Akamai, AWS, Azion, Cloudflare, Facebook, Google, Microsoft, and Netflix, with a number of other companies onboarding soon, have agreed to specific actions to improve the resilience and security of the routing/peering infrastructure – to keep the Internet safe for businesses and consumers alike.
These companies have joined the Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society. Their Content Delivery Network (CDN) and Cloud Program is intended to help secure large hubs of the Internet from common routing problems.
Systemic security issues that arise from how traffic is routed on the Internet would make it vulnerable to abuse, attacks or errors. Through technical and collaborative action, MANRS helps with “crucial fixes needed to reduce the most common threats to the Internet’s routing system.”
The companies mentioned typically exchange traffic – or peer – with thousands of other networks to enable traffic to flow more efficiently around the world, making them significant participants in the Internet’s interconnection infrastructure.
“The MANRS community can leverage the new participants’ unique roles in the Internet routing system, in particular their vast peering value, for the benefit of a more secure Internet,” said Andrei Robachevsky, the Internet Society’s Senior Director for Technology Programs. “Putting in place more stringent controls on routing hygiene in the peering environment, will increase awareness of the need for greater MANRS adoption by peering networks. The CDN and cloud community is integral to the Internet ecosystem, and by joining MANRS, they are joining a community of Internet service providers (ISPs) and Internet Exchange Points (IXPs) committed to making the global routing infrastructure more secure.”
– story continues below the image –
6 Security-Enhancing Actions
Participants in the new program commit to the baseline of routing security defined by a set of six security-enhancing actions, of which five are mandatory to implement. The actions include:
- Prevent propagation of incorrect routing information
- Prevent traffic of illegitimate source IP addresses
- Facilitate global operational communication and coordination
- Facilitate validation of routing information on a global scale
- Encourage MANRS adoption
- Provide monitoring and debugging tools to peering partners (optional)
Founded by Internet pioneers, the Internet Society (ISOC) is a non-profit organization dedicated to ensuring the open development, evolution and use of the Internet. Working through a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access.
“Cloudflare has been a long-time proponent of better Internet routing security, and has actively campaigned for industry adoption of MANRS,” said John Graham-Cumming, Chief Technology Officer (CTO), Cloudflare. “Route leaks have a cascading negative impact on businesses, and coordinated action is needed by the Internet infrastructure community to improve the security, resilience, and reliability of networks.”
Being MANRS compliant not only improves our routing security capabilities,” said Christian Kaufmann, Vice President, Network Technology, Akamai. “It has the potential to help other networks to improve theirs and is an opportunity for Akamai to make a significant contribution to the improvement of global routing security.”
“The security of the Internet as a whole depends on the security of routing,” said Rogério Mariano, Director of Edge Strategy, Azion. “It’s necessary for the leaders to change their mindset and invest in the adoption of filters to avoid the incorrect propagation of routing information. Azion is strongly committed to the security of Internet routing.”