• Skip to primary navigation
  • Skip to main content
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • History
    • Partners
    • Testimonials
    • Governance
      • Steering Committee
      • Advisory Group
        • Description and Role
        • Members
      • Community Charter
    • Contact Us
  • Programs
    • Network Operators
      • Network Operators Program and Actions
      • Implementation Guide
      • Participants
      • Join
    • IXPs
      • IXP Program and Actions
      • Participants
      • Join
    • CDN and Cloud Providers
      • CDN and Cloud Providers Program and Actions
      • Participants
      • Join
    • Equipment Vendors
      • Equipment Vendor Program and Actions
      • Participants
      • Join
  • MANRS Ambassadors
  • Resources
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
    • How-to Videos
    • Events
  • Observatory
  • Blog
  • Join

Join the MANRS CDN and Cloud Provider Program

You are here: Home / MANRS for CDN and Cloud Providers / Join the MANRS CDN and Cloud Provider Program

Requirements for Participation

By joining, you support and commit to the baseline of routing security defined by a set of six security-enhancing actions, of which five are mandatory to implement.

The actions are:

  1. Prevent propagation of incorrect routing information (mandatory)
    1. Baseline Requirement: Ensure correctness of own announcements. Ensure correctness of announcements of their peers (non-transit) and customers by implementing explicit (allow-list) filtering with prefix granularity. (mandatory)
    2. Additional requirements: Participants can further indicate they comply with one or both of the following additional requirements of Action 1: the use of RPKI as a primary source of validating information, and the use of a Standard AS-SET Expansion Process. (recommended)
  2. Prevent traffic of illegitimate source IP addresses (mandatory)
  3. Facilitate global operational communication and coordination (mandatory)
  4. Facilitate validation of routing information on a global scale (mandatory)
  5. Encourage MANRS adoption (mandatory)
  6. Provide monitoring and debugging tools to peering partners (recommended)

For more information about the actions, visit MANRS for CDN and Cloud Providers page.

MANRS CDN&Cloud Provider Program Application

Fields marked with an asterisk (*) are required.
The form can be filled out either in English, or in your native language.
1Operator Information
2MANRS Actions
3Consent & Review
  • Select the countries where your organization is based and/or provides services. We use ISO 3166-1 Alpha-2 country codes.
  • Add each AS Number on its own line by using the "+" key.
  • Upload a .jpg or .png version of your company's logo, suitable for display on a white background. This image will be published with your listing if your application is accepted.
  • Action 1: Prevent propagation of incorrect routing information

    Baseline Requirement:
    Ensure correctness of own announcements. Ensure correctness of announcements of their peers (non-transit) and customers by implementing explicit (allow-list) filtering with prefix granularity. (Mandatory)

    Additional requirements:
    Participants can further indicate they comply with one or both of the following additional requirements of Action 1: the use of RPKI as a primary source of validating information, and the use of a Standard AS-SET Expansion Process. (Recommended)

  • A. RPKI as a primary source of validating information

    For announcements originated by the ISP customer cone, if the ROV outcome is RPKI VALID, accept the route. If the ROV outcome is RPKI INVALID, then filter it. If the outcome is RPKI UNKNOWN, continue with the IRR validation.

    B. Standard AS-SET expansion process:

    1. If a peer-AS has downstream customer ASNs (customer cone ASNs), they are to be gathered through the “as-set” object. The “as-set” (or AS-SETs) will be picked up from PeeringDB, “IRR as-set/route-set" field. The syntax of the name should be IRR-NAME::ASX:AS-SET-NAME, where ASX is the ASN of the peer-AS. If no AS-SET is provided, only the ASN of the peer-AS will be used in the following steps.
    2. All the IRRs mirrored by RADB will be consulted to collect all “route” objects with the “origin:” field matching the ASNs collected in step 1
    3. If the collection of data results in conflicting objects, the following rules apply in the following order until all conflicts are resolved:

      a. The primary IRR specified by IRR-NAME has the priority
      b. AFRINIC, APNIC, ARIN, LACNIC, RIPE have the priority
      c.The most recently updated object has the priority
      d. If further tie breaking is needed, could select the object based on lexicographic order of the IRR DB names.

  • Tell us more about how you implement filtering. This information is used by MANRS to evaluate your application and is not published.
  • What would like you like visitors to the MANRS website to know about your implementation of Action 1?
  • Action 2: Prevent traffic with illegitimate source IP addresses

    CDN/Cloud provider implements anti-spoofing controls to prevent packets with illegitimate source IP address from leaving the network (egress filters).

    Note: There is a difference between CDN and Cloud network with regards to this Action. There is additional challenge for Cloud providers, since they have to monitor and control what a virtual machine can do on the network. This Action requires controls that prevent traffic with illegitimate source IP addresses leaving the Autonomous System of the CDN or Cloud provider.
  • Tell us more about how you validate source addresses. This information is used by MANRS to evaluate your application and is not published.
  • What would like you like visitors to the MANRS website to know about your implementation of Action 2?
  • Action 3: Facilitate global operational communication and coordination

    CDN/Cloud provider maintains globally accessible up-to-date contact information in PeeringDB and relevant RIR databases.
  • Tell us more about your coordination efforts. This information is used by MANRS to evaluate your application and is not published.
  • What would like you like visitors to the MANRS website to know about your implementation of Action 3?
  • Action 4: Facilitate validation of routing information on a global scale

    Publicly document ASNs and prefixes that are intended to be advertised to external parties. Two main types of repositories are IRRs and RPKI. The requirement is to publish this information in at least one type of the repository (there may be more than one appropriate IRR); a recommendation is to maintain in both.
  • Please provide us links to publicly available documentation, if it is available online. This information is used by MANRS to evaluate your application and is not published.
  • What would like you like visitors to the MANRS website to know about your implementation of Action 4?
  • Action 5. Encourage MANRS adoption

    CDN/Cloud provider actively encourages MANRS adoption among the peers.
  • This information is used by MANRS to evaluate your application and is not published.
  • What would like you like visitors to the MANRS website to know about your implementation of Action 5?
  • Action 6. Provide monitoring and debugging tools to the peering partners

    CDN/Cloud provider provides a mechanism to inform peering partners if their announcements did not meet the requirements of the peering policy of the CDN and Cloud provider.
  • Please describe the tool you are using and if it is available publicly or to the peers. This information is used by MANRS to evaluate your application and is not published.
  • What would like you like visitors to the MANRS website to know about your implementation of Action 6?
  • Why did you decide to join MANRS?

  • This testimonial will be published on the website together with your name, your position, your organization name, and your organization's logo.
  • Why did your organization decide to join MANRS? (2000 character maximum)
  • To whom should we attribute the testimonial? If you leave this field blank, we will use your name.
  • Enter the position and company name for the testimonial author. If you leave this field blank, we will use your title and company.
  • The Internet Society is requesting your personal data to be able to communicate with you about your membership in the MANRS initiative. We will only use this information for the reasons above unless you consent to us using this information in other ways. You may always rescind your consent, per our Privacy Statement.
  • The MANRS mailing list is for people interested in helping with the further development of the MANRS documents and initiative. Topics of discussion may include improvements to the web portal, development of new Actions, suggesting and developing supporting documentation, and general publicity/advocacy activities related to MANRS. All who want to help move the initiative forward are welcome to join!
  • This field is for validation purposes and should be left unchanged.

MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on LinkedIn Follow MANRS on YouTube

MANRS Document © 2016–2022