MANRS to help secure large hubs of the internet from common routing problems
The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, announced the Content Delivery Network (CDN) and Cloud Program to help secure large hubs of the internet from common routing problems.
Systemic security issues that arise from how traffic is routed on the Internet make it vulnerable to abuse, attacks or errors. Through technical and collaborative action, MANRS helps with crucial fixes needed to reduce the most common threats to the internet’s routing system. In other words, the security of the internet depends on routing security.
CDNs and cloud providers help companies serve content and access online services by delivering it in a distributed manner and often from locations close to end users. For instance, when you visit a website, CDNs draw content from the closest locations and not from the website owner’s infrastructure, which is farther away and could result in slower download speeds.
The providers typically exchange traffic – or peer – with thousands of other networks to enable traffic to flow more efficiently around the world, making them significant participants in the internet’s interconnection infrastructure.
Participants in the new program include Akamai, Amazon Web Services, Azion, Cloudflare, Facebook, Google, Microsoft, and Netflix, with a number of other companies on boarding soon.
They agree to specific actions to improve the resilience and security of the routing infrastructure to keep the internet safe for businesses and consumers alike.
By joining, they commit to the baseline of routing security defined by a set of six security-enhancing actions, of which five are mandatory to implement. The actions are:
- Prevent propagation of incorrect routing information
- Prevent traffic of illegitimate source IP addresses
- Facilitate global operational communication and coordination
- Facilitate validation of routing information on a global scale
- Encourage MANRS adoption
- Provide monitoring and debugging tools to peering partners (optional)
According to industry estimates, over half of all online traffic today is served through CDNs, and this trend is likely to continue, given Internet users’ growing appetite for online media content, such as video, music, gaming, and software downloads.
To address this challenge, in 2018, a task force was formed by the Internet Society and the Cybersecurity Tech Accord, a public cybersecurity commitment spanning over 140 global technology companies.
In addition to the eight participating companies, the task force also includes Nexica, Oracle, Telefonica, Redder, and Verisign. Existing MANRS participants Comcast and TORIX also joined the task force.
Over the past year, they agreed on the set of actions that a CDN or cloud provider should take to improve routing security, leading to the creation of this community-driven program.
“The MANRS community can leverage the new participants’ unique roles in the Internet routing system, in particular their vast peering value, for the benefit of a more secure Internet,” says Andrei Robachevsky, the Internet Society’s Senior Director for Technology Programs.
“Putting in place more stringent controls on routing hygiene in the peering environment, will increase awareness of the need for greater MANRS adoption by peering networks. The CDN and cloud community is integral to the Internet ecosystem, and by joining MANRS, they are joining a community of Internet service providers (ISPs) and Internet Exchange Points (IXPs) committed to making the global routing infrastructure more secure,” he added.
Collaboration and shared responsibility are key to the success of MANRS. So far, 293 network operators and 48 Internet Exchange Points (IXPs) have signed on. By joining, these companies are working hard to secure the fabric of the Internet.
Christian Kaufmann, Vice President, Network Technology, Akamai says: “Being MANRS compliant not only improves our routing security capabilities, but has the potential to help other networks to improve theirs and is an opportunity for Akamai to make a significant contribution to the improvement of global routing security.”
Rogério Mariano, Director of Edge Strategy, Azion says: “The security of the Internet as a whole depends on the security of routing. It’s necessary for the leaders to change their mindset and invest in the adoption of filters to avoid the incorrect propagation of routing information. Azion is strongly committed to the security of Internet routing.”