• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • History
    • Partners
    • Testimonials
    • Governance
      • Steering Committee
      • Advisory Group
        • Description and Role
        • Members
      • Community Charter
    • Contact Us
  • Programs
    • Network Operators
      • Network Operators Program and Actions
      • Implementation Guide
      • Participants
      • Join
    • IXPs
      • IXP Program and Actions
      • Participants
      • Join
    • CDN and Cloud Providers
      • CDN and Cloud Providers Program and Actions
      • Participants
      • Join
    • Equipment Vendors
      • Equipment Vendor Program and Actions
      • Participants
      • Join
  • MANRS Ambassadors
  • Resources
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
    • How-to Videos
    • Events
  • Observatory
  • Blog
  • Join

CDN & Cloud Providers Improve Routing Security with Expanded & Improved MANRS Program Actions

March 1, 2021 by Andrei Robachevsky Leave a Comment

Content Delivery Networks (CDNs) and cloud providers exchange traffic with thousands of other networks so data can flow efficiently around the world, and their participation in MANRS amplifies the positive effect they have on routing security and the routing hygiene of networks they peer with.

MANRS launched the CDN and Cloud Providers Program in 2020, setting a baseline of routing security actions they should take. Within months, participants realized they could raise the bar to make the Program stronger and to produce a bigger impact on the Internet. Participants from Akamai, Amazon, Azion, Cloudflare, Comcast, Facebook, Google, Microsoft, Netflix, Verisign, and Vultr came together to strengthen the actions and ask more of each other and their colleagues. Read more about the process in this blog post about the Task Force and its work.

Today, we’re excited to announce that the MANRS Community has adopted the Task Force’s recommendations, and the expanded actions are officially part of the MANRS CDN & Cloud Provider Program as of 1 March 2021. The updated actions set higher expectations for routing security measures by strengthening filtering controls and clarifying their implementation guidelines, encouraging more concrete technical and operational commitments, and facilitating coordination among participants.

The two primary enhancements are:

  • Fostering RPKI as the primary technology for validation of routing information on a global scale
    • CDN and cloud providers commit to use Route Origin Validation (ROV) as part of their filtering policy for peering relationships, and to register all their prefixes in RPKI
  • Improving consistency of route validation based on route objects published in an Internet Routing Registry (IRR), so that peers face a consistent requirement when interconnecting with any MANRS CDN or cloud provider.
    • This defines a standard process for collecting all necessary routing information in order to build an effective filtering policy. In particular, it standardizes the procedure of expanding the AS-SET object, which is used to document the downstream customers of a peer network.

This collaboration also brought in new ideas about how MANRS can develop further. There is an ongoing conversation on how to improve security collaboration between CDN and cloud providers and large global network operators, and on developing common standards for hosted RPKI management infrastructure with major RPKI operators.

If you’re interested in joining as a MANRS participant and getting involved, join here!

Category iconMANRS Participants,  MANRS Publications,  News and Announcements,  Routing Security

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • You’ve Got Mail—MANRS Conformance Reports and Incident Reporting
  • Majority of Announced IPv6 Address Space Now Secured by ROAs
  • RFC 7911 – What happens when routers do not speak the same language
  • The US FCC Asked About Routing Security. Here’s what MANRS Participants Had to Say.
  • Announcing 2022 MANRS Fellows
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on LinkedIn Follow MANRS on YouTube

MANRS Document © 2016–2022