Over 70,000 networks, or Autonomous System Numbers (ASNs), make up the Internet and each makes its own decisions about how to route traffic, generally using Border Gateway Protocol (BGP). But BGP was created before security was a concern— it assumes all networks are trustworthy and offers no built-in validation to verify the information it receives.
Incidents like route leaks, route hijacks, and IP-address spoofing, each have the potential to slow down Internet speeds, make parts of the Internet unreachable, or provide an opportunity for surveillance.
The risks have been known for years, and the technical community has responded with a variety of mitigation tools and technologies. Yet we still have routing incidents nearly every day, with some of them causing global disruption. A famous example is from 2008, when Pakistan Telecom accidentally knocked YouTube off the Internet for two-thirds of the globe for several hours. And many more have happened since then.
Why are these mitigation tools and technologies not working?
They do work, but the bottom line is they only have full impact if they are applied at scale across the Internet. The routing ecosystem is too complex for there to be a single solution or a single party to fix the issues. It is truly a global problem, as one network’s issues can cascade to affect others.
YouTube was limited in how much it could have done to protect itself in 2008. It was up to Pakistan Telecom or their upstream provider to block fake announcements, or for other networks on the path to do the same, which is what ultimately happened.
Why does not everyone just implement the tools and technologies?
Unfortunately, the benefits for an individual network implementing routing security controls are often small. It may cost time and money to implement best practices and, ultimately, that network’s security still depends on the actions of other operators. This is a collective action problem.
Some network operators are unfamiliar with the scope and impact of routing security issues and so they do not view it as an imminent problem. Others understand they should be part of the solution, but fail to implement the required actions due to competing priorities, conflicting interests, lack of incentives, etc.
How do we fix the collective action problem?
There are two interrelated things that can move a collective action problem forward:
- Norm setting: create standard definitions, behaviors, and mindsets that should be expected as part of working together in a collaborative ecosystem.
- Establishing collective responsibility: foster commitment to better routing security by ‘cleaning your part of the street.’ This commitment is reinforced by transparent measurements and peer pressure.
Mutually Agreed Norms for Routing Security, or MANRS, is the routing security industry’s effort toward these things— the MANRS actions define expected behaviors, and participating networks form the community encouraging collective responsibility.
MANRS outlines simple, concrete actions that organizations can take depending on their role in the Internet ecosystem. It is a routing security baseline, a new norm for doing business. Joining MANRS means joining a community of security-minded organizations committed to making the global routing infrastructure more robust and secure.
How do we scale-up MANRS?
Today, there are more than 800 MANRS participants in four programs for network operators, Internet exchange points (IXPs), CDN & cloud providers, and equipment vendors. However, there are about 70,000 ASNs on the Internet. Many of those are small networks with no major impact on the Internet so while not every ASN must participate, we need significantly more networks implementing MANRS actions to stop routing security incidents in their tracks.
MANRS is built on raising awareness of the issues, a cooperative spirit to address them, and peer pressure to do your part. For many networks, better routing security is a matter of reputation and improving your own risk analysis. For some participants it goes further, as they see a business case for driving global routing security improvements. On average, though, the value proposition of MANRS is somewhat limited.
How do we make MANRS more compelling?
Back in 2014, when we started MANRS, we focused on peer-to-peer relationships— one network operator talking to another about how to make the Internet better and do the right thing for everyone. Now we are adding a new layer into the argument— customer-to-provider relationships.
MANRS is voluntary to join and runs on the ‘honor system’ after initial compliance checks. Requiring more, such as measures to achieve higher and longer-term routing security assurance, will need a corresponding increase in the MANRS value proposition.
We are working on an idea— in addition to the current baseline MANRS actions, let us create an elevated tier of MANRS that includes a credible quality mark, regular conformance checks with enforcement for non-compliance, and extended actions that are better aligned with customer demands. The working title of this idea is MANRS+.
There are several big questions that need to be answered:
What would make MANRS+ valuable enough to enterprises that they would include it in their procurement processes? What actions could operators provide that would show a compelling business case worthy of investment? How do we provide high assurance of conformance to make MANRS+ credible?
We have had preliminary discussions with network operators, CDNs and cloud providers, and also with representatives from industry sectors like finance and healthcare. Their reaction was positive and there is certainly interest in moving forward with this idea. We are forming a working group made up of network operators and enterprise representatives to answer the big questions and progress this work.
We believe MANRS has been missing a powerful driving force for security based on customer-provider relationships. If you represent a network operator, we ask you to join MANRS and become part of the community working to improve routing security across the Internet.
If you are an enterprise customer, we ask you to provide input on how we can increase awareness in your industry and what would make routing security become a priority in your business decision-making. You can reach out to us at firstname.lastname@example.org. If you are interested in joining the MANRS+ working group, please respond to the call for participation and actively contribute to the development of the quality mark.
The first co-author, Megan Kruse, is the Director of Partner Engagement & Communications at the Internet Society (ISOC). You can connect with her on LinkedIn and follow her on Twitter.
Andrei Robachevsky, our second co-author, is the Senior Director for Technology Programs at ISOC. You can connect with him on LinkedIn.