Today, we’re announcing a new MANRS Equipment Vendor Program. Founding participants include global leaders in network equipment Arista, Cisco, Huawei, Juniper, and Nokia, with others expected to join soon.
Since 2014, the Mutually Agreed Norms for Routing Security (MANRS) initiative has grown to include three programs, each contributing to routing security in its own way. Participants implement tailored, relevant actions that ultimately help defend the Internet against route hijacks, route leaks, IP address spoofing, and other attacks.
But there has been one critical dependency that until today wasn’t explicitly addressed by MANRS: you can only effectively implement MANRS if the equipment you’re using, like routers and switches, has the right features and support.
By enabling routing security features on network equipment and providing support and training guidance to use them, many network operators around the world can now more easily improve routing security.
A Community Effort
Sometimes, desired security features lack a compelling business case, which affects their availability and time to market. Network equipment manufacturers, or vendors, usually introduce features according to how much their customers, or the industry in general, expect or demand them.
While the need to clearly articulate this baseline feature set was understood in the community, the idea of creating a new program materialized earlier this year when several equipment vendors expressed their interest in more actively participating in MANRS. A task force including leading network equipment vendors and existing MANRS participants developed a set of actions over several months and a full review by the entire community. We would especially like to thank the following people for actively participating in the task force: Melchior Aelmans, Jean Michel Combes, Rich Compton, Andrew Gallo, Greg Hankins, Jakob Heitz, Florian Hibler, Georgios Karagiannis, D’Wayne Saunders, and Russ White.
One obvious requirement for equipment vendors is supporting implementation of the MANRS actions outlined in the three existing programs. For example, it would be helpful to include a feature to configure a prefix filter to drop incorrect routing announcements or connect to an RPKI cache to enable route origin validation (ROV).
It was also clear to the task force that equipment vendors have much influence on network engineers through their training programs and technical content. It sends a strong message if their training content promotes MANRS or gives guidance on how to implement MANRS actions using a vendor’s equipment.
Finally, the task force acknowledged that a required feature set is just a starting point. Routing security problems are multifaceted and good collaboration between network operators and equipment vendors is crucial. Both groups see MANRS as a neutral and trusted platform to facilitate an array of ongoing activities, from advising operators on how to use routing equipment features to developing solutions for identified problem statements.
What do equipment vendors need to do?
The MANRS Equipment Vendor Program lists two mandatory actions and one commitment:
- Action 1. Provide solutions for the implementation of specific MANRS Actions by other participants (Mandatory)
- Action 2. Promote MANRS through training and technical content (Mandatory)
- Commitment to ongoing activities (mandatory): Advisory, Development, Contribution and Promotion.
Participation provides an opportunity to demonstrate attention to the security and sustainability of the Internet ecosystem and, therefore, dedication to providing high-quality products.
How do I sign up?
Any manufacturer of network equipment, including software-based products, that meets the program requitements above is welcome to join us.
Besides signaling a strong security posture and commitment to the sustainability and resilience of the Internet ecosystem, participation in MANRS casts a positive reflection on the company image (specifically in the NetOps community) and can potentially facilitate selection/procurement processes by third parties.
Let’s Work Together
It is only through collective action and a shared sense of responsibility that we can address problems like BGP leaks, hijacks, DDoS attacks, and IP address spoofing that have real-world consequences for millions of people. We must work together to build a more resilient and secure Internet infrastructure.
This new Equipment Vendor Program opens a new chapter in MANRS, further extending its community and bringing us closer to a secure and resilient global routing system – the foundation of the Internet. Please learn more about the program and join us.