MANRS

MANRS
Name	Routing Resilience Manifesto (MANRS)
Formation	2014
Type	Initiative
Headquarters	Global
Region served	Worldwide
Parent organization	Internet Society

MANRS is a global initiative aimed at improving the security and reliability of Internet routing by promoting operational best practices among network operators, content delivery providers, cloud platforms, and Internet exchange points. It advances coordinated measures to reduce the prevalence and impact of route hijacks, route leaks, and address spoofing across the public routing system that interconnects networks such as AT&T, NTT Communications, Deutsche Telekom, Akamai Technologies, and Cloudflare. Advocates include technical communities and organizations like IETF, ISOC, RIPE NCC, ARIN, and APNIC that seek to harmonize operational practices with standards from bodies such as RFC 6480 and work with registries including LACNIC and AFRINIC.

Overview

The initiative frames a concise set of operational actions for autonomous system operators, content networks, and exchange points to mitigate common routing risks. It addresses incidents similar to notable events involving YouTube outages, transnational disruptions touching networks of Verizon Communications, British Telecom, and effects on platforms like Facebook, Google and Amazon Web Services. MANRS connects technical requirements—filtering, anti-spoofing, coordination, validation—with ecosystem participants such as Level 3 Communications, CenturyLink, Tata Communications, Orange S.A., and research groups at MIT and Stanford University that study global reachability and routing provenance.

History and Development

The initiative emerged in the mid-2010s as part of a broader effort to address routing security following large-scale routing incidents that drew scrutiny from stakeholders including US Department of Homeland Security, European Commission, and industry fora like ICANN and the World Bank. Early contributors comprised network operators and organizations such as NORDUnet, Hurricane Electric, LINX, and the Internet Society which later hosted the program. Development progressed through collaboration with standards bodies—IETF working groups like SIDR and BGPsec discussions, operational groups such as FIRST, and regional registries ARIN and RIPE NCC. Funding and advocacy involved foundations and entities including Mozilla Foundation, GÉANT, and corporate sponsors from Cisco Systems and Juniper Networks.

Principles and Actions

MANRS codifies actionable practices rather than abstract goals. Core actions include route filtering to prevent propagation of incorrect advertisements, preventing IP address spoofing through source validation mechanisms such as techniques compliant with BCP 38 and operationalized by vendors like Cisco Systems and Juniper Networks; facilitating coordination via accurate contact information in registries like RADb and RIPE Database; implementing routing information validation using routing security technologies such as RPKI, ROA, and systems aligned with BGPsec; and encouraging support for protection at Internet Exchange Points similar to initiatives at AMS-IX and DE-CIX. The actions are designed to be measurable and interoperable with tools from academic groups at University College London and ETH Zurich.

Membership and Participation

Participants span a range of organizations: mobile carriers like Vodafone, fiber operators like Zayo Group, cloud providers such as Microsoft Azure and Google Cloud Platform, content delivery networks like Fastly, and exchange operators exemplified by Equinix. Membership requires organizational commitment to implement the defined actions and to publish attestations of compliance; signatories often include national research and education networks like SURFnet and CANARIE. The initiative engages policy makers from the European Commission and stakeholders at multistakeholder forums including G20 Internet-related dialogues to encourage adoption among sovereign networks and multinational carriers such as China Telecom and Telefonica.

Implementation and Compliance

Implementation spans operational tasks—prefix filtering, TTL security tweaks, IRR hygiene, and RPKI deployment—carried out by network engineers who reference guidelines from IETF drafts and operational manuals from NOG communities including NANOG and AfriNOG. Compliance is assessed through published criteria, self-attestations, and measurement by third parties including research teams at CAIDA and monitoring platforms developed in collaboration with organizations like Cloudflare and Akamai Technologies. Challenges include varying registry accuracy at ARIN and APNIC, differing router vendor features from Huawei Technologies and ZTE Corporation, and resource constraints in developing regions monitored by ISOC chapters and development partners like USAID.

Impact and Criticism

Proponents cite reductions in easily preventable routing incidents among participating networks and improved resilience for services run by Netflix, Spotify, and large e-commerce platforms including eBay and Alibaba Group. Measurements by analytics groups such as CAIDA and academic studies from Carnegie Mellon University suggest improved adoption of RPKI and filtering correlates with fewer route leaks. Critics argue the initiative relies on voluntary compliance and that key operators in some regions—including major incumbents like Russia Telecom affiliates and parts of China Mobile—have been slow to adopt; others point to concerns about centralization of trust around Certificate Authorities and RPKI repositories influenced by entities like IANA and regional registries. Policy debates involve regulators at European Commission and multilateral bodies like the United Nations which discuss mandates versus voluntary uptake. Overall, MANRS functions as a practical, community-driven step within a complex ecosystem involving technology vendors, research institutions, and international organizations.

Category:Internet infrastructure