BGP blackhole service

BGP blackhole service supports the use of a BGP community to trigger destination based blackhole routing.  By tagging routes with our blackhole community, routers will drop traffic destined to networks.  Depending on the BGP community, we can also pass along to transit ISP providers that support blackhole routing.


  • A multihop BGP session used exclusively for announcing blackholed hosts will be used.  We recommend redundant peering to the same PE you connect to for internet or VPN access.
  • Upon reception of the blackhole BGP community, we will rewrite the next-hop to a local discard interface.  The most reliable way to do this is with multihop BGP.
  • While we can technically use the same BGP session as your normal prefix announcement session [if applicable], having two sessions means a misconfiguration of the blackhole BGP session is less likely to affect production traffic.  We can also set more appropriate filters and limits on each session separately.

What can this service do?

  • Drop traffic destined to a local host on your network based on IP address [v4 or v6]

What can this service NOT do?

  • Drop traffic destined to your local host, but only for a certain port

Contact engineers via if you are interested in this service.


KeywordsBGP blackhole service   Doc ID41936
OwnerMichael H.GroupUW System Network
Created2014-07-17 11:09:23Updated2024-02-10 21:22:08
SitesUniversity of Wisconsin System Network
Feedback  1   0