10 or more years ago I used to do some very simple DDoS prevention with AS:<666> communities and propagating upstream.

Not a solution but took the traffic off our upstream/peering links for everybody else’s benefit.

It would be useful to get an overview of those tech and implementation/approaches.

---

I see that “ddos mitigation with blackholing” in in the list, but I think that BGP Flowspec would be a more interesting and modern topic.

---

I wonder if you could include a discussion on how CloudFlare operate as well as perhaps Arbor, now known as NetScout for scrubbing.

More Information

• What is DDoS blackhole routing?
• BLACKHOLE Community (RFC 7999)
• Configuring BGP to Block Denial-of-Service Attacks (RFC 3882)
• Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (RFC 5635)
• Practical usage of the Blackhole Community