Join the MANRS CDN and Cloud Provider Program

Requirements for Participation

By joining, you support and commit to the baseline of routing security defined by a set of six security-enhancing actions, of which five are mandatory to implement.

The actions are:

Prevent propagation of incorrect routing information (mandatory)
1. Baseline Requirement: Ensure correctness of own announcements. Ensure correctness of announcements of their peers (non-transit) and customers by implementing explicit (allow-list) filtering with prefix granularity. (mandatory)
2. Additional requirements: Participants can further indicate they comply with one or both of the following additional requirements of Action 1: the use of RPKI as a primary source of validating information, and the use of a Standard AS-SET Expansion Process. (recommended)
Prevent traffic of illegitimate source IP addresses (mandatory)
Facilitate global operational communication and coordination (mandatory)
Facilitate validation of routing information on a global scale (mandatory)
Encourage MANRS adoption (mandatory)
Provide monitoring and debugging tools to peering partners (recommended)

Before applying, please read the full list of MANRS Actions at MANRS for CDN and Cloud Providers.

MANRS CDN&Cloud Provider Program Application

Fields marked with an asterisk (*) are required.
The form can be filled out either in English, or in your native language.

1Operator Information

2MANRS Actions

3Consent & Review

Organization Name*
Organization Website*
Areas Served*
Select the countries where your organization is based and/or provides services. We use ISO 3166-1 Alpha-2 country codes.
AS Number(s) of Your Networks*
Add each AS Number on its own line by using the “+” key.
Organization Logo
Upload a .jpg or .png version of your company’s logo, suitable for display on a white background. This image will be published with your listing if your application is accepted.
Contact Name*
First Last
Contact Job Title
Contact Email*

Action 1: Prevent propagation of incorrect routing information
Baseline Requirement:
Ensure correctness of own announcements. Ensure correctness of announcements of their peers (non-transit) and customers by implementing explicit (allow-list) filtering with prefix granularity. (Mandatory)

Additional requirements:
Participants can further indicate they comply with one or both of the following additional requirements of Action 1: the use of RPKI as a primary source of validating information, and the use of a Standard AS-SET Expansion Process. (Recommended)
Has your organization implemented Action 1?*
- Yes, we prevent propagation of incorrect routing information.
- Yes, we use RPKI as a primary source of validating information? [Optional]
- Yes, we implement the Standard AS-SET expansion process [Optional]
A. RPKI as a primary source of validating information

For announcements originated by the ISP customer cone, if the ROV outcome is RPKI VALID, accept the route. If the ROV outcome is RPKI INVALID, then filter it. If the outcome is RPKI UNKNOWN, continue with the IRR validation.

B. Standard AS-SET expansion process:
1. If a peer-AS has downstream customer ASNs (customer cone ASNs), they are to be gathered through the “as-set” object. The “as-set” (or AS-SETs) will be picked up from PeeringDB, “IRR as-set/route-set” field. The syntax of the name should be IRR-NAME::ASX:AS-SET-NAME, where ASX is the ASN of the peer-AS. If no AS-SET is provided, only the ASN of the peer-AS will be used in the following steps.
2. All the IRRs mirrored by RADB will be consulted to collect all “route” objects with the “origin:” field matching the ASNs collected in step 1
3. If the collection of data results in conflicting objects, the following rules apply in the following order until all conflicts are resolved:
  a. The primary IRR specified by IRR-NAME has the priority
  b. AFRINIC, APNIC, ARIN, LACNIC, RIPE have the priority
  c.The most recently updated object has the priority
  d. If further tie breaking is needed, could select the object based on lexicographic order of the IRR DB names.
To speed up the application review process, network operators must provide a detailed description of how they prevent the propagation of incorrect routing information, by answering the mandatory questions below:
Describe your implementation of Action 1. (Confidential)*
If prefix filters are used, what are the mechanisms for generating them? If not, what kind of controls are used? (Confidential, Mandatory)
How frequently are these filters updated? (Confidential, Mandatory)*
How frequently are these filters updated? (Confidential, Mandatory)
What mechanism is used to check that a customer legitimately holds the ASN and IP blocks they intend to announce? (Confidential, Mandatory)*
What mechanism is used to check that a customer legitimately holds the ASN and IP blocks they intend to announce? (Confidential, Mandatory)
Other implementation details (Confidential, Optional)*
Other implementation details (Confidential, Optional)
Comment on Action 1 (Public)*
What would like you like visitors to the MANRS website to know about your implementation of Action 1?
Action 2: Prevent traffic with illegitimate source IP addresses
CDN/Cloud provider implements anti-spoofing controls to prevent packets with illegitimate source IP address from leaving the network (egress filters).

