RTBH
Block Type Response Integration
Prior to creating a RTBH plugin, you will need to configure at least 1 device with a unicast BGP neighbor.
Usage
The Remotely Triggered Black Hole (RTBH) block type response integration enables the quick isolation and nullification of malicious traffic. It operates by directing unwanted traffic into a "black hole," effectively protecting the network from potential threats such as denial-of-service (DoS) attacks.
Integrated with Netography's analytics, monitoring, compliance, and reporting tools, RTBH serves as a scalable, cost-effective, and robust solution for maintaining network integrity and security.
Netography Portal Steps
In Settings > Response Integrations, click Add Integration. Select RTBH`
Configuration
The following fields are specific to the RTBH integration.
| Field | Required | Description | Examples |
|---|---|---|---|
Next Hop | yes | 12.12.12.12 | |
Neighbors | yes | IPv4/v6 unicast BGP neighbors configured in the Netography Portal. | |
Communities | yes | One or many BGP communities. | 3232:32 |
Local Preference | yes | Used to choose the exit path for an autonomous system. Default 100 | 100 |
Factors | yes | srcip | |
Expiration | Number of seconds the blocklist will remain active | 3600 | |
Max | Limit on number of blocks | 1000 | |
Allow List | One or many Allow Lists configured in the Netography Portal, or a List of IP or IP/CIDR addresses | ||
Aggregate | Aggregate IP addresses by mask length |
Updated 4 months ago