RTBH

aurologic flowAnalyzer uses traffic byte and packet counting to calculate the current ingress bandwidth for every host with a specific amount of present flow messages. Based on that, various mitigation methods are being triggered. RTBH serves as protection of the network layer to avoid links getting saturated by extraordinary large attacks. The limit in that case is either a general one or per-source-vlan. Per Source V-Lan, as every upstream/peering usually uses it's own very different virtual lan on typical network infrastructure. In that case, sflow allows distinguishing ingress traffic in different buckets.

Please note: RTBH is a last-resort mitigation method and protects the infrastructure from unwanted saturation. It's not a common mitigation method and serves as last resort to protect overall infrastructure stability.