Routing incidents happen all the time, but for an individual average network operator they seem somewhat infrequent. When these routing incidents happen, though, they have real – and negative – consequences. Does this infrequency mean we don’t have to worry? Here we outline three reasons why network operators MUST be concerned about routing security incidents.
A year ago, the Internet Society and BGPmon conducted a routing resilience survey focused on collecting routing incident data from operators’ points of view. It showed that many network operators have routing security incidents at least once a month, and about 5% of those incidents have real (and negative) network impacts.
But, for the majority of the networks in the survey, it was business as usual most of the time, and changes in the routing system we observed were related to connecting new customers or changing providers.
Does this mean there is nothing to worry about? No problems?
The answer is – no. If you’re a network operator, you should be concerned.
First, lack of routing security can cause outages.
Routing system vulnerabilities are well known and incorrect routing configuration changes or malicious announcements propagate quickly and can often cause significant damage – a DoS attack, non-optimal traffic flow affecting network performance, or traffic interception (“hijacking”).
In these cases, customers are negatively affected and you might not meet your service level agreements. The challenge here, as I mentioned before, is the seeming infrequency of such incidents with potentially significant impact. Humans are not very good at assessing probabilities; we buy lottery tickets hoping to win big, but worry about being hit by lightning during a thunderstorm when in fact the probability of the latter is less than that of the former…
Second, many routing incidents go under the radar and can affect your network’s reputation.
There is a growing trend of abusing routing vulnerabilities through various types of malicious activities, like sending spam or spreading malware. Unlike DoS incidents with high public exposure – like the YouTube route hijacking – these incidents have less impact on network operations and may go unnoticed for months. Criminals are trying to avoid exposure by squatting on unused address space or limiting the propagation of bogus announcements. On the surface it looks like nothing “bad” has happened to your network – apart from increased spam or malware – leading to greater difficulty tracking down the criminals.
But, attacks of this sort may have another impact – they affect your reputation as a network operator. Network and address blocks are more likely to be put on blacklists, impacting services for your customers and users and potentially affecting your ability to make peering arrangements.
Finally, routing security has a strong social component
It turns out, your network protection is in the hands of other networks. For example, to protect your network from route hijacking, other networks must act and take measures. At the same time, deploying these protective measures often has costs and less obvious benefits for their own network.
Let me put it another way – you don’t get the benefits of routing security technology by doing this alone – your network security depends on whether other operators deploy these measures, too. The more networks deploy them, the more return on investment everyone gets.
We believe that global adoption of routing security measures can be most effectively motivated in local communities, like Internet Exchange Points (IXPs) or small Network Operator Groups (NOGs). In these communities people usually know each other and collaboration is often part of the culture, since they have common operational objectives.
A global effort called the Mutually Agreed Norms for Routing Security (MANRS, aka Routing Resilience manifesto) can help here, by providing visibility and awareness, a common platform, and a baseline for recommended security actions.
The foundation of MANRS is existing security building blocks and new ones that are being developed; there is an array of solid best-practices for additional checks on routing information a network receives from its customers and peers.
To paraphrase slightly what I wrote in one of my recent blog posts, “MANRS + IXPs = A MORE Secure Internet Routing System”:
“We see MANRS as a tool for local communities, like Internet exchange points (IXPs), to create a new norm for more secure and resilient routing.”
Are you interested in signing up to officially show your support for MANRS and collaborative routing security? Visit www.manrs.org, read the whole document, and let us know you’re onboard!
[Editor’s Note: This was cross-posted on the IXP Toolkit website at http://ixptoolkit.org/blog/2015/07/23/why-routing-security-matters-and-ixps-play-role.]