Note: There is a difference between CDN and Cloud network with regards to this Action. There is additional challenge for Cloud providers, since they have to monitor and control what a virtual machine can do on the network. This Action requires controls that prevent traffic with illegitimate source IP addresses leaving the Autonomous System of the CDN or Cloud provider.
Has your organization implemented Action 2?*
- Yes, we prevent traffic with illegitimate source IP addresses.
Describe your implementation of Action 2. (Confidential)*
Tell us more about how you validate source addresses. This information is used by MANRS to evaluate your application and is not published.
Comment on Action 2 (Public)*
What would like you like visitors to the MANRS website to know about your implementation of Action 2?
Action 3: Facilitate global operational communication and coordination
CDN/Cloud provider maintains globally accessible up-to-date contact information in PeeringDB and relevant RIR databases.
Has your organization implemented Action 3?*
- Yes, we facilitate global operational communication and coordination.
Describe your implementation of Action 3. (Confidential)*
Tell us more about your coordination efforts. This information is used by MANRS to evaluate your application and is not published.
Comment on Action 3 (Public)*
What would like you like visitors to the MANRS website to know about your implementation of Action 3?
Action 4: Facilitate validation of routing information on a global scale
Publicly document ASNs and prefixes that are intended to be advertised to external parties. Two main types of repositories are IRRs and RPKI. The requirement is to publish this information in at least one type of the repository (there may be more than one appropriate IRR); a recommendation is to maintain in both.
Has your organization implemented Action 4?*
- Yes, we document ASNs and prefixes that are intended to be advertised to external parties in the IRR
- Yes, we document ASNs and prefixes that are intended to be advertised to external parties in the RPKI
Describe your implementation of Action 4. (Confidential)*
Please provide us links to publicly available documentation, if it is available online. This information is used by MANRS to evaluate your application and is not published.
Comment on Action 4 (Public)*
What would like you like visitors to the MANRS website to know about your implementation of Action 4?
Action 5. Encourage MANRS adoption
CDN/Cloud provider actively encourages MANRS adoption among the peers.
Has your organization implemented Action 5?*
- Yes, we actively encourage MANRS adoption among the peers.
Describe your implementation of Action 5. (Confidential)*
This information is used by MANRS to evaluate your application and is not published.
Comment on Action 5 (Public)*
What would like you like visitors to the MANRS website to know about your implementation of Action 5?
Action 6. Provide monitoring and debugging tools to the peering partners
CDN/Cloud provider provides a mechanism to inform peering partners if their announcements did not meet the requirements of the peering policy of the CDN and Cloud provider.
Has your organization implemented Action 6?
- Yes, we provide monitoring and debugging tools to the peering partners.
Describe your implementation of Action 6. (Confidential)
Please describe the tool you are using and if it is available publicly or to the peers. This information is used by MANRS to evaluate your application and is not published.
Comment on Action 6 (Public)*
What would like you like visitors to the MANRS website to know about your implementation of Action 6?

Global
AD
AE
AF
AG
AI
AL
AM
AO
AQ
AR
AS
AT
AU
AW
AX
AZ
BA
BB
BD
BE
BF
BG
BH
BI
BJ
BL
BM
BN
BO
BQ
BR
BS
BT
BV
BW
BY
BZ
CA
CC
CD
CF
CG
CH
CI
CK
CL
CM
CN
CO
CR
CU
CV
CW
CX
CY
CZ
DE
DJ
DK
DM
DO
DZ
EC
EE
EG
EH
ER
ES
ET
EU
FI
FJ
FK
FM
FO
FR
GA
GB
GD
GE
GF
GG
GH
GI
GL
GM
GN
GP
GQ
GR
GS
GT
GU
GW
GY
HK
HM
HN
HR
HT
HU
ID
IE
IL
IM
IN
IO
IQ
IR
IS
IT
JE
JM
JO
JP
KE
KG
KH
KI
KM
KN
KP
KR
KW
KY
KZ
LA
LB
LC
LI
LK
LR
LS
LT
LU
LV
LY
MA
MC
MD
ME
MF
MG
MH
MK
ML
MM
MN
MO
MP
MQ
MR
MS
MT
MU
MV
MW
MX
MY
MZ
NA
NC
NE
NF
NG
NI
NL
NO
NP
NR
NU
NZ
OM
PA
PE
PF
PG
PH
PK
PL
PM
PN
PR
PS
PT
PW
PY
QA
RE
RO
RS
RU
RW
SA
SB
SC
SD
SE
SG
SH
SI
SJ
SK
SL
SM
SN
SO
SR
SS
ST
SV
SX
SY
SZ
TC
TD
TF
TG
TH
TJ
TK
TL
TM
TN
TO
TR
TT
TV
TW
TZ
UA
UG
UM
US
UY
UZ
VA
VC
VE
VG
VI
VN
VU
WF
WS
YE
YT
ZA
ZM
ZW

Requirements for Participation

MANRS CDN&Cloud Provider Program Application

Action 1: Prevent propagation of incorrect routing information

Action 2: Prevent traffic with illegitimate source IP addresses

Action 3: Facilitate global operational communication and coordination

Action 4: Facilitate validation of routing information on a global scale

Action 5. Encourage MANRS adoption

Action 6. Provide monitoring and debugging tools to the peering partners

Why did you decide to join MANRS?