Enhancing Global Routing Security via APRICOT Collaboration
Discover how partnerships with APRICOT are fortifying Internet routing against threats like hijacks and leaks for a safer digital world.
The Internet’s backbone relies on robust routing protocols to direct data across the globe. Yet, vulnerabilities in Border Gateway Protocol (BGP) expose networks to severe risks. In recent years, collaborations like the one between the Internet Society’s Mutually Agreed Norms for Routing Security (MANRS) and the Asia-Pacific Regional Internet Governance Forum (APRICOT) have emerged as pivotal forces in mitigating these dangers. This partnership targets key threats, fosters community growth, and leverages cutting-edge tools to create a more secure routing ecosystem.
Understanding the Core Challenges in Internet Routing
Routing security remains a critical concern for network operators worldwide. BGP, the protocol powering inter-domain routing, was designed decades ago without modern security in mind. This leaves it susceptible to exploits that can disrupt services on a massive scale.
- Route Hijacking: Attackers falsely announce ownership of IP prefixes, redirecting traffic to malicious destinations.
- Route Leaks: Incorrect propagation of routing information floods networks, causing instability and blackholing.
- IP Spoofing: Forged source addresses enable devastating DDoS attacks by amplifying traffic.
These issues don’t just threaten connectivity; they lead to financial losses, data breaches, and eroded trust. For instance, high-profile hijacks have rerouted major financial transactions, underscoring the urgency for collective action.
The Role of MANRS in Standardizing Secure Practices
MANRS, spearheaded by the Internet Society, outlines voluntary actions for networks to enhance routing integrity. Participants commit to filtering bogus announcements, maintaining accurate registration data, and coordinating incident responses. This framework has gained traction among ISPs, IXPs, and cloud providers globally.
By 2026, MANRS boasts hundreds of members, reflecting growing recognition of its value. The initiative’s Observatory tool provides transparency, scoring networks on compliance and visualizing adoption trends. This data-driven approach incentivizes improvement and highlights laggards.
APRICOT: A Hub for Asia-Pacific Network Innovation
APRICOT, organized by APNOG, convenes operators, policymakers, and researchers from the Asia-Pacific region annually. It features tutorials, summits, and SIG sessions tackling real-world challenges. Routing security has become a staple topic, with dedicated panels discussing progress and hurdles.
The event’s influence extends beyond talks; it builds lasting networks. Participants return home equipped with actionable insights, often implementing changes that ripple across regional infrastructures.
Synergies from the MANRS-APRICOT Partnership
The alliance amplifies both organizations’ reach. Key initiatives include:
- Joint events at APRICOT summits and virtual formats to educate on best practices.
- Targeted promotion of MANRS signup among attendees, especially ISPs and IXPs.
- Regional community building to sustain momentum post-conference.
- Collaborative enhancements to the MANRS Observatory for better analytics.
This partnership addresses the Asia-Pacific’s unique needs, where rapid growth strains legacy systems. By embedding security into events, it accelerates adoption in underserved areas.
Technological Pillars: RPKI and Beyond
Central to these efforts is Resource Public Key Infrastructure (RPKI), a cryptographic system for validating route origins. Route Origin Authorizations (ROAs) digitally sign IP allocations, enabling Route Origin Validation (ROV) to drop invalid announcements.
Recent data shows remarkable progress: Over 50% of BGP routes now carry ROAs, protecting two-thirds of traffic volume. This leap from two years prior demonstrates RPKI’s efficacy, though full deployment lags due to equipment compatibility and operational complexity.
Emerging complements like Autonomous System Provider Authorization (ASPA) tackle path validation. ASPAs cryptographically attest customer-provider relationships, detecting leaks and forged paths without router modifications. Sessions at APRICOT 2026 highlighted ASPA’s role in post-ROV defenses, including social engineering risks around Trust Anchor constraints.
| Technology | Purpose | Adoption Status (2026) | Key Benefit |
|---|---|---|---|
| RPKI/ROV | Origin validation | High (50%+ routes) | Blocks hijacks |
| ASPA | Path validation | Growing | Prevents leaks |
| IRR Filters | Prefix limits | Widespread | Fallback mechanism |
| TCP-AO/GTSM | Session protection | Standard | Anti-spoofing |
Overcoming Adoption Barriers
Despite advances, challenges persist. Small operators cite costs and expertise gaps, while large ones grapple with scale. Customer demand often lags, reducing incentives. Panels at APRICOT emphasize holistic strategies: combining RPKI with traditional tools like max-prefix limits, ACLs, and IRR data.
Education is key. Workshops at APRICOT 2026 covered practical cybersecurity, from BGPsec explorations to MESec for privacy-preserving path checks. These empower operators to layer defenses effectively.
Measuring Impact and Future Trajectories
The MANRS Observatory tracks metrics like ROA coverage and actions implemented. APRICOT panels report steady gains, with traffic to validated destinations surging. Yet, gaps remain—route leaks evade ROV, demanding ASPA acceleration.
Future efforts focus on global synchronization. The Routing Security Profile (RSP) offers a risk-based framework for AS operators, integrating MANRS into broader resilience planning.
Community Voices and Real-World Wins
Leaders like those from APNIC note industry-wide commitment from thousands of engineers. APRICOT 2025’s panel affirmed ROV as a baseline, not endpoint, urging multi-tool arsenals. Quotes from sessions underscore unity: “Progress is tangible, but vigilance essential.”
FAQs on Routing Security Initiatives
What is MANRS?
MANRS promotes norms to secure BGP routing through filtering, transparency, and coordination.
How does APRICOT contribute?
It hosts events, SIGs, and workshops to drive regional adoption of security practices.
Why focus on Asia-Pacific?
The region’s explosive growth amplifies routing risks, making targeted efforts crucial.
Is RPKI deployment complete?
No, but it’s at 50%+ for routes; ASPA is the next frontier.
How can my network join?
Sign up for MANRS, deploy RPKI/ROV, and attend APRICOT for guidance.
In summary, the MANRS-APRICOT collaboration exemplifies proactive stewardship. By blending education, technology, and measurement, it paves the way for a hijack-resistant Internet. Operators worldwide should engage to sustain this momentum.
References
- Reflecting on the Routing Security panel at APRICOT 2025 — APNIC Blog. 2025-04-03. https://blog.apnic.net/2025/04/03/reflecting-on-the-routing-security-panel-at-apricot-2025/
- APNIC Routing Security SIG at APRICOT 2026 — APNIC Blog. 2026-03-12. https://blog.apnic.net/2026/03/12/apnic-routing-security-sig-at-apricot-2026-social-engineering-rpki-aspa-ta-constraints/
- Driving More Secure Internet Routing — APRICOT 2024 Presentation. 2024. https://2024.apricot.net/assets/files/APIC378/driving-more-secure-_1709176413.pdf
- Mutually Agreed Norms for Routing Security (MANRS) — MANRS Official Site. 2020-03. https://manrs.org/2020/03/working-with-apricot-to-improve-routing-security/
- Resource Public Key Infrastructure (RPKI) Overview — Internet Society. Ongoing. https://www.internetsociety.org/deploy360/rpk/
Similar Articles
Read full bio of Sneha Tete
