uwsys.net supports the use of a BGP community to trigger destination based blackhole routing.  By tagging routes with our blackhole community, uwsys.net routers will drop traffic destined to networks.  Depending on the BGP community, we can also pass along to transit ISP providers that support blackhole routing.

Requirements:

• A multihop BGP session used exclusively for announcing blackholed hosts will be used.  We recommend redundant peering to the same PE you connect to uwsys.net for internet or VPN access.
• Upon reception of the uwsys.net blackhole BGP community, we will rewrite the next-hop to a local discard interface.  The most reliable way to do this is with multihop BGP.
• While we can technically use the same BGP session as your normal prefix announcement session [if applicable], having two sessions means a misconfiguration of the blackhole BGP session is less likely to affect production traffic.  We can also set more appropriate filters and limits on each session separately.

What can this service do?

• Drop traffic destined to a local host on your network based on IP address [v4 or v6]

What can this service NOT do?

• Drop traffic destined to your local host, but only for a certain port

Contact engineers via uwsys.net if you are interested in this service.