private ASN that will be used to remotely trigger a blackhole session.
• v4_loopback and v6_loopback Configure your server's IP address.
• v4_my_prefixes and v6_my_prefixes Configure your IP prefixes.

blackhole.conf

protocol static v6_blackhole_prefix {
    ipv4;
    route 192.0.2.66/32 blackhole;
}
protocol static v6_blackhole_prefix {
    ipv6;
    route 2001:db8::666/128 blackhole;
}
protocol bgp v4_blackhole_server from v4_blackhole {
    neighbor 0.0.0.0 as 955;
    password "xxx";
}
protocol bgp v4_blackhole_server from v6_blackhole {
    neighbor :: as 955;
    password "xxx";
}

• v6_blackhole_prefix and v6_blackhole_prefix The IP address you need to blackhole. The allowed route size. IPv4 /24-31 and IPv6 /48-128.
• v4_blackhole_server and v6_blackhole_server Configuring LSHIY's Remote Trigger Black Hole Server.

Configuration Complete! Commit Configuration.

bird configure

🎉Congratulations on completing the Remote Trigger Black Hole configuration.