MANRS Observatory and MANRS Lab to Launch in 2019
Washington, D.C. – 4 December 2018 – The Internet Society, a global non-profit organization dedicated to the open development, use and evolution of the Internet, today announced that the number of network operators that have agreed to Mutually Agreed Norms for Routing Security (MANRS) has surpassed 100, with each participating operator representing dozens, hundreds or even thousands of autonomous system numbers (ASNs). On 17 October, the 100th participant, Magticom agreed to take the four actions specified by the MANRS initiative to improve the resilience and security of the Internet’s routing infrastructure. Launched four years ago with a group of nine operators, MANRS membership doubled in 2018. This year the initiative expanded to include Internet Exchange Providers (IXPs) and now the total number of participants stands at 114 with 26 IXPs committed to the MANRS IXP Programme.
The Internet Society, which supports the global MANRS initiative, is encouraged that more than 50 network operators joined MANRS in 2018 alone. By taking recommended actions on filtering, anti-spoofing, coordination and global validation, the new participants enabled the MANRS initiative to double its engagement and secure a much larger portion of the global Internet. “We set this goal to demonstrate that we can facilitate an exponential growth, which is an indication of a snowball effect,” said Ms. Salam Yamout, the Internet Society’s Lead for the MANRS initiative. “These independent network operators have shown that when we work together, we can protect the public core of the Internet.”
The growing number of network incidents over the past year underscores the importance of MANRS and the Internet Society has accelerated efforts to promote this initiative globally. These include a white paper on “Internet Routing with MANRS” by former IETF chair Fred Baker, an explanatory video on route hijacking, route leaks and IP address spoofing; and its MANRS Best Current Operational Practices (BCOP) guide became Document 706 in the Réseaux IP Européens (RIPE) Network Coordination Centre. The organization also amplified its outreach to network operators and IXPs and published a paper on Routing Security for Policymakers. As a result of these resources, operators have greater insight into the four MANRS Actions associated with membership.
The MANRS initiative expects participating operators to complete the first three of the following actions, with the fourth considered an extension of the minimum package:
- Prevent propagation of incorrect routing information. Operators can ensure the correctness of their own announcements and those from their customers to adjacent networks through various network routing prefix filtering techniques.
- Prevent traffic with spoofed source IP addresses. Operators can implement a system enabling source address validation, such as unicast reverse path forwarding (uRPF) and anti-spoofing filtering, to prevent packets with incorrect source IP addresses from entering and leaving the network.
- Facilitate global operational communication and coordination between network operators. This common but effective way of addressing problems in Internet routing simply entails an operator noticing an issue and then calling someone who is able to fix it.
- Facilitate validation of routing information on a global scale. This advanced action requires operators to have publicly documented routing policy, ASNs and prefixes intended to be advertised to external parties. Global validation tools could include Internet Routing Registries (IRRs) and Resource Public Key Infrastructure (RPKI).
Additional momentum for the MANRS initiative comes from the growing participation in the IXP Programme. Launched in April 2018, this programme broadens support by introducing a separate membership category for IXPs. All 26 current participants in this programme have committed to preventing the propagation of incorrect routing information and promoting MANRS amongst their membership. IXP Programme participants also agree to take action either to protect the peering platform, facilitate global operational communication and coordination, or provide monitoring and debugging tools to their members.
The successful adoption of MANRS among both network operators and IXPs indicates that challenges involving routing security, such as the need for collective action and a lack of market differentiation, have not proved insurmountable. Related governmental efforts may also be contributing to the momentum this year. The U.S. National Institute of Standards and Technology (NIST) special publication 1800-14, “Protecting the Integrity of Internet Routing,” for instance, calls for path validation via several techniques, including Border Gateway Protocol Security (BGPSec), which align with MANRS.
Looking ahead, the Internet Society plans to support continued growth through MANRS Lab, an online course that will offer network engineers implementation guidance for MANRS Actions. It also intends to deploy MANRS Observatory, a tool that will monitor and report on the security and resilience of the Internet system and its evolution with a view toward tracking the overall level of routing hygiene, adherence to MANRS Actions and identification of problematic areas.
Network operators interested in joining the MANRS initiative can sign up online, at no cost. Internet Exchange Providers interested in the IXP Programme are encouraged to visit www.manrs.org/ixps to learn more and join.
- “Internet Routing with MANRS,” an Internet Society white paper by former IETF Chair and Cisco Fellow Fred Baker, November 2018
- “Routing Security for Policymakers,” an Internet Society white paper, October 2018
- Video: Routing Security and How MANRS Can Help, June 2018
- MANRS Best Current Operational Practices (BCOP), published as RIPE-706, June 2018
- Promote MANRS
About the Internet Society
Founded by Internet pioneers, the Internet Society (ISOC) is a non-profit organization dedicated to ensuring the open development, evolution and use of the Internet. Working through a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access. The Internet Society is also the organizational home of the Internet Engineering Task Force (IETF).