datatracker.ietf.org
Sign in
Version 5.9.0, 2014-12-18
Report a bug

Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF)
RFC 5635

Document type: RFC - Informational (August 2009; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5635 (Informational)
Responsible AD: Ron Bonica
Send notices to: opsec-chairs@tools.ietf.org, draft-ietf-opsec-blackhole-urpf@tools.ietf.org

Network Working Group                                          W. Kumari
Request for Comments: 5635                                        Google
Category: Informational                                     D. McPherson
                                                          Arbor Networks
                                                             August 2009

                 Remote Triggered Black Hole Filtering
              with Unicast Reverse Path Forwarding (uRPF)

Abstract

   Remote Triggered Black Hole (RTBH) filtering is a popular and
   effective technique for the mitigation of denial-of-service attacks.
   This document expands upon destination-based RTBH filtering by
   outlining a method to enable filtering by source address as well.

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Kumari & McPherson           Informational                      [Page 1]
RFC 5635                RTBH Filtering with uRPF             August 2009

Table of Contents

   1. Introduction ....................................................2
   2. Terminology .....................................................3
   3. Destination Address RTBH Filtering ..............................3
      3.1. Overview ...................................................3
      3.2. Detail .....................................................4
   4. Source Address RTBH Filtering ...................................7
      4.1. Steps to Deploy RTBH Filtering with uRPF for Source
           Filtering ..................................................8
   5. Security Considerations .........................................9
   6. Acknowledgments .................................................9
   7. References ......................................................9
      7.1. Normative References .......................................9
      7.2. Informative References ....................................10
   Appendix A. Cisco Router Configuration Sample .....................11
   Appendix B. Juniper Configuration Sample ..........................12
   Appendix C. A Brief History of RTBH ...............................14

1.  Introduction

   This document expands upon the technique outlined in "Configuring BGP
   to Block Denial-of-Service Attacks" [RFC3882] to demonstrate a method
   that allows for filtering by source address(es).

   Network operators have developed a variety of techniques for
   mitigating denial-of-service (DoS) attacks.  While different
   techniques have varying strengths and weaknesses, from an
   implementation perspective, the selection of which method to use for
   each type of attack involves evaluating the tradeoffs associated with
   each method.

   A common DoS attack directed against a customer of a service provider
   involves generating a greater volume of attack traffic destined for
   the target than will fit down the links from the service provider(s)
   to the victim (customer).  This traffic "starves out" legitimate
   traffic and often results in collateral damage or negative effects to
   other customers or the network infrastructure as well.  Rather than
   having all destinations on their network be affected by the attack,
   the customer may ask their service provider to filter traffic
   destined to the target destination IP address(es), or the service
   provider may determine that this is necessary themselves, in order to
   preserve network availability.

Kumari & McPherson           Informational                      [Page 2]
RFC 5635                RTBH Filtering with uRPF             August 2009

   One method that the service provider can use to implement this
   filtering is to deploy access control lists on the edge of their
   network.  While this technique provides a large amount of flexibility
   in the filtering, it runs into scalability issues, both in terms of
   the number of entries in the filter and the packet rate.

   Most routers are able to forward traffic at a much higher rate than
   they are able to filter, and they are able to hold many more
   forwarding table entries and routes than filter entries.  RTBH
   filtering leverages the forwarding performance of modern routers to

[include full document text]