NANOG Meeting Presentation Abstract

Selective Blackholing - How to Use & Deploy
Meeting:	NANOG63
Date / Time:	2015-02-04 10:30am - 11:00am
Room:	Salon I
Presenters:	Speakers: Job Snijders, NTT Communications Job is actively involved in the Internet community both in an operational capacity and as a founder of cooperation efforts such as the NLNOG RING. He has taught service providers in the Middle East how to deploy IPv6 and has a passion for Routing Security and Automation. Job holds a position at NTT Communications' IP Development Department.
Abstract:	While DDoS are commonplace in today's networks, effective mitigation is either very costly or you throw out the good with the bad when using a conventional blackhole community. In the author's humble opinion selective blackholing is very effective, and arguably the cheapest way to deal with DDoS attacks. This BGP community scheme is designed based on the theory that most prefixes (and content) have a geopgrahical significance which decreases as distance between the sender and receiver of traffic increases. Most often big DDoS attacks are sourced world-wide, but most legitimate visitors come from within a certain radius. In other words: a Texas gun shop owner doesn't care about Dutch visitors during a DDoS attack. The objective of this presentation is to explain how to interpretate selective blackhole communities as an end-user, and elaborate on how one might implement such a scheme as a network operator.
Files:	Selective Blackholing - How to Use & Deploy(PDF) Selective Blackholing - How to Use & Deploy
Sponsors:	None.

Back to NANOG63 agenda.

NANOG63 Abstracts

• Show All

• Operators and the IETF - What Next?
  Speakers:
  Chris Grundemann

• Common Carriage and the Open Internet
  Speakers:
  Christopher Yoo, U. of Pennsylvania Law School;

• Stewardship and Accountability for Internet Identifiers
  Speakers:
  John Curran

• RING SQA: blazing fast partial outage detection (free!)
  Speakers:
  Job Snijders, NTT Communications;

• The Resolvers We Use
  Speakers:
  Geoff Huston, APNIC;

• Recent BGP routing incidents - malicious or not
  Speakers:
  Andree Toonk, BGPMon.net;

• Network Integration Panel
  Moderators:
  Joe Provo, Google; Panelists:
  McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen

• Network Integration Panel
  Moderators:
  Joe Provo, Google; Panelists:
  McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen

• Network Integration Panel
  Moderators:
  Joe Provo, Google; Panelists:
  McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen

• Network Integration Panel
  Moderators:
  Joe Provo, Google; Panelists:
  McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen

• Network Integration Panel
  Moderators:
  Joe Provo, Google; Panelists:
  McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen

• Automatically Build, Test and Deploy Your Network Configurations
  Speakers:
  Carlos Vicente, Dyn Inc.;

• BCOP Publication Options
  Speakers:
  Cathy Aronson, Daydream Imagery LLC.;

• Datacenter Track
  Moderators:
  Martin Hannigan, Akamai Technologies, Inc.;

• DNS Track
  Moderators:
  Duane Wessels, VeriSign;

• Security Track
  Moderators:
  John Kristoff, Team Cymru;

• Beyond the Range of the Moment: Ethical Response to Cybercrime
  Speakers:
  David Dittrich, University of Washington; Katherine Carpenter

• Beyond the Range of the Moment: Ethical Response to Cybercrime
  Speakers:
  David Dittrich, University of Washington; Katherine Carpenter

• Public Policy Approaches to IPv4-IPv6 Transition
  Speakers:
  Lee Howard, Time Warner Cable;

• DDoS Mitigation using BGP Flowspec
  Speakers:
  Justin Ryburn, Juniper Networks;

• Approaches for DDoS — an ISP Perspective
  Speakers:
  Barry Dykes, ViaWest Inc; Ognian Mitev, ViaWest, Inc.;

• Approaches for DDoS — an ISP Perspective
  Speakers:
  Barry Dykes, ViaWest Inc; Ognian Mitev, ViaWest, Inc.;

• Real-world Network Automation
  Moderators:
  Matt Peterson, Cumulus Networks; Panelists:
  Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;

• Real-world Network Automation
  Moderators:
  Matt Peterson, Cumulus Networks; Panelists:
  Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;

• Real-world Network Automation
  Moderators:
  Matt Peterson, Cumulus Networks; Panelists:
  Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;

• Real-world Network Automation
  Moderators:
  Matt Peterson, Cumulus Networks; Panelists:
  Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;

• Selective Blackholing - How to Use & Deploy
  Speakers:
  Job Snijders, NTT Communications;

• Assessing Internet Resilience at a Key Node
  Speakers:
  Michael Thompson, Argonne National Laboratory;

• Migrating AmLight from legacy to SDN: Challenges, Results and Next Steps
  Speakers:
  Jeronimo Bezerra, Florida International University;

• Why Operators need Transport SDN (Not just another SDN presentation)
  Speakers:
  Peter Landon, BTI Systems;

• RIPE Lessons from RPKI adoption
  Speakers:
  Alex Band, RIPE NCC;

• ISP Interconnection and its Impact on Consumer Internet Performance
  Speakers:
  Collin Anderson, Measurement Lab;