Tech Giants Back MANRS for Safer Internet Routing
Leading tech firms unite behind MANRS to fortify global routing against hijacks, leaks, and threats for a more secure web.
The Internet’s backbone relies on routing protocols like Border Gateway Protocol (BGP) to direct data across the globe. Yet, vulnerabilities in this system expose users to severe risks, from massive outages to malicious hijacks. In a pivotal move, numerous leading technology companies have rallied behind the Mutually Agreed Norms for Routing Security (MANRS), a collaborative effort to safeguard this critical infrastructure. This endorsement signals a growing industry consensus on the urgency of proactive measures against routing threats.
Understanding the Hidden Dangers of Internet Routing
Routing forms the unseen foundation of online connectivity, determining how packets of data travel from origin to destination. BGP, the dominant protocol since the 1980s, excels at scalability but lacks built-in security features. This design choice, rooted in an era of implicit trust among network operators, now poses significant challenges in a threat-filled digital landscape.
Common perils include BGP hijacking, where attackers falsely announce ownership of IP address blocks, diverting traffic to malicious destinations. Such incidents can enable surveillance, data theft, or disruption of services. Route leaks, another frequent issue, occur when networks inadvertently propagate incorrect paths, causing widespread instability. In 2017, incidents underscored the scale: thousands of problematic events disrupted major platforms and financial systems.
- Hijacks: Malicious rerouting of traffic for espionage or ransomware.
- Leaks: Accidental floods of invalid routes overwhelming global tables.
- Spoofing: Forged source addresses enabling denial-of-service attacks.
These vulnerabilities not only affect enterprises but ripple to everyday users, amplifying the need for collective defense strategies.
What is MANRS and Why Does It Matter?
Launched in 2014 under the Internet Society’s stewardship, MANRS unites network operators, exchanges, CDNs, and cloud services around shared security norms. Participants commit to actionable steps that mitigate prevalent routing risks, fostering a more trustworthy Internet ecosystem.
MANRS has evolved, expanding from initial operator-focused guidelines to encompass diverse stakeholders. By 2021, it boasted over 1,000 participants, including equipment vendors promoting secure hardware features. This growth reflects broad recognition that routing security demands multifaceted involvement.
Core benefits include reduced incident frequency, faster threat detection, and enhanced operator coordination. For businesses, it translates to reliable service delivery; for consumers, uninterrupted access to essential online resources.
Key Security Commitments Under MANRS
MANRS outlines precise, implementable actions tailored to participant types. These guidelines emphasize prevention, validation, and transparency.
| Action Category | Description | Impact |
|---|---|---|
| Filtering Invalid Routes | Deploy prefix and AS-path filters to block incorrect announcements. | Prevents leaks and hijacks at the source. |
| Source Validation | Implement anti-spoofing measures like BCP38/uRPF. | Stops illegitimate traffic origination. |
| Coordination Tools | Maintain accurate PeeringDB records and global contacts. | Enables rapid incident response. |
| RPKI Adoption | Use Resource Public Key Infrastructure for route origin validation. | Provides cryptographic assurance of legitimacy. |
CDN and cloud providers, handling vast traffic volumes, follow amplified requirements, such as rigorous inbound filtering and RPKI deployment.
Major Tech Companies Stepping Up to MANRS
A coalition exceeding 40 tech-focused entities has publicly affirmed MANRS principles, marking a shift from traditional network operators to broader industry players. This support amplifies MANRS’s reach, leveraging the influence of CDNs and hyperscalers.
DigitalOcean, for instance, integrated MANRS into its CDN and cloud operations, committing to enhanced filtering and RPKI. Backblaze echoed this by validating routes and signing objects digitally. Cybersecurity Tech Accord, representing dozens of firms, not only endorsed but formed a joint working group to extend MANRS beyond core networks.
Team Cymru, a security specialist, became the first dedicated cybersecurity partner, boosting visibility into routing anomalies. These commitments demonstrate how tech leaders are embedding routing hygiene into their infrastructures.
Real-World Wins and Ongoing Progress
Since inception, MANRS has curbed notable threats. Participants report fewer leaks, with RPKI adoption surging—over 50% of IPv4 space now cryptographically secured in some regions. Global Cyber Alliance backs MANRS, integrating it into broader cyber defense efforts.
2021 updates introduced vendor-specific actions: embedding security tools in routers, promoting training, and community engagement. This holistic approach addresses root causes, from hardware to policy.
Challenges persist, including adoption gaps in certain regions and the complexity of full RPKI rollout. Yet, momentum builds, with IXPs and clouds driving compliance.
How Organizations Can Join the MANRS Movement
Participation is straightforward: assess current practices against MANRS actions, implement gaps, and register publicly. Resources abound, including self-assessment tools and implementation guides from manrs.org.
Benefits extend beyond security—enhanced reputation, better peering relations, and regulatory alignment. For enterprises, selecting MANRS-compliant providers minimizes risk exposure.
- Review your routing policies.
- Deploy filters and validation.
- Update registries like PeeringDB.
- Sign up and publicize commitment.
The Road Ahead for Routing Resilience
Future enhancements may include automated validation standards and AI-driven anomaly detection. As IPv6 expands and 5G/edge computing proliferate, MANRS must adapt to new paradigms.
Industry endorsements underscore a truth: routing security is a shared responsibility. By converging on norms like MANRS, stakeholders pave the way for an Internet that withstands evolving threats.
Frequently Asked Questions (FAQs)
What does MANRS stand for?
Mutually Agreed Norms for Routing Security—a voluntary framework to secure BGP and reduce common threats.
Why is BGP vulnerable?
Designed without authentication, it trusts peer announcements, enabling manipulation.
Who can participate in MANRS?
Network operators, IXPs, CDNs, clouds, and now equipment vendors.
How effective is RPKI in MANRS?
It cryptographically validates route origins, blocking many hijacks; adoption grows rapidly.
Is MANRS mandatory?
No, but endorsements from tech leaders encourage widespread uptake.
References
- DigitalOcean Joins MANRS Initiative — DigitalOcean. 2023. https://www.digitalocean.com/blog/digitalocean-joins-manrs
- Cybersecurity Tech Accord Endorses MANRS — Cybersecurity Tech Accord. 2018-11-14. https://cybertechaccord.org/cybersecurity-tech-accord-endorses-manrs/
- Team Cymru First Cybersecurity Partner to Join MANRS — Team Cymru. 2019. https://www.team-cymru.com/press-releases/team-cymru-first-cybersecurity-partner-to-join-manrs-to-improve-routing-security-and-keep-the-internet-safe
- Backblaze Commits to Routing Security With MANRS — Backblaze. 2023-05-10. https://www.backblaze.com/blog/backblaze-commits-to-routing-security-with-manrs-participation/
- MANRS Community Report 2021 — MANRS.org. 2021. https://manrs.org/resources/community-report-2021/
- MANRS for CDN and Cloud Providers — MANRS.org. 2024. https://manrs.org/cdn-cloud-providers/
Similar Articles
Read full bio of Sneha Tete
