Date 2016 Propuestas Concepcin 2018 Marzo 2018 Christian

Date 2016 Propuestas Concepción 2018 Marzo 2018 Christian O’Flaherty Regional Development oflaherty@isoc. org Presentation title – Client name Internet Society © 1992– 2016 1

ISOC MANRs SOS Internet 2

Founded in 1992 by pioneers of the early Internet, the Internet Society drives technologies that keep it open and safe. We promote policies that empower people to enable universal access for all. We stand for a better Internet. 2

The Internet Society at Work Provides leadership in policy issues Advocates open Internet standards Promotes Internet technologies that matter Develops Internet infrastructure Undertakes outreach that changes lives Recognizes industry leaders 4

Mutually Agreed Norms for Routing Security MANRS 5

The Internet appears seamless due to trust IP prefixes are learned in BGP from a customer, propagated to all your “peers, ” who pick the “best” announcement and propagate that path to their customers These relationships may span continents The reverse path must signal correctly too for the Internet to work and this path may traverse different networks IP packets are forwarded from one hop to the next hop closer to the destination with minimal inspection 6

This trust can break down My network accepts an invalid routing announcement which I propagate, my peer decides it is the “best path” and announces it to their customers The “best path” was not selected because it can deliver traffic to the destination, but rather for lower cost, “nearest exit” Traffic is being discarded, but how does the affected party contact the correct person to fix a problem that may traverse continents? 7

What is available to improve Internet security? Tools Prefix and AS-PATH filtering, RPKI, IRR, … Ingress and egress anti-spoofing filtering, u. RPF, … Coordination and DDo. S mitigation Challenges Your safety is in someone else’s hands Implementing control plane fixes at just one network to network interface does not resolve the problem Technological fixes and mitigation efforts can sometimes break seamless end-to-end forwarding of legitimate traffic 8

Welcome, Mutually Agreed Norms for Routing Security (MANRS)! The Internet is successful because of its long history of collaboration. To stimulate visible security improvements, we need a culture of collective responsibility. The Routing Resilience Manifesto, underpinned by the “Mutually Agreed Norms for Routing Security (MANRS)” document, aims at supporting this goal. 9

Mutually Agreed Norms for Routing Security (MANRS) Defines four concrete actions that network operators should implement. The problem cannot be solved alone - the real effect of the measures depends on how broadly they are adopted. MANRS tries to merge technology and people together to help craft a solution. 10

Good MANRS 1. Filtering – Prevent propagation of incorrect routing information. 2. Anti-spoofing – Prevent traffic with spoofed source IP addresses. 3. Coordination – Facilitate global operational communication and coordination between network operators. 4. Global Validation – Facilitate validation of routing information on a global scale. 11

1. Filtering Prevent propagation of incorrect routing information Network operator defines a clear routing policy and implements a system that ensures correctness of their own announcements and announcements from their customers to adjacent networks with prefix and AS-path granularity. Network operator is able to communicate to their adjacent networks which announcements are correct. Network operator applies due diligence when checking the correctness of their customer’s announcements, specifically that the customer legitimately holds the ASN and the address space it announces. 12

2. Anti-Spoofing Prevent traffic with spoofed source IP address Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users and infrastructure. Network operator implements antispoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network. 13

3. Coordination Facilitate global operational communication and coordination between the network operators Network operators should maintain globally accessible up-to-date contact information. 14

4. Global Validation Facilitate validation of routing information on a global scale. Network operator has publicly documented routing policy, ASNs and prefixes that are intended to be advertised to external parties. 15

MANRS is a document – and it is a commitment 1) The company supports the Principles and implements at least one of the Actions for the majority of its infrastructure. Implemented Actions are marked with a check-box. The Action "Facilitate global operational communication" cannot be the only one and requires that another Action is also implemented. 2) The company becomes a Participant of MANRS, helping to maintain and improve the document, for example, by suggesting new Actions and maintaining an up-to-date list of references to BCOPs and other documents with more detailed implementation guidance. 16

https: //www. manrs. org FIN MANRs 17

SOS Internet Experiencias en situaciones de Emergencia 18

Recomendaciones Previas – Durante - Recuperación 19

Ejemplos de Recomendaciones • Preparación: Como amurar racks, fijar servidores, cables de alimentación, ubicación equipos en rack (de abajo a arriba), etc. • Durante: Acceso a lugares afectados, energía (combustible, baterias), como aprovechar ayuda, priorizar, cuidar el espectro, etc. • Recuperación: Ayudar a reparar en lugar de desplegar nuevas redes 20

PLAN • Fondo • Expertos • Voluntarios Coordinar • Gobiernos • ONGs, Bancos • Empresas 21

Afectados • Países • Zonas • Comunidades Voluntarios Ayuda • Experiencias • Operadores que quieren ayudar • bancos • Fondos • Equipos 22

PEDIDO: Sumarse al grupo de WApp Ayudar con la evaluación de Proyectos Colaborar con documentos (revisión, sugerencias, autoría, etc. ) Participar en reuniones, representar al grupo, viajar. 23

Thank you. Firstname Lastname Job title surname@isoc. org Visit us at www. internetsociety. org Follow us @internetsociety Galerie Jean-Malbuisson 15, CH-1204 Geneva, Switzerland. +41 22 807 1444 1775 Wiehle Avenue, Suite 201, Reston, VA 20190 -5108 USA. +1 703 439 2120 24

Get involved. There are many ways to support the Internet. Find out today how you can make an impact. Visit us at www. internetsociety. org Follow us @internetsociety Galerie Jean-Malbuisson 15, CH-1204 Geneva, Switzerland. +41 22 807 1444 1775 Wiehle Avenue, Suite 201, Reston, VA 20190 -5108 USA. +1 703 439 2120 25