Hi, Some of you might have commented on the Manifesto (https://www.routingmanifesto.org/). Thank you for that. BTW, it is going to get a more neutral name - Mutually Agreed Norms for Routing Security - MANRS). We are in the process of incorporating the feedback in order to release the final version. What is currently missing are references to resources providing specific guidance in a form of BCOPs, BCPs, etc. for each of the Actions. Specifically: 1. Prevent propagation of incorrect routing information · Network defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with a prefix and as-path granularity. · Network operator is able to communicate to their adjacent networks which announcements are correct. . Network operator applies due diligence when checking the correctness of their customer's announcements, specifically that the customer legitimately holds the ASN and the address space it announces. 2. Prevent traffic with spoofed source IP address . Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with incorrect source IP address from entering and leaving the network. 3. Facilitate global operational communication and coordination between the network operators . Network operator maintains globally accessible up-to-date contact information. Any references to stable documents would be appreciated. Thanks, Andrei Benno Overeinder wrote on 02/07/14 16:45:
Posted for Andrei Robachevsky, ISOC.
Colleagues,
A small group of network operators has been working on defining a minimal, but feasible package of recommended measures that, if deployed on a wide scale, could result in visible improvements to the security and resilience of the global routing system.
Many operators are ahead of the curve and already implement much more than the proposed recommendations. But we believe that gathering support for these relatively small steps could pave the road to more significant actions on a global scale.
We called this set of recommendations a Routing Resilience Manifesto – you can find a draft document here: https://www.routingmanifesto.org/.
This initial version of the Manifesto was drafted by a small group, but we need a wider community review, your feedback, and, ultimately, your support to make this initiative fly. It was already presented at several venues, like RIPE and NANOG, and now we open it for a more detailed review. Please note that this is very much a work in progress.
Please review the document and provide your feedback and text suggestions online or via routingmanifesto@isoc.org by 31 August 2014.
Regards,
Andrei Robachevsky Internet Society