You use scrubber profiles, blacklist publishers, and blacklist publisher profiles to protect your network by detecting and redirecting DoS and DDoS attacks.

You use scrubber profiles to configure network traffic scrubbing and redirection for your environment, including enabling F5^® Silverline^® DDoS protection. You use blacklist publisher profiles and blacklist publishers to advertise blacklists to routers in your network.

1. Click Configuration > SECURITY > Shared Security > External Redirection > Blacklist Publishers .
2. On the Blacklist Publishers screen, click Create.
   The New Blacklist Publisher screen opens.
3. For the Blacklist Category setting, specify the blacklist category to use.
4. For the Blacklist Publisher Profile setting, select a black list publisher profile to use, if one is defined.
   Using the profile is optional. You can create blacklist publishers without using the profile.
5. Save your work.

1. Click Configuration > SECURITY > Shared Security > External Redirection > Blacklist Publisher Profiles .
2. On the Blacklist Publisher Profiles screen, click Create.
   The New Blacklist Publisher Profile screen opens.
3. In the Name field, type the name of the profile.
4. In the Description field, type a description for the profile.
5. For the Route Domain setting, specify the route domain on which blacklisted addresses are advertised.
6. In the Advertisement Next-Hop field, type an IP address for the next hop IP address of the BGP (Border Gateway Protocol) router to which you want to advertise blacklisted addresses.
7. For the Traffic Group setting, select the traffic group on which you want to advertise blacklisted addresses.
8. Save your work.

1. Click Configuration > SECURITY > Shared Security > External Redirection > Scrubber Profiles .
2. On the Scrubber Profiles screen, click the device name for the scrubber profile to modify.
   Each BIG-IP^® device has only one scrubber profile.
3. On the left, click Properties and modify the settings as needed.
   1. For the Advertisement TTL setting, specify the amount of time, in seconds, that scrubbed IP addresses are advertised to the BGP router or to Silverline DDoS protection.
      • To allow an infinite amount of time, select Infinite.
      • To allow a specific amount of time, select the other option and type the number of seconds to advertise.
   2. For the Silverline setting, select Enabled to use Silverline DDoS protection to offload scrubbed IP addresses, and to display the Silverline configuration properties.
   3. In the URL field, type the URL of the Silverline DDoS account.
   4. In the User field, type the user name for the Silverline DDoS account.
   5. In the Password field, type the password for the Silverline DDoS account.
      Note: In some cases, the value of the Password setting might be falsely displayed as changed when performing an evaluation prior to a deployment. This is due to encryption salt changes, and you can ignore it.
   6. In the Confirm Password field, type the password for the Silverline DDoS account again to confirm it.
4. To create new or edit route domain scrubber definitions, click Route Domains.
   • To create a new route domain scrubber definition, click Create. Then edit the definition to add details, such as the route domain.
   • To edit a route domain scrubber definition, click the pencil icon in the definition row.
   • To delete a route domain scrubber definition, right click in the definition row and select Delete Row.
5. When creating or editing a route domain scrubber definition, specify the route domain scrubber definition settings.
   1. In the Name column, type the optional name of the route domain definition.
   2. In the Route Domain column, select the route domain to use.
   3. In the Scrubbing Threshold column, in the top field, select the type of value: Absolute or Percentage.
   4. In the Scrubbing Threshold column, in the bottom field, specify that the value is Infinite, or select Specify and type a numeric value in Mbps in the provided field.
   5. In the Advertisement Method column, specify the method for this route domain: BGP, Silverline, or None.
   6. In the Scrubber Details column, use the Type setting to specify how to advertise. Your selection determines what other settings are available.
      • To advertise all scrubbed IP addresses to a BGP router, select Advertise All. The IPv4 and IPv6 settings are displayed. Type the IP address of the BGP router in the appropriate field for the IP address.
      • To advertise specific prefixes to a BGP router or to Silverline, select Prefix Specific Advertisement. The IP Address and BGP Scrubber Destination settings are displayed.
        1. In the IP Address field, type the IP address and prefix to be scrubbed, in CIDR notation.
        2. In the BGP Scrubber Destination field, type the IP address of the scrubber. This field is only used when the Advertisement Method is set to BGP.
        3. Click Add to add the entry to the list.

      Note: Scrubber profiles imported from a BIG-IP device might contain the following as IP address values: any, any6, 0.0.0.0, or :: in the route domain scrubber details when Prefix Specific Advertisement is selected. These values are not supported on the BIG-IQ^® Centralized Management system and will cause differences when importing or deploying configurations. You can remove these differences by changing these values to values that BIG-IQ Centralized Management supports. For example, you can replace any and any6 on the BIG-IP device with a blank value on the BIG-IQ Centralized Management system, since all indicate that any IP address is valid for that field.
6. To create or edit virtual server scrubber definitions, click Virtual Servers.
   • To create a new virtual server scrubber definition, click Create. Then edit the definition to add details, such as the virtual server.
   • To edit a virtual server scrubber definition, click the pencil icon in the definition row.
   • To delete a virtual server scrubber definition, right click in the definition row and select Delete Row.
7. Specify the virtual server scrubber definition settings.
   1. In the Name column, type the optional name of the virtual server definition.
   2. In the Virtual Server column, select the virtual server to use.
   3. In the Scrubbing Threshold column, in the top list, select the type of value: Absolute or Percentage.
   4. In the Scrubbing Threshold column, in the bottom field, specify that the value is Infinite, or select Specify and type a numeric value in Mbps in the provided field.
   5. In the Advertisement Method column, select the method for this virtual server.
   6. In the Scrubber Details column, type the IP address of the scrubber. This value is only used when the Advertisement Method is set to BGP.
8. To create or edit blacklist category scrubber definitions, click Categories.
   • To create a new blacklist category scrubber definition, click Create. Then edit the definition to add details, such as the advertisement method.
   • To edit a blacklist category scrubber definition, click the pencil icon in the definition row.
   • To delete a blacklist category scrubber definition, right click in the definition row and select Delete Row.
9. When creating or editing a blacklist category scrubber definition, specify the blacklist category scrubber definition settings.
   1. In the Name column, type the optional name of the blacklist category scrubber definition.
   2. In the Blacklist Category column, select the category to use. In most cases, you will want to select attacked_ips. This is a category created for IP addresses that are under attack.
   3. In the Route Domain column, select the route domain to use.
   4. In the Advertisement Method column, select the method for this blacklist category scrubber definition.
   5. In the Scrubber Details column, if you selected BGP as the advertisement method, type the destination IP address in the IPv4 or IPv6 setting, whichever is appropriate. If you selected another advertisement method, you do not supply any scrubber details.
10. Save your work.