Donate
MANRS + IXPs = A MORE Secure Internet Routing System Thumbnail
‹ Back
Improving Technical Security 1 June 2015

MANRS + IXPs = A MORE Secure Internet Routing System

Andrei Robachevsky
By Andrei RobachevskySenior Technology Programme Manager

Internet Exchange Points (IXPs) are a critical community to adopt the MANRS (Mutually Agreed Norms on Routing Security) initiative to make the Internet’s routing infrastructure more secure.  I recently made this point when given an opportunity to present MANRS at the MORE-IP conference organized by one of the leading Internet Exchanges AMS-IX.

Why do I think the IXP community is an important audience?

While MANRS is a truly global collaborative effort, its success very much depends on the sense of ownership, peer pressure and common understanding. These properties are the strongest in relatively small communities united by common operational objectives. The IXP community fits this profile very well.

I was very glad to reconfirm to myself that the AMS-IX community takes security issues seriously. For example, there was a presentation from AMS-IX technical team about their proposed setup for outgoing prefix filtering on AMS-IX route servers. In other words instead of each ISP building their own filters on what routing updates to accept or not from each of their peers, the route server is going to do this for them. There is a possibility for a peer to choose between the traditional IRR or the RPKI repository as a source of information for building filters and select whether prefixes are filtered or only tagged. The more members adopt this setup the less vulnerable the global routing system will become. And given 715 networks peering at AMS-IX this will definitely have an impact.

Another presentation was about the Trusted Networks Initiative – a last resort solution hosted by the Hague Security Delta for DDoS attacks that are too big to handle. This initiative is supported by AMS-IX and is based on peering on a separate private VLAN by a set of “trusted” networks. “Trust” is based on adherence to norms that are similar to MANRS. Moreover, the members list has a separate column indicating their participation in MANRS, although I was a bit surprised to see this box checked only for one network.

I think regardless of the existence of “fire exits” it is important that we work on making the whole building fire-proof, to use an analogy. I see MANRS as a tool for local communities, like the AMS-IX association, to use to create a new, more secure and resilient norm for routing.

P.S. If you are with a network operator, have you signed the MANRS document? If not, why not do so today?


Image credit: Photo of Andrei Robachevsky speaking provided by the MORE-IP conference organizers.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Internet Society, LACNIC, and LAC-IX Partner to Strengthen IXPs in Latin America
Internet Society, LACNIC, and LAC-IX Partner to Strengthen IXPs in Latin America
Internet Exchange Points (IXPs)3 May 2018

Internet Society, LACNIC, and LAC-IX Partner to Strengthen IXPs in Latin America

Wednesday, 2 May 2018, the Internet Society signed a Memorandum of Understanding with the Association of Internet Exchange Points (LAC-IX)...

Introducing a New MANRS IXP Programme for Routing Security
Introducing a New MANRS IXP Programme for Routing Security
Mutually Agreed Norms for Routing Security (MANRS)23 April 2018

Introducing a New MANRS IXP Programme for Routing Security

Today, we are pleased to announce that the Mutually Agreed Norms for Routing Security (MANRS) is getting a new category...

Why Routing Security Matters, and IXPs Play a Role
Why Routing Security Matters, and IXPs Play a Role
Improving Technical Security24 July 2015

Why Routing Security Matters, and IXPs Play a Role

Routing incidents happen all the time, but for an individual average network operator they seem somewhat infrequent. When these routing...

Join the conversation with Internet Society members around the world