Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANRS for IXPs Why we did it? What did we do?

Published byMarjut Niemi Modified over 6 years ago

Similar presentations

Presentation on theme: "MANRS for IXPs Why we did it? What did we do?"— Presentation transcript:

1 MANRS for IXPs Why we did it? What did we do?
__________________________________________________________ Andy Davidson RIPE77, Amsterdam 17th October 2018

2 MANRS? Demonstrate commitment to a collective culture of responsibility For internet resilience For security of the routing system Apply minimum level of best practice at inter-domain border Filter incorrect routing information Filter traffic with spoofed IP address sources Encourage co-ordination and collaboration between operators Expressed in a number of Actions. Initiated and co-ordinated by ISOC.

3 MANRS for IXPs? MANRS actions apply to dirty layer three networks not pure, clean, honest IXP Ethernet domains We can (continue to) get away with doing no work at all

4 MANRS for IXPs? MANRS actions apply to dirty layer three networks not pure, clean, honest IXP Ethernet domains We can (continue to) get away with doing no work at all …actually if this was ever true, it is certainly no longer true

5 MANRS for IXPs! IXPs are important partners
Focal point for collaboration Co-ordination of regional internet development and education Route-Servers are popular and must be secured Layer 2 hygiene is still important

6 MANRS Actions Prevent propagation of internet routing information (M)
Promote MANRS to the IXP membership (M) Protect the peering platform Facilitate operational communication between operators Provide monitoring and debugging tools to members

7 MANRS actions Prevent propagation of internet routing information (M)
Same burden on IXP operator as on layer 3 carrier No customer BGP relationship should be unfiltered Networks outsource peering hygeine to route-server

8 MANRS IXP Adoption 24 IXPs
Could you be next?

9 Why we adopted MANRS? Be good internet citizens
Reduce likelihood of emergency support incident Increased confidence in automation Barrier was extremely low, most work had been done

10 How Asteroid adopted good MANRS
Build script will not include a peer on route-server unless Route-server flag in database is set to true (customer controlled) as_macro is defined in asteroid database for customer as_macro expands in RIR IRRDBs to a prefix list of at least one prefix Prefixes MUST be defined for a BGP session to be built

11 Protect the peering platform
Common Sense policy, enforced with port template Identical port configuration handled by port rollout script Filtering link layer protocols (e.g. LLDP, BPDUs, etc.) MAC Port-Security Scripts on collector to identify prohibited traffic Unannounced, public Peering LAN IPv4/6 addresses

12 Provide a looking glass
Alice, from our friends at ECIX

13 MANRS compatible with Asteroid values
Lightweight and efficient approach Simple to automate, easy to use Low cost Origin in trustworthy, collaborative co-operation

14 Embedded into our product
White Label IXP-in-a-box platform Public Exchange Points Amsterdam, Netherlands Mombasa, Kenya

Download ppt "MANRS for IXPs Why we did it? What did we do?"

Similar presentations

Presenter: Mark Elkins Topic: Things not getting done.

Presenter: Mark Elkins Topic: Things not getting done.
Virtual LANs.

Virtual LANs.
VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.

VLAN KRISHNAKUMAR RAJENDRAN NIKITA PATEL TEJENDRA PATEL Guided by Prof, Edmund Gean.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
Analysis of BGP Routing Tables

Analysis of BGP Routing Tables
Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.

Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.
Route Servers: What, Why, and How? Andy Davidson Allegro Networks / LONAP August 2014 Peer 2.0/SFO.

Route Servers: What, Why, and How? Andy Davidson Allegro Networks / LONAP August 2014 Peer 2.0/SFO.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Network Connectivity Options Currently offered by Wyless.

Network Connectivity Options Currently offered by Wyless.
IPv6 activities in Greece Dimitrios Kalogeras, Ph.d.

IPv6 activities in Greece Dimitrios Kalogeras, Ph.d.
Practical Issues in Internet Measurement adapted from Mark Crovella and Balachander Krishnamurthy.

Practical Issues in Internet Measurement adapted from Mark Crovella and Balachander Krishnamurthy.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
An overview of IP addressing history and policy issues Leo Vegoda Number Resources Manager, IANA.

An overview of IP addressing history and policy issues Leo Vegoda Number Resources Manager, IANA.
Lecture 4: BGP Presentations Lab information H/W update.

Lecture 4: BGP Presentations Lab information H/W update.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicBSCI Module 6 1 Basic Switch Concept Prepared by: Akhyari Nasir Resources form Internet.
Policies for Peering and Internet Exchanges AFIX Technical Workshop Session 8.

Policies for Peering and Internet Exchanges AFIX Technical Workshop Session 8.
RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

Similar presentations

Ads by Google