Now, more than ever, the internet serves as the backbone of our society, but it still faces certain risks that can result in major disruption in communication, great financial loss, or even ruin the reputation of a business.
Some of the biggest risks are what we call routing threats. These include incidents of route hijacking, route leaks, IP address spoofing, and many other harmful activities. It is up to IXPs, network operators, CDN, and content providers around the world to work together to reduce these threats and keep the internet stable and thriving.
Filtering with ‘Never Via Route Server’ on PeeringDBMore about ‘Never Via Route Server’
To meet these challenges, the Internet Society, a nonprofit organization formed to provide leadership in Internet-related standards, education, access, and policy, introduced the Mutually Agreed Norms for Routing Security global initiative, more commonly known as MANRS.
These routing security norms can be outlined in four simple actions that network operators need to do:
- Implement filtering to prevent the propagation of incorrect routing information
- Enable source address validation for at least single-homed stub customer networks, your end-users, and infrastructure
- Maintain globally accessible up-to-date contact information
- Publish your data, so others can validate routing information on a global scale
To be an official member of MANRS, participants must demonstrate their commitment by implementing a majority of the program (action 1 and 2 are mandatory) and for internet exchange points (IXPs) there are additional recommended actions due to their unique needs, which include:
Protecting the peering platform
The IXP has a published policy of traffic not allowed on the peering fabric and performs filtering of such traffic.
Filtering applies to:
- Not allowed Ethernet frame formats
- Not allowed Ethertypes
- Link-local protocols, such as IRDP, ICMP redirects, Discovery protocols (CDP, EDP), VLAN/trunking protocols (VTP, DTP), BOOTP/DHCP, etc.
- Restricted by the MAC port security configuration
Monitoring and debugging tools
This means the IXP provides access to a looking glass which provides routing information publicly to its participants
Promoting MANRS membership
The idea is to encourage everyone at an IXP to take these actions. This can be accomplished by helping members to maintain accurate routing information in an appropriate repository (IRR and/or RPKI), assist in implementing MANRS ISP Actions, demonstrate MANRS participation on member lists and websites, or offering incentives for MANRS readiness.
Join MANRS with the help from MDC
For MDC, our guiding purpose is to create connections that empower people to thrive and as founders of the MEX-IX peering platform, this means doing our part to protect the internet from routing threats. That is why MDC has is committed to assist all members of the MEX-IX community in implementing the MANRS program actions. Together we can make the internet safer for everyone.
Get started today. Schedule a call with one of our peering experts at MDC to learn more about MANRS, its benefits, and how to successfully implement the recommended actions.