Remotely Triggered Black Hole

Remotely Triggered Black Hole (RTBH) is a filtering technique in which TPS mitigator makes peer router aware of an attack on the traffic coming towards a particular destination IP address. Instead of redirecting the traffic through TPS mitigator, edge router drops the attack traffic entering the network. A threshold is set for traffic flow and when the threshold exceeds, Border Gateway Protocol (BGP) routing updates are used to block the whole zone for a specific amount of time.

Setup RTBH

• Go to Configurations >> BGP >> BGP Route Map, and enable RTBH check box to create a specific route map for RTBH mitigation.
  For more information, see Create a BGP Route Map.
• Go to Configurations >> Zone Policies >> Zone Operational Policy, select the oper policy and then use the RTBH Route map drop-down to associate the route-map to be used for RTBH mitigation.
  For more information, see Configure a Zone Operational Policy.
  
• If BGP is enabled, use the drop-down to select the BGP Route map.
  For more information, see Create a BGP Route.
• Go to Configurations >> TPS Other Objects >> Violation Actions, set the duration for a zone to be under RTBH mitigation.
  For more information, see Violation Actions.
  
• Associate the violation action to the zone service level configuration (usually higher levels), so that whenever a specific indicator is violated, TPS mitigator takes the chosen action.

NOTE:

By default, the attack traffic is redirected to TPS mitigators using A10_ Next_ Hop Route map.

NOTE:

The RTBH feature is supported only from TPS Mitigator v5.0.2-P1 and above.