Two weeks ago, we organized a panel discussion on the Mutually Agreed Norms for Routing Security (“MANRS”) document at NANOG65 in Montreal. It was wonderful to see that three MANRS participants – Tony Tauber (Comcast), Job Snijders (NTT), and Rob Hagens (Zayo) – were on the panel discussing some important aspects of MANRS and routing security in general. Andree Toonk from BGPmon.net also participated, providing an overview of the security landscape.
Perhaps the most important questions were: (a) Why join MANRS? and (b) What difference can it make?
I think the takeaways from this discussion can be summarized in three bullet points:
- Because security of the global routing system is a sum of all contributions
- Because this is a way to visibly define and promote a new baseline in routing security
- Because a community has gravity that can attract others, producing a network effect
Another, similar discussion happened again last week, this time in Northern Europe, in Stockholm during the Netnod meeting.
The title of my presentation, “How can we work together to improve security and resilience of the global routing system?” contained part of the answer that MANRS participants believe in: we can only improve the situation by working together. And the MANRS initiative itself offers a possible answer to the how.
Reflecting on an old well-known incident of YouTube prefix hijacking, one can observe that YouTube, by itself, could not protect its network from hijacking, but that Pakistan Telecom and PCCW could. What YouTube could have done is mitigate the attack – and that is what it did – but the damage had already been done. Another thing that a network can do is to help others to protect their networks. For instance, letting others know what announcements to expect by registering this information in an IRR, or RPKI.
The promise of MANRS is that it can help others to protect your network. But to make this happen, you should join, too.
There was strong support for the idea that implementing the actions identified in MANRS is a good way to go that can make routing more secure and reliable. There was less agreement that one should also join the MANRS initiative, though. Apart from traditional shyness (we are simply doing our job well), there are other factors, like perceived difficulties of convincing other people in the company of the benefits of this initiative.
Write us (http://www.routingmanifesto.org/contact/) if you want to discuss this further, or simply share your doubts and concerns – that is very helpful, too!
And if you are ready and convinced – Gå med i MANRS idag!!