What BGP Blackholing Is
BGP blackholing (also called RTBH - Remotely Triggered Black Hole routing) is a technique where a network operator announces a /32 host route tagged with a specific community value that tells upstream providers to drop all traffic destined for that IP.
The result: 100% of traffic to the targeted IP is discarded at the edges of the internet, before it ever reaches the network. The attack is neutralized.
The cost: 100% of traffic to that IP is discarded. Including your players.
How Blackholing Is Used in Practice
When a large-volume attack exceeds what a scrubbing center can handle - or when no scrubbing capacity is available - blackholing is the last resort. The targeted server becomes unreachable, but the attack traffic no longer saturates the upstream links, protecting the rest of the network.
Most ISPs and transit providers will blackhole a target under attack at no notice, sometimes without asking, to protect their infrastructure from collateral congestion.
For game server operators, this is typically the worst possible outcome: the attack succeeded in taking the server offline, and the mitigation method also took the server offline.
When Blackholing Is the Right Tool
Blackholing is appropriate when:
- The traffic volume exceeds scrubbing capacity - a 500Gbps attack against a 100Gbps scrubber requires blackholing to protect the network
- The service is non-real-time - a mail server or backup endpoint that can tolerate downtime during an attack
- The attack is against infrastructure, not a service - protecting a router or transit link rather than an application
- It's a temporary measure - buying time while a more permanent mitigation is deployed
For these cases, blackholing is the correct and efficient response.
Why Blackholing Fails Game Server Operators
Game servers need continuous availability. A 5-minute blackhole during an attack means 5 minutes of every player disconnecting, losing progress, and potentially not returning.
The economics of game server operation make this especially damaging:
- Player retention is directly tied to uptime consistency
- Attack campaigns often target servers during peak hours
- Repeated blackhole events train players to expect instability
- Negative reviews citing "constant disconnections" persist long after attacks stop
A server that can be taken offline on demand by any attacker willing to sustain a flood is not a viable commercial product.
Always-On Filtering: The Alternative Architecture
Always-on inline filtering processes every packet continuously. When an attack begins:
- No upstream announcement changes
- No traffic path changes
- No service interruption
- Attack packets are dropped by filtering hardware
- Legitimate packets continue to your server
The critical difference: the mitigation happens at the hardware level, inline, without changing the traffic path. There is no handoff, no rerouting, no detection window.
The Capacity Question
Always-on filtering has a capacity limit - the scrubbing capacity of the deployed hardware. Zero.ms operates 1 Tbps+ of filtering capacity at the Bucharest PoP, with more across planned locations.
For attacks that exceed scrubbing capacity, selective blackholing of the attack source prefixes (rather than the destination) combined with inline filtering is the correct architecture. This drops traffic from identified attack sources while legitimate traffic continues through the filtering pipeline.
Latency Impact Comparison
| Method | Added Latency | Service During Attack |
|---|---|---|
| No protection | 0ms | Server offline or degraded |
| On-demand scrubbing | 10–40ms (always) | Disrupted during mitigation window |
| BGP blackholing | 0ms | Server completely offline |
| Always-on inline filtering | <1ms | Unaffected |
Summary
BGP blackholing is a legitimate and sometimes necessary tool for network operators protecting infrastructure. It is not a viable primary protection strategy for game servers where player connectivity is the product.
Always-on inline filtering is the correct architecture for game server DDoS protection: it eliminates the detection window, adds no measurable latency, and keeps players connected during attacks. The trade-off is cost and complexity - it requires dedicated filtering hardware and expertise to operate correctly.
If a DDoS protection provider's primary mitigation strategy is blackholing, that provider is not suitable for game server workloads.