Equipment vendors play an important role in improving security of the routing system. Availability of security controls, ease of their configuration and support are just a few areas where their contribution is essential.
Unfortunately, many desired features in the area of routing security lack a “business case” that impacts their availability and time to market. Vendors usually respond to the level a feature is requested by their customers, or by generally accepted feature set in the industry.
MANRS can provide several benefits in this respect:
- MANRS can help to articulate common baseline requirements for routing security features agreed by a wide community of network operators (MANRS constituency). This may serve as a motivating factor, both as an industry accepted set and as a response to a wide consumer need.
- MANRS can help with signaling the level of security awareness and support for routing security, having a positive impact on the company image (specifically in the netops community) and potentially facilitating selection/procurement processes by third parties.
For MANRS, it can create a very important partner, an ambassador of the principles and specific actions that MANRS requires.
Since active contribution to the security of the global routing system is one of the fundamental requirements for joining MANRS a set of Actions applicable to equipment vendors needs to be developed.
The Equipment Vendor Program Action Set
Action 1. Provide solutions for the implementation of specific MANRS Actions by other participants (Mandatory)
Implementation of several actions in existing MANRS Programs (Network Operators, IXPs, CDN and Cloud Providers) depends on the availability of relevant features in the network equipment. In this document we call it a scenario.
Specifically, the following Actions require such support:
|Scenario 1 Filtering||Network Operators||Action 1. Prevent propagation of incorrect routing information|
|CDN and Cloud Providers||Action 1. Prevent propagation of incorrect routing information|
|Scenario 2 Anti-spoofing||Network Operators||Action 2: Prevent traffic with spoofed source IP addresses|
|CDN and Cloud Providers||Action 2. Prevent traffic with illegitimate source IP addresses|
|Scenario 3 Filtering (IXP)||IXPs||Action 1. Prevent propagation of incorrect routing information. (Route Server)|
|Scenario 4 Protect L2 (IXP)||IXPs||Action 3. Protect the peering platform (layer 2)|
Conformance will be tested by checking the description of a solution for a specific scenario, expressed as a set of commands or a configuration snippet. An equipment vendor may support multiple operating systems and multiple product lines and not all features may be implemented across the board. In such cases it should be stated which OS or a product line support a specific scenario.
It is important to note that the solutions provided as part of the application process in no way represent a technical specification. The actual set of features depends on the specific platform that is being used. Even for a single OS not all the products may support the full feature set.
Action 2. Promote MANRS through training and technical content (Mandatory)
Conformance will be tested by providing links to technical content, the training syllabus, a pointer to the description of a certification program. At least one commitment should be checked.
- Reference MANRS and its implementation in relevant training courses. This could range from a short introduction to MANRS to a full course on how to implement MANRS Actions.
- Provide ongoing support for the MANRS virtual lab. In particular, provide VM images of the vendor OS and licenses for use in the lab.
- Reference MANRS in published technical resources. This may be technical articles, blogposts and other types of publications.
- Include an exercise of configuring MANRS in the practical section of the training
Participation in ongoing activities
While not formalised as Actions, equipment vendors joining MANRS intend to active participation in the following types of activities:
- Advisory: To advise members on how best to use features of routing equipment to achieve the desired results. To review and improve router configuration examples in MANRS documents.
- Development: To respond to problem statements of members and to help develop solutions to those problems.
- Contribution: To contribute to the development of the MANRS resources, such as the Implementation Guide and the MANRS Virtual Lab.
- Promotion: Promote MANRS by various means, such as by indicating vendor participation in MANRS on the corporate website, at customer events, trade shows and other types of relevant activities. Examples are displaying the MANRS logo on the website on vendor’s promotional SWAG, or offering a presentation slot or space for a poster.