Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What is MANRS and does your network have it?

Thor Olavsrud | Oct. 14, 2016
The Internet Society's Mutually Agreed Norms for Routing Security (MANRS) initiative is designed to provide measures to improve the resilience and security of the internet's routing infrastructure to keep it safe for businesses and consumers.

While the internet itself was first envisioned as a way of enabling robust, fault-tolerant communication, the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the 7,000 to 10,000 networks central to global routing can lead to a widespread outage, and deliberate actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.

The Internet Society (ISOC), a cause-driven nonprofit organization that seeks to promote the open development, evolution and use of the Internet and the parent organization of the Internet Engineering Task Force (IETF) standards body, is moving to change that. In 2014, ISOC introduced its Mutually Agreed Norms for Routing Security (MANRS) initiative. Today ISOC announced that the initiative membership has more than quadrupled in its first two years, growing from its initial nine network operators to 42 network operators today.

The newest members are SUNET and NORDUnet, two leading research and education networks in Scandinavia. MANRS 42 members now operate autonomous system networks (ASNs) across 21 countries. The MANRS initiative is now established in Asia, North and South America, Africa and Europe.

"We're seeing a lot of uptake and much more awareness," says Andrei Robachevsky, Technology Program Manager for ISOC. "There are more than 50,000 networks participating in global routing. Perhaps 7,000 to 10,000 networks are really defining how global routing works. If we can get 10,000 networks to sign up to MANRS, we'll see significant improvement in global routing."

Pakistan killed the video star

As one example, Robachevsky says that if ISOC can get enough ASNs to support the measures suggested in MANRS, it would prevent incidents like the one in which Pakistan knocked YouTube off the Internet for two-thirds of the globe for several hours in 2008.

In that incident, Pakistan attempted to block access to YouTube within its own borders. Pakistan's telecommunications ministry had ordered 70 ISPs to block access to the site due to anti-Islamic videos. In response, Pakistan Telecom, the leading telecommunictions company in the country, configured its routing information to suggest that it was the legitimate destination for anyone trying to reach YouTube's internet addresses (though it didn't actually point to YouTube at all).

The move was intended only to make YouTube unavailable inside Pakistan, but the routing information propagated outside the country. Soon, not only was YouTube unavailable to two-thirds of the globe, Pakistan Telecom was suffering from a self-inflicted DDoS.

"For more than two hours, YouTube was unavailable to a large amount of the internet," Robachevsky says. "Pakistan Telecom was just buried under this traffic, under a DDoS of its own making. These types of accidents happen on the Internet every day. The majority of these incidents are misconfigurations. Anyone could, in principal, do this misconfiguration and create havoc if additional measures aren't taken."

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.