Sharing the responsibility
As critical academic and business functions move to the cloud, routing security becomes a key component of an organization’s IT infrastructure. Internet2 participates in Mutually Agreed Norms for Routing Security (MANRS), a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats.
MANRS says: The network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks. The network operator applies due diligence when checking the correctness of its customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces.
MANRS says: The network operator maintains globally accessible up-to-date contact information. Publicly accessible and up-to-date contact information is essential to promoting communication and collaboration between network operators
MANRS says: The network operator implements a system that enables source address validation and implements anti-spoofing filtering to prevent packets with incorrect source IP address from entering and leaving the network.
IP source address spoofing, in simple terms, means the host pretends to be some other host. This can be exploited in various ways, most notably to execute Denial of Service (DoS) reflection-amplification attacks that cause a reflector host to send traffic to the spoofed address.
MANRS says: The network operator is able to communicate to their adjacent networks which announcements are correct and has a publicly documented routing policy. The routing information should be made available on a global scale to facilitate validation. Since the extent of the internet is global, information should be made public and published in a well known place using a common format.
Internet2 Community Completes Network Routing Policy, Publishes Plan
The Internet2 community worked together to complete their routing policy records so that 99% of the routes fulfill the Internet2 Peer Exchange’s major peer requirements.
Internet2’s Evolving IRR Document
What you need to know about Google’s Internet Routing Registry requirements.
Mutually Agreed Norms for Routing Security
Facts and figures on routing security compiled by Kevin Meynell from the Internet Society.
Open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices.
We want to hear from you.
Contact us for more information.