LLMpediaThe first transparent, open encyclopedia generated by LLMs

Mutually Agreed Norms for Routing Security

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Internet Society Hop 3
Expansion Funnel Raw 73 → Dedup 32 → NER 10 → Enqueued 10
1. Extracted73
2. After dedup32 (None)
3. After NER10 (None)
Rejected: 22 (not NE: 22)
4. Enqueued10 (None)
Mutually Agreed Norms for Routing Security
TitleMutually Agreed Norms for Routing Security
StatusVoluntary Framework
AbbreviationMANRS
Year started2014
Related standardsBGP, RPKI, Internet Engineering Task Force
Founding organizationsInternet Society
Websitehttps://www.manrs.org/

Mutually Agreed Norms for Routing Security is a global initiative and voluntary framework designed to enhance the security and resilience of the Internet's global routing system. Established in 2014 by the Internet Society, it provides a set of actionable best practices for network operators, Internet exchange points, cloud providers, and content delivery networks to combat common routing threats. By fostering collective responsibility, the initiative aims to reduce prevalent risks such as route hijacking, route leakage, and IP address spoofing, which can lead to distributed denial-of-service attacks, data theft, and widespread network disruption.

Overview

The initiative emerged from collaborative discussions within the Internet governance community, recognizing that the inherent trust-based design of the Border Gateway Protocol was increasingly exploited for malicious purposes. Key figures from organizations like the Internet Engineering Task Force, Asia Pacific Network Information Centre, and American Registry for Internet Numbers helped shape its foundational concepts. The framework operates on the principle that no single entity can secure the global Internet alone, requiring coordinated action across autonomous systems worldwide. Its development was influenced by major incidents like the YouTube hijacking event of 2008 and the BGP leak affecting Google and other major services in 2018.

Core Principles

The framework is built upon several foundational pillars, mandating that participants implement specific technical and procedural controls. A primary requirement is the prevention of IP address spoofing through source address validation techniques, as defined in documents like BCP 38 and BCP 84. Participants must also maintain globally accessible routing policy documentation in registries such as the Internet Routing Registry using the Routing Policy Specification Language. Furthermore, network operators commit to filtering routing announcements based on Routing Public Key Infrastructure data or Internet Routing Registry records to prevent the propagation of incorrect routing information. A fourth principle involves the global coordination and mitigation of routing incidents through collaboration with entities like CERTs and other MANRS participants.

Implementation and Adoption

Implementation is achieved through a voluntary commitment process, where organizations join one of several tailored programs for network operators, Internet exchange points, cloud providers, or content delivery networks. Major adopters include companies like Microsoft, Google Cloud, Akamai Technologies, and Cloudflare, as well as Internet exchange points such as DE-CIX in Frankfurt and AMS-IX in Amsterdam. The Internet Society provides resources, tools, and a task force to support implementation, while progress is often showcased at events like RIPE meetings, NANOG conferences, and the Internet Governance Forum. Adoption metrics are publicly tracked, showing growth across regions served by AFRINIC, LACNIC, and ARIN.

Key Components and Documents

The initiative's requirements are detailed in living documents and implementation guides available on its official website. These include the MANRS Observatory, a tool that provides data on routing security and participant compliance. Central to the framework is the use of the Resource Public Key Infrastructure, a system of cryptographic certificates tied to IP address and autonomous system number resources issued by Regional Internet Registries. Other critical references are the MANRS Best Current Practices documents and the MANRS Implementation Guide, which provide step-by-step instructions for deploying BGP security measures. The initiative also collaborates on standards development within the Internet Engineering Task Force's SIDR Operations working group.

Impact and Significance

The collective action fostered by the initiative has measurably improved the security posture of the global Internet routing infrastructure. It has contributed to a significant increase in the adoption of Resource Public Key Infrastructure-based route origin authorization, reducing the surface for BGP hijacks. By promoting collaboration among competitors like AT&T, Verizon, and Deutsche Telekom, it has strengthened the overall resilience of critical Internet infrastructure. Its principles are increasingly referenced in policy discussions at bodies like the ENISA, the Federal Communications Commission, and the International Telecommunication Union, influencing national cybersecurity strategies worldwide.

Challenges and Criticisms

Despite its successes, the initiative faces several ongoing challenges. The voluntary nature of participation means global coverage remains incomplete, with adoption varying significantly between regions like North America and parts of Africa. Technical complexities and operational costs associated with implementing Resource Public Key Infrastructure and comprehensive filtering can be barriers for smaller Internet service providers. Some critics argue that the framework lacks strong enforcement mechanisms, relying instead on peer pressure and public accountability. Furthermore, the evolving threat landscape, including sophisticated attacks observed by teams at CrowdStrike or Mandiant, requires continuous updates to its best practices, posing a challenge for maintaining relevance and effectiveness.

Category:Internet governance Category:Computer security Category:Internet standards