The Internet Society has been working on Mutually Agreed Norms for Routing Security (MANRS) for a few years, and they recently funded some industry research to gain insights into network operators’ and enterprises’ requirements and plans around routing security.
The report itself is definitely worth a read (see references below). Particular results that I think are of interest for both MANRS and URSA are:
- that enterprises are also concerned about address spoofing and route hijacking; and
- the apparent disconnect between operators’ expectations of customers’ routing security interests and the enterprises expressed willingness to prefer network services that provide better security.
The first should be a really important driver for getting operators to step up and implement the best practices that are at the heart of MANRS. Also, it should help focus attention and interest in URSA’s efforts to get agreement on rational next steps in selecting and deploying routing security technologies.
The second is a bit of a puzzle, but perhaps best interpreted as an opportunity for operators to understand that customers are interested and willing to pay to support the right thing being done.
The Internet Society overview of the report is here: https://www.routingmanifesto.org/resources/research/
The full report itself is available here: https://www.routingmanifesto.org/wp-content/uploads/sites/14/2017/09/451_Advisory_BW_MANRS_InternetSociety_10375.pdf
NOMA at RIPE 74
Today I had the opportunity to talk to the RIPE meeting crowd about my use of the RIPE NCC Atlas measurements infrastructure to simulate the NOMA v6 health metric measurement. NOMA is based on operators instrumenting their networks. The RIPE Atlas infrastructure, with its probes distributed throughout a variety of networks, is a good platform for illustrating what could be done, with live (if somewhat limited) data.
It seemed like there would be little appetite for discussing next steps in routing infrastructure authentication and verification after the DDoS attack on Dyn (October 2016), when it became clear that large scale attacks are feasible without spoofing IP addresses, hijacking prefixes, or otherwise falsifying Internet infrastructure numbers and routing. Already a tough sell to get operators to consider incremental (let alone architectural) updates to do origin authentication and some manner of routing announcement verification, the Dyn attack provided a clear and present danger that would not be addressed by such updates, so why bother with them?
This is the persistent reference page for the NOMA Measurements Template document. Please use this page’s URL to refer to the document: http://www.techark.org/noma-measurements-template/
Current version of the document: http://www.techark.org/wp-content/uploads/2016/12/20161208-NOMA-Measurements-Template.pdf
This is the persistent reference page for the 2016 NOMA Vision Paper. Please use this page’s URL to refer to the paper: http://www.techark.org/2016-noma-vision-paper/
Current version of the document: http://www.techark.org/wp-content/uploads/2017/01/20161209-NOMA-Vision-Paper-RefUpdate.pdf (Updated URL for reference to Internet Measurements Survey paper)
Older versions of the document:
One of the questions that comes up regularly is: what kind of projects are appropriate for TechArk?
So, here’s a handy little diagram, perhaps even a logo, to keep that in mind.
Have you ever…
Last Wednesday, in the hallways of the NANOG 68 meetings in Dallas, I started asking a question that goes to the heart of prioritizing work to improve Internet security; on Friday, with the DDoS attack on Dyn’s infrastructure, we got some searing insight into why it is quite possibly an urgent question.
The TechArk NOMA (Network Operator Measurement Activity) is focused on developing operator-driven network health measurements through the definition and promotion of self-instrumentation and information sharing.) This is all with a goal of ensuring a better, shared understanding of what “good” Internet looks like.
An important question is whether there is anything left to measure in operator networks? At an invitational workshop in June of this year, the answer seemed to be “why, yes, there is”.
Various measurements are made of and across networks today, but they are often done without the specific involvement of the operators of those networks, and therefore have to make guesses or generalizations about them. On the flipside, there’s a lot that goes into the customer’s experience of the Internet that can be adjusted and improved if network operators have a comprehensive instrumentation of their own networks.
The report from that workshop is now available here: http://www.techark.org/wp-content/uploads/2016/09/20160831-WorkshopReport-Final.pdf . Have a read through to see more about the experiences of one network operator that has implemented such instrumentation and possible paths forward to achieve the NOMA goal.
Trust is in the eye of the beholder – but it has to be based on something. In different contexts, crypto may be more relevant than heuristics, and vice versa. Traditionally, in Internetworking, business relationships have had a big role in determining whether or not to trust information being offered by another part, whether for routing information or for other network operations.