Nate Sales

MANRS: Mutually Agreed Norms for Routing Security

July 13, 2020

One of the big problems with the internet is that not everyone follows the RFCs. Worse still, purely running a RFC-compliant BGP daemon does nothing to prevent route leaks. BGP is an inherently trusting protocol that can cause huge issues for others on the internet if you configure it wrong.

There are many new protocols and specifications that help to prevent route leaks and the other problems that the ancient protocol of BGP can cause. Well how is this all coordinated? The technical answer would be the IETF publishing RFCs, but in order encourage networks to join in building a more secure internet there has to be some way to promote those concepts. The MANRS project (Mutually Agreed Norms for Routing Security) aims to encourage network operators, IXPs, and CDNs to come together to make the internet a better place by providing a simple outline for what exactly needs to be done in networks to meet the current best practices in regards to security. For network operators they break this down into 4 categories.

Coordination - Facilitating global operational communication and coordination between network operators

Global Validation - Facilitating validation of routing information on a global scale

Anti-Spoofing - Preventing traffic with spoofed source IP addresses

Filtering - Preventing propagation of incorrect routing information.

Currently there are 447 participating networks, and the list is growing quickly. If you are a network, IXP, or CDN operator and aren’t already a MANRS participant, I highly recommend you consider looking over their requirements in order to improve the security of your network and the internet at large. Learn more at