RFC 3882

Configuring BGP to Block Denial-of-Service Attacks, September 2004

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Author:
D. Turk
Stream:
INDEPENDENT

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC3882

Discuss this RFC: Send questions or comments to rfc-ise@rfc-editor.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes an operational technique that uses BGP communities to remotely trigger black-holing of a particular destination network to block denial-of-service attacks. Black-holing can be applied on a selection of routers rather than all BGP-speaking routers in the network. The document also describes a sinkhole tunnel technique using BGP communities and tunnels to pull traffic into a sinkhole router for analysis. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.