DDos (Distributed Denial-of-Service) has become one serious attacks in the internet world today. Unfortunately, there is no mechanism in BGP which is used as Inter-Domain protocols to detect and block DDos automatically.
In order to block certain IP Address, Customer NOC must manually block and hiding which ip address under attack.
There was RFC to identify how to hiding some ip address subnet. one is rfc3882, created in 2004 but still applicable today.
The idea is create BGP blackhole community and influence next-hop address of IP Address which is under attacks.
This parts definitely need cooperation between ISP and customers.
ISP need to configured blackhole BGP community and then change next-hop address which is match BGP blackhole community to discards interface.
Customers need to send IP Address (Usually subnet /32) with community Blackhole to ISP.
When customer detects DDos attacks, they will send only /32 ip address to the ISP with BGP blackhole community. ISP detect subnet with BGP blackhole community and change the next-hop to discards interface. So, when all packet from internet coming in to specific /32 IP Address, ISP router will forward it to discards interface. The packet then never reach it destination.
This was just basic Idea, you should be able to improve and make it flexibility to your network.
