MANRS Milestone: 300+ ISPs Boost Routing Security

Explore how over 300 ISPs are adopting MANRS actions to fortify global internet routing against hijacks, leaks, and outages.

By Sneha Tete, Integrated MA, Certified Relationship Coach
Created on
Explore how over 300 ISPs are adopting MANRS actions to fortify global internet routing against hijacks, leaks, and outages.

The internet’s backbone relies on the Border Gateway Protocol (BGP), a critical system that directs data traffic across networks worldwide. Yet, BGP’s vulnerabilities have long exposed it to risks like route hijacks, leaks, and spoofing attacks, leading to outages, data interception, and cyber threats. Enter the Mutually Agreed Norms for Routing Security (MANRS), a collaborative effort led by the Internet Society to establish baseline security standards for network operators. In a significant achievement, participation has surged past 300 Internet Service Providers (ISPs), marking a pivotal step toward a more secure digital ecosystem.

Understanding BGP and Its Inherent Risks

BGP operates as the routing language of the internet, enabling autonomous systems (ASes)—networks operated by ISPs, enterprises, and content providers—to exchange reachability information. Without robust safeguards, malicious actors or simple misconfigurations can announce false routes, diverting traffic to unintended destinations. Historical incidents, such as the 2008 Pakistan YouTube hijack, underscore these dangers, where legitimate traffic was rerouted due to faulty announcements, blocking access globally.

Common threats include:

  • Route Hijacking: Forged announcements that redirect user data to attacker-controlled paths.
  • Route Leaks: Unintended propagation of internal routes, causing instability and blackholing traffic.
  • IP Spoofing: Packets masquerading as originating from trusted sources, facilitating DDoS amplification.

These issues not only disrupt services but also undermine trust in the internet’s foundational infrastructure. MANRS addresses them head-on by promoting actionable norms that operators can implement collaboratively.

Core Pillars of the MANRS Framework

At its heart, MANRS outlines four foundational actions designed to mitigate routing threats systematically. These are not complex overhauls but practical, implementable steps that yield immediate benefits.

ActionDescriptionBenefits
FilteringValidate and restrict BGP announcements to only authorized prefixes and paths.Prevents propagation of invalid routes from errors or malice.
Global ValidationPublish accurate routing policies and prefixes in public repositories like IRR and RPKI.Enables third-party verification, enhancing transparency.
CoordinationMaintain up-to-date contact details in RIR databases and PeeringDB.Facilitates rapid incident response and collaboration.
Anti-SpoofingImplement source address validation to drop spoofed packets.Reduces effectiveness of reflection-based DDoS attacks.

These measures form a comprehensive defense layer. For instance, filtering alone can block over 90% of erroneous announcements, according to studies from network research bodies.

Surpassing the 300-ISP Threshold: A Collaborative Triumph

The announcement of over 300 participating ISPs represents a doubling in membership within a few years, reflecting growing industry consensus on the urgency of routing security. Diverse operators—from regional providers to global giants—have validated their compliance through self-assessment and peer review, covering thousands of ASes and a substantial portion of global internet traffic.

This milestone stems from targeted outreach, educational webinars, and partnerships with Internet Exchange Points (IXPs). Participants gain public recognition via the MANRS website, incentivizing further adoption through reputational benefits and interoperability assurances.

Expanding Horizons: Beyond Traditional ISPs

MANRS has evolved to encompass more than just ISPs. Specialized programs now engage:

  • IXPs: Over 50 exchanges enforce MANRS actions among members, amplifying peer pressure for compliance.
  • CDNs and Cloud Providers: Launched in 2020, this track adapts actions for content delivery networks, with tailored filtering and validation requirements.
  • Equipment Vendors: Manufacturers integrate MANRS-compliant features into routers and switches, easing deployment for operators.

Recent data indicates CDN/cloud participation has grown rapidly, securing hyperscale traffic that dominates modern internet usage.

Quantifiable Gains from MANRS Implementation

Empirical evidence validates MANRS’s efficacy. A 2022 CAIDA study analyzed thousands of ASes, finding MANRS members significantly outperform non-members in RPKI ROA deployment—a key global validation tool—covering 83% more prefixes. Participants also exhibit fewer route leaks and hijacks, contributing to a 20-30% reduction in incident frequency within their ecosystems.

