MANRS for CDN and Cloud Providers
Apply NowContent Delivery Networks (CDNs) and cloud providers exchange traffic with thousands of other networks so data can flow efficiently around the world, which puts them in a unique position to help to secure the global Internet.
The MANRS CDN and Cloud Provider Program outlines concrete actions they can take to amplify the positive effect they have on routing security, and the routing hygiene of networks they peer with.
Participation helps by requiring egress routing controls so networks can prevent incidents from happening. Leveraging peering power can have significant positive spillover effect on the routing hygiene of networks they peer with.
Actions
- Filtering. Ensure correctness of your announcements and your non-transit peers by implementing explicit (whitelist) filtering with prefix granularity
- Anti-spoofing. Implement anti-spoofing controls to prevent packets with illegitimate source IP addresses from leaving the network (egress filters)
- Coordination. Maintain globally accessible, up-to-date contact information in common routing databases
- Global Validation. Publicly document ASNs and prefixes that are intended to be advertised to external parties (IRR and/or RPKI)
- Promotion. Actively encourage MANRS adoption among peers.
- Tools. Provide monitoring and debugging tools to peering partners
Testimonials
Internet has vastly grown in size over the last two decades. Although the tools nowdays exist, many providers have not taken the correct steps in order to address critical security issues. MANRS is the right way for network and cloud providers to further engage with internet security and make the internet safer for everyone. Hostmein IKE is a leading Greek cloud and data center provider providing mission critical services. Security for Hostmein is a critical aspect. MANRS actively helped us implement a better security policy for our network by setting the correct guidelines.
CTOGoCache has always been committed to implementing best practices and we strongly believe we can build a secure network if everyone contributes to this same goal. By joining the MANRS community, we reassure this commitment and encourage others to do the same.
Network Engineer, GoCacheToday's society relies more and more on the Internet. It is therefore crucial that the stability and security of global routing is further increased. The MANRS initiative offers real added value in this respect by providing guidance and raising awareness among network operators.
CEOBeing MANRS compliant not only improves our routing security capabilities, but has the potential to help other networks to improve theirs and is an opportunity for Akamai to make a significant contribution to the improvement of global routing security.
The Internet is humanity's greatest collective work! For Azion that is part of this ecosystem, of this collective work and ensuring that Internet traffic is routed reliably worldwide is an essential element for a reliable global Internet. Based on common network operating practices currently in effect, the global Internet routing system does not have sufficient security controls to prevent the injection of false routing information. The lack of these controls creates a significant vulnerability, which can result in thousands of traffic incidents. The MANRS initiative, promoted by the Internet Society, overcomes this collective problem by establishing a security baseline with concrete actions for network operators. The actions are supported by a growing community of more than 200 networks worldwide. Currently, there are more than 7,000 autonomous systems in Brazil, country of Azion's origin, with only 33 of these autonomous systems participating in MANRS. The idea is to expand the number of companies involved so that, together, they can work to make the Internet a safe environment. This is Azion's main objective in participating in MANRS.
Network Planning Director, AZIONParticipants
