The research and education community in the U.S. relies on a critical infrastructure to meet our education and research missions: the global Internet. This has been especially true during the COVID-19 pandemic, when it has enabled the rapid transition from on-campus to at-home learning.
In addition to being intense Internet users, we also operate a significant part of the Internet that’s tuned to meet higher education’s unique needs. The Internet2 network interconnects more than 1,000 individual networks across the U.S., and collectively we coordinate our activities and operations to ensure researchers and educators have the capabilities they need.
The Internet2 community is increasing participation in MANRS because routing security is a growing area of concern for network operators around the globe.
Whether from accidental misconfiguration or malicious hijack, the results are often more than just inconvenient. As academic and business critical functions are hosted or off-prem, the Internet is no longer a nice to have, but a key component of an organization’s IT infrastructure.
Colleges and universities have a long history of being connected to the Internet, and there was a time when connecting to the Internet was nearly “set it and forget it.”
But, today, this shared and critical infrastructure needs our attention. Routing security is vital to the future and stability of the Internet.
MANRS provides a framework and specific practices that the Internet2 community can embrace to better care for the security and resilience of this vital infrastructure. With over 1,000 separate networks, we rely on active community engagement to encourage the adoption of MANRS practices.
Our current engagement activities focus on complete and accurate documentation of routing policies in an Internet Routing Registry (IRR). Several of the networks that interconnect with the Internet2 backbone require, or will soon require, a valid route object for each prefix they accept, meaning that each network that connects to them must ensure their Autonomous System Numbers (ASNs) and IP prefix(es) are accurately entered in an IRR. Of Internet2’s over 5,000 routes, roughly 80% currently meet this requirement and the community is working together to assist those that still need to create IRR records for their prefixes.
With such a broad range of organizations, it can be challenging to identify the key individual that is empowered to create the needed records. Fortunately, we have been able to engage the community with a series of webinars, office hours, and other means to ensure these requirements are well understood and the resources are available to assist. The most recent MANRS webinar we hosted took place in April, which you are welcome to watch.
While our current focus is IRR records, we are preparing for the next phase of outreach, which will seek to increase the adoption of RPKI (Resource Public Key Infrastructure). RPKI is a specialized public key infrastructure that allows the holders of Autonomous System Numbers (ASNs) and IP addresses to be cryptographically verified using Route Origination Authorization (ROA) objects. An ROA attests which AS is authorized to originate certain IP prefixes.
Taking part in MANRS and the Internet2 community’s efforts connects you with a community of security-minded professionals and organizations committed to making the global routing infrastructure more robust and secure. Whether you run an ISP, IXP, CDN or cloud network, join us to protect the Internet ecosystem together.
Image by Nathan Dumlao via Unsplash