Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working together to improve routing security for all

Published byGerard Daniel Modified over 6 years ago

Similar presentations

Presentation on theme: "Working together to improve routing security for all"— Presentation transcript:

1 Working together to improve routing security for all
The MANRS IXP Programme Andrei Robachevsky

2 Mutually Agreed Norms for Routing Security
MANRS defines four simple but concrete actions that network operators must implement to improve Internet security and reliability. The first two operational improvements eliminate the root causes of common routing issues and attacks, while the second two procedural steps improve mitigation and decrease the likelihood of future incidents. MANRS builds a visible community of security minded network operators and IXPs

3 MANRS Actions Filtering Prevent propagation of incorrect routing information Ensure the correctness of your own announcements and announcements from your customers to adjacent networks with prefix and AS-path granularity Anti-spoofing Prevent traffic with spoofed source IP addresses Enable source address validation for at least single-homed stub customer networks, their own end-users, and infrastructure Coordination Facilitate global operational communication and coordination between network operators Maintain globally accessible up-to-date contact information in common routing databases Global Validation Facilitate validation of routing information on a global scale Publish your data, so others can validate

4 A bit of history

5 EURO-IX 28th Forum: “What is in MANRS for an IXP?”
Is routing security important for your community? An opportunity to build a “safe neighborhood” Do you need a global reference point? A platform where you can organize related activities Are you willing to feed your expertise back to MANRS? Strengthening the global community

6 Developing a set of useful actions
Development team AMS-IX, AOIX, BKNIX, CABASE, DE-CIX, IIFON, IXPN, LONAP, NIC.CR, RINEX, TorIX Requirements Improve routing resilience and security Be useful to IXP members Do not set the bar too high, so that few IXPs can join Do not set it too low, so it makes no difference Make the actions concrete and measurable

7 EURO-IX 30th Forum: What’s on the table?
Prevent propagation of incorrect routing information Assist in preventing unwanted traffic ? Facilitate global operational communication and coordination between network operators Provide monitoring and debugging tools Promote MANRS among the membership Perform MANRS Local auditing Assist with the mitigation of a DDoS attack

8 EURO-IX 31st Forum: This initiative needs your feedback
Vote link: As we go Action by Action, please vote We’ll see the results immediately A priority list by importance and feasibility Specific comments on an Action are welcome

9 Implemented/Easy vs Difficult/Not Useful

10 And then, after the roadshow (LA, AF, AP, NA)

11 The IXP Programme Launched April 23, 2018

12 A dozen of leading IXPs around the globe already joined

13 Action 1. Facilitate prevention of propagation of incorrect routing information (Mandatory)
The IXP implements filtering of route announcements at the Route Server based on routing information data (IRR and/or RPKI)

14 Action 2. Promote MANRS in the IXP membership (Mandatory)
Action 2-1: Offer assistance to its members to maintain accurate routing information in an appropriate repository (IRR and/or RPKI) OR Action 2-2: Offer assistance in implementing MANRS ISP Actions for the members Action 2-3: Indicate MANRS participation on the member list and the website Action 2-4: Provide incentives linked to MANRS readiness

15 Action 3. Protect the peering platform
The IXP has a published policy of traffic not allowed on the peering fabric and performs filtering of such traffic.

16 Action 4. Facilitate global operational communication and coordination between network operators
The IXP facilitates communication among members by providing necessary mailing lists, and member directories.

17 Action 5. Provide monitoring and debugging tools to participants
The IXP provides a looking glass for its members.

18 Join the group of initial participants for the launch of the programme Your IXP has to implement the majority (3/5) of the Actions, including mandatory 1&2

19 Why is this important?

20 We Are In This Together Network operators and IXPs have a responsibility to ensure a globally robust and secure routing infrastructure. The network security depends on actions of other players: networks and IXPs The more network operators and IXPs work together, the fewer incidents there will be, and the less damage they can do.

21 LEARN MORE: https://www. manrs. org/ixp JOIN: https://www. manrs
LEARN MORE: JOIN:

22

Download ppt "Working together to improve routing security for all"

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Anti-Spam Management for Service Provider in Malaysia Alan Lee NTT MSC.

Anti-Spam Management for Service Provider in Malaysia Alan Lee NTT MSC.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
Philips iSite 3.5 Administration

Philips iSite 3.5 Administration
Best current operational practices (BCOP) Richard Jimmerson.

Best current operational practices (BCOP) Richard Jimmerson.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
2009 Mines Safety Roadshow Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow held.

2009 Mines Safety Roadshow Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow held.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
INFSO-RI-508833 Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Supportive Services for Veteran Families (SSVF) Data HMIS Lead and Vendor Training Updated 5/22/14.

Supportive Services for Veteran Families (SSVF) Data HMIS Lead and Vendor Training Updated 5/22/14.
Agricultural Market Information System (AMIS): State of Play AMIS First Meeting of the Rapid Response Forum 11 April 2012 Mexico City Abdolreza Abbassian,

Agricultural Market Information System (AMIS): State of Play AMIS First Meeting of the Rapid Response Forum 11 April 2012 Mexico City Abdolreza Abbassian,
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
24/02/20050 Euro-IX update APNIC 19 - IX SIG Kyoto Japan by Serge Radovcic of Euro-IX

24/02/20050 Euro-IX update APNIC 19 - IX SIG Kyoto Japan by Serge Radovcic of Euro-IX
Building a More Trusted and Secure Internet RIPE 70, May 12 2015.

Building a More Trusted and Secure Internet RIPE 70, May
Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS
Www.internetsociety.org How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.

How can we work together to improve security and resilience of the global routing system? Andrei Robachevsky.
1 ARIN: Our Mission, Role and Services John Curran President and CEO.

1 ARIN: Our Mission, Role and Services John Curran President and CEO.

Similar presentations

Ads by Google