Broader impacts include:

  • Reduced Outages: Filtering curtails cascading failures from misconfigs.
  • DDoS Mitigation: Anti-spoofing starves amplification attacks of fuel.
  • Economic Savings: Enterprises avoid downtime costs, estimated in billions annually from routing events.

Academic research further confirms that MANRS networks form ‘secure zones’ in the internet topology, insulating connected users from distant threats.

Real-World Success Stories and Case Studies

Numerous operators have shared transformative experiences. A mid-sized European ISP reported a 70% drop in invalid announcements post-MANRS adoption, stabilizing peering relationships. In Asia, a national backbone provider leveraged coordination actions to resolve a major leak within hours, minimizing user impact.

Team Cymru, a cybersecurity leader, joined as the first non-ISP partner, enhancing visibility into threats via shared intelligence. Research networks like CENIC are piloting MANRS across thousands of sites, pioneering large-scale adoption in academia.

Challenges and Pathways to Universal Adoption

Despite progress, hurdles remain. Smaller operators cite resource constraints, while legacy equipment lacks native support. MANRS counters this with free tools, guides, and a supportive community forum.

Future strategies include:

  • Integration with RPKI for cryptographically validated routes.
  • BCP 38 enforcement for universal anti-spoofing.
  • Policy incentives from regulators and exchanges.

With projections estimating 1,000+ participants by 2026, MANRS is poised to cover half of global routes.

How Network Operators Can Join and Comply

Getting started is straightforward:

  1. Assess Current Practices: Use the MANRS self-assessment tool.
  2. Implement Actions: Start with filtering and coordination for quick wins.
  3. Validate and Publish: Submit evidence via the online portal.
  4. Monitor and Report: Annual recertification ensures ongoing adherence.

Resources abound at manrs.org, including checklists, webinars, and a participant directory.

FAQs on MANRS and Routing Security

What is MANRS?
MANRS is a voluntary initiative promoting four key actions to secure BGP routing globally.

Why focus on routing security?
Weak routing enables hijacks, leaks, and DDoS, threatening internet reliability for billions.

Is MANRS mandatory?
No, but participants represent a growing share of traffic, pressuring peers to join.

How does RPKI fit in?
It complements MANRS Action 2 by providing cryptographic proof of prefix authority.

What’s next for MANRS?
Expansion to more sectors and deeper integration with emerging standards like SIDR.

The Road Ahead: A Secure Internet for All

As cyber threats evolve, MANRS stands as a beacon of proactive defense. Surpassing 300 ISPs is not an endpoint but a launchpad for broader resilience. By uniting operators in shared norms, it fosters a self-reinforcing cycle of security, where each participant’s improvements benefit the whole. Stakeholders—from governments to end-users—must champion this momentum to safeguard the internet’s future.

References

  1. Mind Your MANRS: Measuring the MANRS Ecosystem — CAIDA/UC San Diego. 2022-05-01. https://www.caida.org/catalog/papers/2022_mind_your_manrs/mind_your_manrs.pdf
  2. Team Cymru First Cybersecurity Partner to Join MANRS — Team Cymru (official press release). 2020-04-01. https://www.team-cymru.com/press-releases/team-cymru-first-cybersecurity-partner-to-join-manrs-to-improve-routing-security-and-keep-the-internet-safe
  3. MANRS Community Report 2021 — MANRS.org (Internet Society). 2021-12-01. https://manrs.org/resources/community-report-2021/
  4. Path Forward: Improving Internet Routing Security by Enabling Zones — Oxford Academic (peer-reviewed). 2024-05-15. https://academic.oup.com/cybersecurity/article/10/1/tyae023/7924069
  5. Mutually Agreed Norms for Routing Security (MANRS) — Internet Society (official). 2023-01-01. https://www.internetsociety.org/learning/manrs/

Similar Articles

Enhancing Internet Routing Resilience

IP Spoofing Prevention: Economics of Network Security

MANRS: Building Routing Security Leaders

MANRS: Securing Internet Routing for Network Operators

Strengthening Internet Routing Through IXP Security

BGP: Internet’s Routing Backbone

Sneha Tete
Sneha TeteBeauty & Lifestyle Writer
Sneha is a relationships and lifestyle writer with a strong foundation in applied linguistics and certified training in relationship coaching. She brings over five years of writing experience to astromolt,  crafting thoughtful, research-driven content that empowers readers to build healthier relationships, boost emotional well-being, and embrace holistic living.

Read full bio of Sneha Tete