two years of good manrs - trex · •walks a student through the tutorial with a test at the end...
TRANSCRIPT
![Page 1: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/1.jpg)
Internet Society © 1992–2016
https://www.manrs.org/
TwoyearsofgoodMANRSImprovingGlobalRoutingSecurityandResilience
January2017
![Page 2: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/2.jpg)
Isthereaproblem?
• Internetroutinginfrastructureisvulnerable• Trafficcanbehijacked,blackholed ordetoured• Trafficcanbespoofed• Fat-fingersandmaliciousattacks
• BGPisbasedontrust• Nobuilt-invalidationofthelegitimacyof updates
2
![Page 3: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/3.jpg)
Aretheresolutions?
• Yes!• PrefixandAS-PATHfiltering,RPKI,IRR,…• BGPSECunderdevelopmentattheIETF• Whois,RoutingRegistriesandPeeringdatabases
• But…• Lackofdeployment• Lackofreliabledata
3
![Page 4: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/4.jpg)
Itisasocio-economicproblem– atragedyofthecommons• Fromtheroutingperspectivesecuringone’sownnetworkdoesnotmakeitmoresecure.Thenetworksecurityisinsomeoneelse’shands• Themorehands– thebetterthesecurity
• Isthereaclear,visibleandindustrysupportedlinebetweengoodandbad?• Aculturalnorm
4
![Page 5: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/5.jpg)
Aclearlyarticulatedbaseline–aminimumrequirement(MCOP)
+
Visiblesupportwithcommitment
5
![Page 6: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/6.jpg)
MutuallyAgreedNormsforRoutingSecurity(MANRS)
MANRSdefinesfourconcreteactionsthatnetworkoperatorsshouldimplement
• Technology-neutralbaselineforglobaladoption
MANRSbuildsavisiblecommunityofsecurity-mindedoperators
• Promotescultureofcollaborativeresponsibility
6
![Page 7: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/7.jpg)
GoodMANRS
• Filtering – Preventpropagationofincorrectroutinginformation• Ownannouncementsandthecustomercone
• Anti-spoofing – PreventtrafficwithspoofedsourceIPaddresses• Single-homedstubcustomersandowninfra
• Coordination – Facilitateglobaloperationalcommunicationandcoordinationbetweennetworkoperators• Up-to-dateandresponsivepubliccontacts
• Global Validation – Facilitatevalidationofroutinginformationonaglobalscale• Publishyourdata,sootherscanvalidate
7
![Page 8: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/8.jpg)
MANRSusecase:thenetworkandtopology
![Page 9: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/9.jpg)
MANRSisnot(only)adocument– itisacommitment• Thememberssupport thePrinciplesandimplement themajorityoftheActionsintheirnetworks.
• A memberbecomesaParticipantofMANRS,helpingtomaintain and improve thedocumentandtopromote MANRSobjectives
9
![Page 10: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/10.jpg)
Agrowinglistofparticipants
10
![Page 11: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/11.jpg)
0102030405060708090100
2014 2015 2016 2017(sofar)
#ofAS
#ofAS
TwoyearsofMANRS
11
MANRS members by # of AS’es
![Page 12: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/12.jpg)
0
1000
2000
3000
4000
5000
6000
7000
8000
2014 2015 2016 2017 . . . . . . ?
# of AS# of AS
Youmaysaywe’redreamers…
12
MANRS members by # of AS’es
![Page 13: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/13.jpg)
•Howtobridgethisgap?
13
![Page 14: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/14.jpg)
Leveragingmarketforcesandpeerpressure• Developingabetter“businesscase”forMANRS
• MANRSvaluepropositionforyourcustomersandyourownnetwork
• Creatingatrustedcommunity
• Agroupwithasimilarattitudetowardssecurity
14
![Page 15: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/15.jpg)
IncreasinggravitybymakingMANRSaplatformforrelatedactivities• Developingbetterguidance
• MANRSBestCurrentOperationalPractices(BCOP)document:
http://www.routingmanifesto.org/bcop/
• Training/certificationprogramme
• BasedonBCOPdocumentandanonlinemodule
• Bringingnewtypesofmembersonboard
• IXPs
15
![Page 16: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/16.jpg)
MANRStrainingandcertification
16
• Routingsecurityishard• TheMANRSBCOPwasenvisagedasasimpleinstructionset• Insteadwehavea50-pagedocumentthatassumescertainlevelofexpertise• Howcanwemakeitmoreaccessible?
• Asetofonlinetrainingmodules• BasedontheMANRSBCOP• Walksastudentthroughthetutorialwithatestattheend• Workingwithandlookingforpartnersthatareinterestedinintegratingitintheircurricula
• Ahands-onlabtoachieveMANRScertification• CompletinganonlinemoduleasafirststepinMANRScertification• Lookingforpartners
![Page 17: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/17.jpg)
MANRSIXPPartnershipProgramme
17
• ThereissynergybetweenMANRSandIXPsinthisarea• IXPsformacommunitywithacommonoperationalobjective• MANRSisareferencepointwithaglobalpresence– usefulforbuildinga“safeneighborhood”
• HowcanIXPscontribute?• Technicalmeasures:RouteServerwithvalidation,alertingonunwantedtraffic,providingdebuggingandmonitoringtools
• Socialmeasures:MANRSambassadorrole,localauditaspartoftheon-boardingprocess• Adevelopmentteamisworkingonasetofusefulactions
![Page 18: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/18.jpg)
Howtosignup
• Gotohttps://www.manrs.org/signup/• Providerequestedinformation
• PleaseprovideasmuchdetailonhowActionsareimplementedaspossible
• Wemayaskquestionsandaskyoutorunafewtests• Routing“backgroundcheck”
• Spoofer https://www.caida.org/projects/spoofer/
• Youranswerto“Whydidyoudecidetojoin?”maybedisplayedinthetestimonials
• Downloadthelogoanduseit
• BecomeanactiveMANRSparticipant
18
![Page 19: Two years of good MANRS - TREX · •Walks a student through the tutorial with a test at the end •Working with and looking for partners that are interested in integrating it in](https://reader036.vdocuments.mx/reader036/viewer/2022070916/5fb64aad8002d9516d125415/html5/thumbnails/19.jpg)
Questions?
Pleasejoinustomakeroutingmoresecure• Feelfreetocontactusifyouareinterestedandwanttolearnmore
• http://www.routingmanifesto.org/contact/
• Mail:[email protected]
• Lookingforwardtoyoursign-ups:• http://www.routingmanifesto.org/signup/
19