Anti-DDoS Support on MMIX Route Servers

Remote Triggered Black Hole Filtering (RTBH)

MMIX Supports RTBH for announcemnet of black-hole filtering. In order to facilitate better routing management for routes being advertised via MMIX Route Servers, we highly recommend all members to make use of BGP community tagging when they annoouncement/received BGP routes to/from the MMIX route servers.


The BGP community supported for RTBH filtering.

BGP community Next Hop Address
Yangon IXP 9654:66 103.116.194.66
Mandalay IXP 9333:66 103.116.193.66
  • Trigger member routers to discard (null) route for a specific address. MMIX route servers will ONLY accept /32s with BGP community tagged for MMIX filtering and forward the network prefixes to member routers.
  • The next-hop address used for destination based RTBH filtering. MMIX members should configure their routers to discard the traffic or point to a "null" interface if they received the route with related RTBH community and next hop address.

RTBH Config Guideline for MMIX members

!!!Configuration Example: (For reference only for MMIX members' side)!!!

!

!!Selection of Send RTBH Route!!

!

!To view BGP community in AA:NN format:

ip bgp-community new-format

!

!Configure a static null route for victim host if necessary:

ip route x.x.x.x 255.255.255.255 null0

!

!Configure a community-list for MMIX RTBH:

ip community-list standard CM-MMIX-RTBH permit 9654:66

!

!Configure a prefix-list for MMIX RTBH:

ip prefix-list PRF-RTBH permit x.x.x.x/32

!

!Confugure a outgoing route-map for MMIX RS1 and RS2:

route-map RM-MMIX-OUT permit 10

match ip address prefix-list PRF-RTBH

set community 9654:66 additive

route-map RM-MMIX-OUT permit 100

!!!

!!Section of Accept RTBH Route!!

!!!

!

!Configure a prefix-list for MMIX HOST:

ip prefix-list PRF-MMIX-HOST permit 0.0.0.0/0 ge 32

!

!Configure an inbound route-map for MMIX MMIX RS1 and RS2

route-map RM-MMIX-IN permit 10

match ip address prefix-list PRF-MMIX-HOST

match community CM-MMIX-RTBH

route-map RM-MMIX-IN permit 100

!

!Configure a static null route of reserved 103.116.194.66

ip route 103.116.194.66 255.255.255.255 null 0

interface Null0

no ip unreachables

!!!

!!BGP Configuration!!

!!!

router bgp [ASN]

neighbor [MMIX-RS1] remote-as [MMIX-ASN]

neighbor [MMIX-RS2] remote-as [MMIX-ASN]

!

address-family ipv4

network x.x.x.x mask 255.255.255.255

neighbor [MMIX-RS1] activate

neighbor [MMIX-RS1] send-community

neighbor [MMIX-RS1] route-map RM-MMIX-IN in

neighbor [MMIX-RS1] route-map RM-MMIX-OUT out

neighbor [MMIX-RS2] activate

neighbor [MMIX-RS2] send-community

neighbor [MMIX-RS2] route-map RM-MMIX-IN in

neighbor [MMIX-RS2] route-map RM-MMIX-OUT out

How to verify the configuration:

  • Select Route Server and Enter your profile by clicking Short Name under "Description" row.
  • Select the network prefix "x.x.x.x/x"

Contact Us

MYANMAR INTERNET EXCHANGEBuilding (18), 2nd Floor, MICT Park, Hlaing Campus, Hlaing Township, Yangon, Myanmar.

+959941212340, +959881312340, +959789812340

info@mm-ix.net - service inquiry

noc@mm-ix.net - technical support

billing@mm-ix.net - finance and billing

Members

IXP Manager

Looking Glass

BGP Communities

About Us

Restriction