Mutually Agreed Norms for Routing Security (MANRS)
The Internet Society’s Mutually Agreed Norms for Routing Security (MANRS) initiative is designed to provide measures to improve the resilience and security of the internet’s routing infrastructure to keep it safe for businesses and consumers.
While the internet was first envisioned as a way of enabling robust, fault-tolerant communication – the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the >10,000 networks central to global routing can lead to a widespread outage, and deliberate malicious actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.
The Internet Society (ISOC), a non-profit organisation that promotes the open development, evolution and use of the Internet and the parent organisation of the Internet Engineering Task Force (IETF) standards body, are actively working to change this underlying frailty. In 2014, ISOC introduced its Mutually Agreed Norms for Routing Security (MANRS) initiative. Today the membership has grow from its initial 9 network operators to >100 today.
The MANRS initiative expects participating operators to complete the first three of the following actions, with the fourth considered an extension of the minimum package:
Prevent propagation of incorrect routing information. Operators can ensure the correctness of their own announcements and those from their customers to adjacent networks through various network routing prefix filtering techniques.
Prevent traffic with spoofed source IP addresses. Operators can implement a system enabling source address validation, such as unicast reverse path forwarding (uRPF) and anti-spoofing filtering, to prevent packets with incorrect source IP addresses from entering and leaving the network.
Facilitate global operational communication and coordination between network operators. This common but effective way of addressing problems in Internet routing simply entails an operator noticing an issue and then calling someone who is able to fix it.
Facilitate validation of routing information on a global scale. This advanced action requires operators to have publicly documented routing policy, ASNs and prefixes intended to be advertised to external parties. Global validation tools could include Internet Routing Registries (IRRs) and Resource Public Key Infrastructure (RPKI)
Additional momentum for the MANRS initiative has come from the growing participation in the IXP Programme. Launched in April 2018, this programme broadens support by introducing a separate membership category for IXPs. All 26 current participants in this programme have committed to preventing the propagation of incorrect routing information and promoting MANRS amongst their membership. IXP Programme participants also agree to take action either to protect the peering platform, facilitate global operational communication and coordination, or provide monitoring and debugging tools to their members.
Please visit: MANRS for more information.