LLMpediaThe first transparent, open encyclopedia generated by LLMs

Mutually Agreed Norms for Routing Security

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Resource Public Key Infrastructure Hop 4
Expansion Funnel Raw 96 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted96
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Mutually Agreed Norms for Routing Security
NameMutually Agreed Norms for Routing Security
AbbreviationMANRS
Established2014
InitiatorInternet Society
FocusInternet routing security

Mutually Agreed Norms for Routing Security is a global initiative aimed at reducing incidents of route hijacking, route leaks, and other Border Gateway Protocol (BGP) misconfigurations by promoting operational best practices among network operators, content delivery networks, and cloud providers. It was launched to coordinate actions among stakeholders such as the Internet Society, Regional Internet Registries, and network operators, and to align with standards from bodies like the Internet Engineering Task Force and the Internet Corporation for Assigned Names and Numbers.

Overview

MANRS provides a concise set of actionable norms intended for adoption by Autonomous System operators, Internet Exchange Points, Content Delivery Networks, and cloud platforms. It links operational practices with technical specifications from the Internet Engineering Task Force, policy guidance from the Internet Society, coordination roles of the Internet Corporation for Assigned Names and Numbers, and resource allocation by American Registry for Internet Numbers, Réseaux IP Européens Network Coordination Centre, Asia Pacific Network Information Centre, Latin American and Caribbean Internet Addresses Registry, and African Network Information Centre. MANRS works in concert with organizations such as RIPE NCC, ARIN, APNIC, LACNIC, AfriNIC, and industry groups like North American Network Operators' Group, European Internet Exchange Association, Asia Pacific Internet Association, and Internet2.

History and Development

MANRS emerged in 2014 from discussions led by the Internet Society and contributors from the IETF routing working groups, civic technologists associated with Packet Clearing House, operators from Level 3 Communications, researchers from CAIDA, and policy advisors from ICANN. Early adopters included major networks and exchange points such as AMS-IX, DE-CIX, LINX, NTT Communications, AT&T, Verizon, Sprint Corporation, and large content networks like Akamai Technologies and Cloudflare. Development was influenced by historical incidents involving YouTube, Amazon Web Services, Google, and national incidents involving operators in Pakistan and China, prompting coordination with regulators in jurisdictions such as the European Commission and agencies modelled after Federal Communications Commission. MANRS matured alongside technical proposals from the IETF including resource public key infrastructure work promoted by IETF SIDR Working Group and operational tooling from Team Cymru and research papers by Nanog contributors and University of California, San Diego researchers.

Technical Components and Standards

The MANRS norms map to specific technical controls like prefix filtering, route origin validation using Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations issued under registries such as ARIN and RIPE NCC, and maximum-prefix limits implemented by routing platforms from vendors such as Cisco Systems, Juniper Networks, Huawei Technologies, and Nokia (company). Standards and drafts from the IETF including BGPsec proposals, RPKI operational guidance, and SIDR outputs inform MANRS recommendations. Tools from BGPStream, OpenBMP, ExaBGP, and collectors operated by RouteViews and RIPE NCC RIS support monitoring and detection. MANRS encourages implementation of filtering using data from Regional Internet Registries and leveraging coordination services such as Internet Exchange Point route servers operated by DE-CIX and AMS-IX. The initiative also references security frameworks from ISO/IEC standards and aligns with transparency practices advocated by Electronic Frontier Foundation and incident sharing models used by FIRST.

Adoption and Implementation

Adopting MANRS involves commitments from network operators, IXPs, and CDNs to implement its required actions and make configuration data public via registries like PeeringDB and operational dashboards curated by organizations such as the Internet Society MANRS Observatory. Large cloud providers including Amazon Web Services, Google LLC, and Microsoft Azure have participated, alongside telecommunications operators like Deutsche Telekom, Orange S.A., Vodafone Group, and Telenor. Implementation pathways include vendor-specific configuration guides from Cisco, Juniper, and Arista Networks; training events hosted at operator forums such as NAPM, RIPE Meetings, and IETF Meetings; and certification or recognition programs run with partners like ICANN and regional registries. Peering communities at LINX, IX.br, and Equinix exchange points provide platforms for peer-driven adoption.

Governance and Policy Issues

MANRS operates as a voluntary, membership-based initiative coordinated by the Internet Society with advisory input from multi-stakeholder actors including IETF, ICANN, regional registries, and operator groups like NANOG and ENOG. Policy issues address liability concerns, information sharing consistent with laws such as General Data Protection Regulation in the European Union, and alignment with national cybersecurity strategies exemplified by policies in United States and Estonia. Debates involve interactions with regulatory bodies like the European Commission and sectoral agencies analogous to the Federal Communications Commission on whether norms should be voluntary or incorporated into procurement standards used by ministries and agencies such as NATO and national CERTs including US-CERT and CERT-EU.

Security Impact and Incidents

MANRS aims to reduce incidents similar to historic BGP events affecting YouTube in Pakistan, accidental hijacks that impacted Amazon services, and targeted route leaks that disrupted traffic to platforms like Google and Facebook. Analyses by CAIDA, Team Cymru, and academic groups at MIT and Stanford University indicate measurable reductions in some classes of hijacks where RPKI and filtering are widely deployed. Coordination with incident responders such as FIRST, national CERTs including JPCERT/CC, and operator communities like NANOG improves remediation times. High-profile incidents involving operators linked to state actors and events referenced by NATO and United Nations reports have further motivated uptake.

Criticisms and Limitations

Critics from academic institutions like University of Oxford and think tanks such as Chatham House note MANRS is voluntary and relies on accurate registry data from Regional Internet Registries; adoption gaps persist among smaller networks and in parts of Africa, Latin America and the Caribbean, and some parts of Asia Pacific. Technical limitations include incomplete deployment of RPKI and challenges with BGPsec adoption highlighted by vendors Cisco and Juniper and researchers at Carnegie Mellon University. Policy critics argue that reliance on volunteer norms may be insufficient compared with regulatory approaches considered by entities such as the European Commission or national ministries. Ongoing debates involve balancing operational transparency with privacy and liability concerns raised by legal scholars at Harvard Law School and practitioners in organizations like ISOC and ICANN.

Category:Internet governance