MANRS

Mutually Agreed Norms for Routing Security

Network operators across the globe have already committed to the MANRS initiative and implemented the Actions defined in the MANRS document.

← Go back

edisonlee55

edisonlee55 Website

https://www.edisonlee55.com

Areas Served: CN, DE, JP, TW, US

ASNs

  • 212425
  • 212279

Implementation of MANRS Actions

Action 1: Prevent propagation of incorrect routing information

We implement prefix filters by using bgpq3, which generates filters for our networks and customers' networks.

We also filtered bogon ASNs, bogon prefixes, small prefixes (smaller than 24 [IPv4] or /48 [IPv6]), long AS path (longer than 100 AS numbers), and RPKI invalid route.

Our import/export routes are controlled by using the BGP (large) community.

We required our self and customers to maintain valid and up-to-date IRR objects (mnt, aut-num, as-set, route, route6...) in the RIR routing registry, RADB, or a RADB-mirrored IRR. Therefore, we are able to check the legitimacy of a route announced by us or a customer by using automatic tools (bgpq3 or self-implemented tools). Besides, we required our self and encourage our customers to add ROA (RPKI) to their own prefixes.

LOA (Letter of Authorization) and WHOIS (IRR) verification process are also implemented for customers' prefixes.

Action 2: Prevent traffic with spoofed source IP addresses

We validate source IP addresses by implementing iptables rpfilter, Linux Kernel rp_filter, and Juniper rpf-check.

We also run anti-spoofer checks using CAIDA Spoofer Software on an ongoing basis. At least two network segments with public IP addresses blocked spoofed packets, and the results appear in the CAIDA Spoofer Database.

Action 3: Facilitate global operational communication and coordination between network operators

We maintain the up-to-date PeeringDB entry and contact information of NOC, Abuse, and Peering in PeeringDB and Whois (RIR IRR).

We actively check for any incoming email and incident. And reply when any action is needed.

Action 4: Facilitate validation of routing information on a global scale

We document our routing policy by maintaining AS numbers, AS-SET, IP prefixes routes objects (aut-num, as-set, route, route6) in the RIR routing registry, RADB, or a RADB-mirrored IRR. At least one or more "as-set" IRR objects are registered to be used by automatic tools to generate prefix filters.

We require all IP prefixes of our own must create a valid Route Origination Authorization (ROAs).