Security, in general, is a difficult area when it comes to incentives. Security of the global Internet infrastructure, be it DNS or routing, brings additional challenges: the utility of security measures depends on coordinated actions of many other parties.
Throughout the history of the Internet, collaboration among participants and shared responsibility for its smooth operation have been two of the pillars supporting the Internet’s tremendous growth and success, as well as its security and resilience. Technology solutions are an essential element here, but technology alone is not sufficient. To stimulate visible improvements in this area, a greater change towards the culture of collective responsibility is needed.
This document aims to capture this collaborative spirit and provide guidance to network operators in addressing issues of security and resilience of the global Internet routing system. Another important goal is to document the commitment of industry leaders to address these issues, which should amplify the impact as more supporters join.
- Raise awareness and encourage actions by demonstrating commitment of the growing group of supporters
- Promote the culture of collective responsibility for resilience and security of the Internet’s global routing system
- Demonstrate the ability of the industry to address issues of resilience and security of the Internet’s global routing system in the spirit of collective responsibility
- Provide a framework for ISPs to better understand and help address issues related to resilience and security of the Internet’s global routing system
Many different recommendations exist to improve the security and resilience of the inter-domain routing system. Some of the advice can even appear somewhat contradictory and often the key decision can come down to understanding what is most important or appropriate for a given network considering its size and resources, the number of external connections, customers and end-users it has, the size and expertise of its staff, and so forth.
The Expected and Advanced Actions below underline a set of recommendations that are definitely valuable to the overall security and resilience of the global routing system, as well as to the network operator itself. They address three main classes of problems:
- Problems related to incorrect routing information;
- Problems related to traffic with spoofed source IP addresses; and
- Problems related to coordination and collaboration between network operators.
The Expected Actions define a minimum “package” – a set of recommendations that should definitely be implemented by operators supporting this MANRS document. This package is not exhaustive and the expectation is that many network operators are implementing even stronger measures and controls already, or plan to do so in the future. The Advanced Actions later in this document further extend the minimum package.
We are conscious of the fact that any particular Action is not a comprehensive solution to the outlined problems. But each is a small step that, if multiplied by a large number of supporters, can become a significant improvement in the resilience of the global Internet routing system. Therefore the selection of actions was based on an assessment of the balance between small, incremental individual costs and the potential common benefit.
To articulate the specifics of the Expected and Advanced Actions, it is necessary to explicitly define a number of terms, to relate to their general usage in the Internet industry.
- Infrastructure – Operator’s internal networks, which must be reachable on the Internet.
- End User – Networks within an operator’s routing and administrative domain.
- Peer Network – An external network with which traffic is exchanged relating to both your respective Infrastructure, and Customer Networks.
- Transit Network – An external network to which traffic relating to your Infrastructure and Customer Networks is sent, but from which traffic from the Internet in general is received.
- Customer Network – An external network for which an operator provides transit services.
- Single Homed – A single, uncomplicated link between networks, or connecting an End User to the Infrastructure. This represents a single path over which traffic can flow within or between networks.
- Multi Homed – Multiple paths between networks (even multiple networks), or connections between an End User and the Infrastructure; this can create multiple paths over the Infrastructure and the Internet over which traffic can traverse.
- The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet.
- The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions.
- The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions.
- The organization encourages its customers and peers to adopt these Principles and Actions.
1. Prevent propagation of incorrect routing information.
- Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity.
- Network operator is able to communicate to their adjacent networks which announcements are correct.
- Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces.
2. Prevent traffic with spoofed source IP addresses.
- Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network.
3. Facilitate global operational communication and coordination between network operators.
- Network operator maintains globally accessible up-to-date contact information.
4. Facilitate validation of routing information on a global scale.
- Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties.
Elaboration and References
Explanation, discussions, and referances are available on the MANRS Actions for Network Operators page.