BGP Blackhole Users Guide

The PennREN network implements several BGP communities to allow for traffic engineering by members without requiring the intervention from the PennREN NOC or engineering staff. 

During incidents of network distress, e.g. traffic floods saturating upstream links due to denial of service attacks, a member may desire to signal the upstream routers within PennREN to discard this traffic before it reaches a downstream member.

The community 14877:666 can be added to routes which will signal PennREN routers to discard traffic upon ingress into any of PennREN’s routers.  The only limitation to the use of this community is that the prefix in which the blackhole community is applied to must already be permitted by current ingress prefix filters applied to their BGP session. Any prefix length is supported currently.  Up to /32 for IPv4 and /128 for IPv6. 


A KINBER member is announcing


show route    *[BGP/170] 01:49:40, localpref 140

                      AS path: 65420 I

                    > to via ae0.880


The same KINBER member is suddenly subjected to a denial of service attack wherein the host using IP address is receiving several Gbps per second of traffic which congests the member’s network.

A decision is made by the member to blackhole traffic upstream for packets destined to  The KINBER member then announces with the blackhole community 14877:666 attached to the route.


show route    *[BGP/170] 03:47:16, localpref 140

                      AS path: 65420 I

                    > to via ae0.880   *[BGP/170] 01:14:23, localpref 140, from

                      AS path: 65420 I

                     to Discard


show route detail (1 entry, 1 announced)

        *BGP    Preference: 170/-141


                Next hop type: Discard

                State: <Active Ext>

                Local AS: 14877 Peer AS: 65420

                AS path: 65420 I

                Communities: 14877:666



Any prefix received from a member that has the blackhole community of 14877:666 attached will signal the PennREN routers to discard traffic destined for the advertised prefix before congestion of the member’s network can occur.  Multiple prefixes can be advertised to PennREN with the blackhole community. 

