I was wondering if is there any solutions or somehow to do it.
We have 2 ISP, ISP 1 and ISP 2, on the ISP 2 we have service from them directly DDOS Protection and Mitigation, UDP/Layer 7…etc
When we have DDOS on the ISP 1 the DDOS Its still coming on the ISP 2 we get alerts from them theat IP x is under attack and they cleaning the traffic.
The problem is on the ISP 1 cuz it just strugle the connection when is under DDOS.
If we announge true BGP the IP Range not to be announced true ISP 1 any more all is ok the entire traffic of the ip range go true ISP 2 and it cleans the traffic.
My question is, is there a way to announce only 1 IP /32 and not the Entire /24 to go true ISP 2 ?
When we have DDOS its only on 1 IP and we whant only thie problem ip to go or be routed on the ISP 2 and not the entire ip range.
You can announce any prefix to your ISP. There is no limitation for vyos.
But that won’t work because your ISP-X re-announced your prefixes to other own ISP’s, IX etc.
So they expected min /24 prefixes, without it they can’t receive /24 prefix. Without this, your announcements will not appear in the world via ISP-X.
You can try to set “as-path-prepend xxx xxx xxx xxx” in the policy-map for export via ISP1.
Where xxx - your ASN. Preferred traffic will be through the ISP2.
Another idea is to think about some automatization for it when ddos detected it shutdown ISP1 or disable export prefix to ISP1.
I talk today with guys from Voxility to implement theyr DDOS Protection to us and i didnt sayed them i use vyos and i asked them like, ok so how dose it this works the protection and they told me : You will brig up an BGP Session on your router from us and if 1 ip /32 get DDOS you just anounce the ip true us we filter all the bad traffic and we return back clean traffic.
Today i implement the protection on the ISP 2, they have ddos protection vrom Voxility, but in this sutiation ISP 2 they have protection mode on detect they clean it, they provide me 2vlans and 2 bgp sessions, one of the it has only 12 rules/tables the other one is the same like before we changed/implemented true them.
So somehow what i was asking on the topic there is some sort of solution, i dont know if its on an specific router type or any other infos cuz i didnt ask to be onest, and i know other providers they have like: 6 ISP and same protection from Voxility, if 1 ip get ddos, they annouce this ip on the Voxility session and done.
I dont know why for some ppl this is some kind of secret i even offer money for the solution and they just dont whant to say how they do it or what type of routers, soft they use
How they will know about /24 prefix and how traffic from other providers will be getting to this prefix if they have only /32 route without /24?
It is not clear to me.
Let us know if this works for you.
As I understand in one session you announce /24
In another bgp session you announce only /32 which you want to protect and there is limit to 12 such addresses.
