Has anyone successfully implemented send RTBH from RouterOS to the upstream provider?
Could you share your experience?
Many thanks.

PS: My upstream provider is PACNET, they give me a CISCO document
http://www.cisco.com/c/dam/en/us/produc ... 313fac.pdf

We use RTBH via private ASN BGP to our providers blackhole server which also propagates further upstream to their transits.

The way we do this is to have a routeros x86 box in our providers colo which peers with their blackhole server, we then run BGP over l2tp tunnels from our edge and our core router via a redundant backup internet link, this means should an attack take down our fibre links we can still trigger the RTBH, to trigger the RTBH all is needed is a /32 IGP route with BGP MED 666 on either the edge or core router, we have written a php script using the API so it can be done easily. Routing filters accept BGP routes with BGP MED 666 and send them to the x86 colo router which adds the correct BGP community and redistributes to our providers blackhole server.

We also use firewall rules for monitoring to detect attacks, when triggered the dst address is added to an address list and a script runs which then automatically triggers the blackhole by adding the correct route.

We can also trigger the RTBH from our x86 colo router directly, another php script hosted on the colo server allows our engineers to login from anywhere should our edge and core router be unresponsive or the l2tp tunnels be down.

Hopefully that gives you some ideas, but basically you just need to add a peer and send a /32 route with the blackhole community set.

Basically if I want to test it: then 123.123.123.123 will be blackhole from my upstream?