To wrap-up our reports on APRICOT 2017, we'd like to highlight the Network Security session that featured our Internet Society colleague Andrei Robachevsky, as well as highlight other routing security related topics.
Andrei presented the Mutually Assured Norms for Routing Security (MANRS) initiative that has now been running for two years. This aims to address the issue that BGP is largely based on trust, with no inherent validation of the legitimacy of routing updates and limited ways of authenticating Internet resource data. Whilst there are tools and techniques to improve this, these only have limited deployment and there's little incentive to do so as implementing them on your own network has little direct benefit to yourself.
MANRS therefore aims to help network operators around the world to work together to improve the security and resilience of the global routing system through four actions that include filtering, anti-spoofing, coordination and global validation. The initiative was launched on 6 November 2014 with 9 network operators, and has since expanded to encompass 90 Autonomous Systems.
In order to help network operators facilitate the actions, a MANRS Best Current Operational Practices (BCOP) document has been produced, and a set of online training modules is under development. These will walk students through a tutorial and provide a test at the end, with a view to this being the first step towards a MANRS certification. A partnership programme is currently being developed with IXPs, and other partners are being sought who'd be interested in including it in their curricula.
If you're interested in signing-up to MANRS, more information is available on the Routing Resilience Manifesto website.
- Tutorial Slides
- Video - Part 1 (YouTube)
- Video - Part 2 (YouTube)