The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, today announced the Content Delivery Network (CDN) and Cloud Program to help secure large hubs of the Internet from common routing problems.
Systemic security issues that arise from how traffic is routed on the Internet make it vulnerable to abuse, attacks or errors. Through technical and collaborative action, MANRS helps with crucial fixes needed to reduce the most common threats to the Internet’s routing system. In other words, the security of the Internet depends on routing security.
CDNs and cloud providers help companies serve content and access online services by delivering it in a distributed manner and often from locations close to end users. For instance, when you visit a website, CDNs draw content from the closest locations and not from the website owner’s infrastructure, which is farther away and could result in slower download speeds.
The providers typically exchange traffic – or peer – with thousands of other networks to enable traffic to flow more efficiently around the world, making them significant participants in the Internet’s interconnection infrastructure.
Participants in the new program include Akamai, Amazon Web Services, Azion, Cloudflare, Facebook, Google, Microsoft, and Netflix, with a number of other companies on boarding soon.
They agree to specific actions to improve the resilience and security of the routing infrastructure to keep the Internet safe for businesses and consumers alike.
By joining, they commit to the baseline of routing security defined by a set of six security-enhancing actions, of which five are mandatory to implement. The actions are:
- Prevent propagation of incorrect routing information
- Prevent traffic of illegitimate source IP addresses
- Facilitate global operational communication and coordination
- Facilitate validation of routing information on a global scale
- Encourage MANRS adoption
- Provide monitoring and debugging tools to peering partners (optional)
According to industry estimates, over half of all online traffic today is served through CDNs, and this trend is likely to continue, given Internet users’ growing appetite for online media content, such as video, music, gaming, and software downloads.
To address this challenge, in 2018, a task force was formed by the Internet Society and the Cybersecurity Tech Accord, a public cybersecurity commitment spanning over 140 global technology companies. In addition to the eight participating companies, the task force also includes Nexica, Oracle, Telefonica, Redder, and Verisign. Existing MANRS participants Comcast and TORIX also joined the task force.
Over the past year, they agreed on the set of actions that a CDN or cloud provider should take to improve routing security, leading to the creation of this community-driven program.
“The MANRS community can leverage the new participants’ unique roles in the Internet routing system, in particular their vast peering value, for the benefit of a more secure Internet,” says Andrei Robachevsky, the Internet Society’s Senior Director for Technology Programs.
“Putting in place more stringent controls on routing hygiene in the peering environment, will increase awareness of the need for greater MANRS adoption by peering networks. The CDN and cloud community is integral to the Internet ecosystem, and by joining MANRS, they are joining a community of Internet service providers (ISPs) and Internet Exchange Points (IXPs) committed to making the global routing infrastructure more secure,” he added.
Collaboration and shared responsibility are key to the success of MANRS. So far, 293 network operators and 48 Internet Exchange Points (IXPs) have signed on. By joining, these companies are working hard to secure the fabric of the Internet.
Christian Kaufmann, Vice President, Network Technology, Akamai says: “Being MANRS compliant not only improves our routing security capabilities, but has the potential to help other networks to improve theirs and is an opportunity for Akamai to make a significant contribution to the improvement of global routing security.”
Rogério Mariano, Director of Edge Strategy, Azion says: “The security of the Internet as a whole depends on the security of routing. It’s necessary for the leaders to change their mindset and invest in the adoption of filters to avoid the incorrect propagation of routing information. Azion is strongly committed to the security of Internet routing.”
John Graham-Cumming, Chief Technology Officer (CTO), Cloudflare says: “Cloudflare has been a long-time proponent of better Internet routing security, and has actively campaigned for industry adoption of MANRS. Route leaks have a cascading negative impact on businesses, and coordinated action is needed by the Internet infrastructure community to improve the security, resilience, and reliability of networks.”
Gina Haspilaire, Vice President, Global Partner Engagement, Netflix Open Connect says: “We believe it is in the best interest of Netflix to be a good internet citizen and join the internet industry to address routing security issues. A secure routing framework is essential to maintaining the ongoing health and stability of the global Internet, and MANRS provides the resources to develop, foster, and promote this framework.”
About the Internet Society
Founded by Internet pioneers, the Internet Society (ISOC) is a non-profit organization dedicated to ensuring the open development, evolution and use of the Internet. Working through a global community of chapters and members, the Internet Society collaborates with a broad range of groups to promote the technologies that keep the Internet safe and secure, and advocates for policies that enable universal access. The Internet Society is also the organizational home of the Internet Engineering Task Force (IETF).