Global routing – a kludge or a collaboration phenomenon? Thumbnail
Mutually Agreed Norms for Routing Security (MANRS) 3 June 2015

Global routing – a kludge or a collaboration phenomenon?

By Andrei RobachevskyFormer Senior Director, Technology Programmes

Is it true that the percentage of Internet traffic currently secured by a new system of cryptographic network keys is zero? This was the conclusion of a recent article in The Washington Post.

While the article makes a fair assessment of the security vulnerabilities of the protocol that controls routing in the global Internet, as well as challenges in improving its security, it does not suggest any particular way forward. Although it is not easy, a path forward to a more robust and secure Internet exists, and I’d like to share with you what we think it might look like.

Before I go into it, let’s think of a more fundamental question: How are innovations deployed in the core infrastructure of the Internet? Innovation flourishes at the Internet’s edges—witness the explosion of applications just in the last decade—but how does innovation take hold in between networks, where they are glued together to form the global communication fabric that makes up the Internet?

Well, innovations are not adopted overnight. There is a term, coined out by a sociologist Everett Rogers back in 1962, “diffusion of innovations” that reflects the gradual nature of this process. The process can be faster or slower, and so is the steepness of the known S-curve. But what is at the core of this process is the “interpersonal communication with peers […] necessary to persuade most individuals to adopt a new idea” (Rogers, E. M., and Kincaid,D. L. (1981). Communication Networks:Toward a New Paradigm for Research. New York: Free Press.).

And if it is true for a washing machine or a refrigerator, or a VCR, it is even more true for technologies needed to secure global routing system. Knowing that one’s neighbors are happy with a novel appliance makes one more confident in making a similar purchase, but there is no real interdependency related to the utility of the device.

On the contrary, with the routing security technology one cannot get the benefits of its deployment by doing this alone – one’s network security depends on whether the rest deploys these measures, too. The more networks deploy, the more “return on investments” one gets.

So how can we stimulate this process?

We believe that global adoption of routing security measures can be most effectively “diffused” in local communities, like IXPs, small NOGs, etc., through collaboration, based on common understanding and commitment. One of the examples is the Mutually Agreed Norms for Routing Security (MANRS, aka Routing Resilience manifesto) that I recently wrote about in a blog post.

The foundation of MANRS is made from the existing building blocks and new ones that are being developed – there is an array of solid best practices on additional checks on routing information a network receives from its customers and peers (“filtering” as it is called in the article), based on various repositories, such as address allocation databases, Internet Routing Registries, or Resource Public Key Infrastructure (RPKI) developed by the IETF (see RFC6480). The IETF is also finalizing its security extensions to the BGP called BGPSEC (see draft-ietf-sidr-bgpsec-overview).

I called them “building blocks” and didn’t single any one of them as “the solution”, because there is no “silver bullet”. New unforeseen requirements emerge all the time, especially in the Internet fast pacing world. Any protocol, or technology, need to evolve, and this evolution needs to diffuse. We should also not forget that resiliency of the global routing system is in its collaborative nature that helps resolving routing incidents in reasonable timescales. And we need to improve further on the preventive front to eliminate such incidents altogether.

Open standards development and collaboration are the key ingredients to our common success in this area.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Strengthening the Internet 6 September 2024

US Government Networks Get a Security Boost: White House Roadmap Tackles Routing Vulnerabilities

The White House's Roadmap to Enhancing Routing Security is an important step toward strengthening routing security in the United...

Strengthening the Internet 14 May 2024

The US Makes a Big Step Toward Better Routing Security

The US Department of Commerce began implementing better routing security practices—a step in the right direction for wider MANRS...

Securing Border Gateway Protocol (BGP) 18 April 2024

The US FCC Signals a Dangerous New Course on BGP Security

The US Federal Communications Commission recently released a draft Declaratory Ruling and Order in the Open Internet Proceeding. However,...