Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF)
RFC 5635
Network Working Group W. Kumari
Request for Comments: 5635 Google
Category: Informational D. McPherson
Arbor Networks
August 2009
Remote Triggered Black Hole Filtering
with Unicast Reverse Path Forwarding (uRPF)
Abstract
Remote Triggered Black Hole (RTBH) filtering is a popular and
effective technique for the mitigation of denial-of-service attacks.
This document expands upon destination-based RTBH filtering by
outlining a method to enable filtering by source address as well.
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Kumari & McPherson Informational [Page 1]
RFC 5635 RTBH Filtering with uRPF August 2009
Table of Contents
1. Introduction ....................................................2
2. Terminology .....................................................3
3. Destination Address RTBH Filtering ..............................3
3.1. Overview ...................................................3
3.2. Detail .....................................................4
4. Source Address RTBH Filtering ...................................7
4.1. Steps to Deploy RTBH Filtering with uRPF for Source
Filtering ..................................................8
5. Security Considerations .........................................9
6. Acknowledgments .................................................9
7. References ......................................................9
7.1. Normative References .......................................9
7.2. Informative References ....................................10
Appendix A. Cisco Router Configuration Sample .....................11
Appendix B. Juniper Configuration Sample ..........................12
Appendix C. A Brief History of RTBH ...............................14
1. Introduction
This document expands upon the technique outlined in "Configuring BGP
to Block Denial-of-Service Attacks" [RFC3882] to demonstrate a method
that allows for filtering by source address(es).
Network operators have developed a variety of techniques for
mitigating denial-of-service (DoS) attacks. While different
techniques have varying strengths and weaknesses, from an
implementation perspective, the selection of which method to use for
each type of attack involves evaluating the tradeoffs associated with
each method.
A common DoS attack directed against a customer of a service provider
involves generating a greater volume of attack traffic destined for
the target than will fit down the links from the service provider(s)
to the victim (customer). This traffic "starves out" legitimate
traffic and often results in collateral damage or negative effects to
other customers or the network infrastructure as well. Rather than
having all destinations on their network be affected by the attack,
the customer may ask their service provider to filter traffic
destined to the target destination IP address(es), or the service
provider may determine that this is necessary themselves, in order to
preserve network availability.
Kumari & McPherson Informational [Page 2]
RFC 5635 RTBH Filtering with uRPF August 2009
One method that the service provider can use to implement this
filtering is to deploy access control lists on the edge of their
network. While this technique provides a large amount of flexibility
in the filtering, it runs into scalability issues, both in terms of
the number of entries in the filter and the packet rate.
Most routers are able to forward traffic at a much higher rate than
they are able to filter, and they are able to hold many more
forwarding table entries and routes than filter entries. RTBH
filtering leverages the forwarding performance of modern routers to
filter more entries and at a higher rate than access control lists
would otherwise allow.
However, with destination-based RTBH filtering, the impact of the
Show full document text