{"id":5171,"date":"2023-01-21T15:47:15","date_gmt":"2023-01-21T22:47:15","guid":{"rendered":"https:\/\/blog.caida.org\/best_available_data\/?p=5171"},"modified":"2023-01-24T23:16:48","modified_gmt":"2023-01-25T06:16:48","slug":"studying-conformance-of-manrs-members","status":"publish","type":"post","link":"https:\/\/blog.caida.org\/best_available_data\/2023\/01\/21\/studying-conformance-of-manrs-members\/","title":{"rendered":"Studying Conformance of MANRS Members"},"content":{"rendered":"

In November 2022, 85% MANRS members were conformant to Action #1 and Action #4.<\/strong><\/p>\n

 <\/p>\n

The Mutually Agreed Norms on Routing Security (MANRS) initiative is an industry-led effort to improve Internet routing security. MANRS encourages participating networks to implement a series of routing security practices.\u00a0 In our paper, <\/span>Mind Your MANRS: Measuring the MANRS Routing Ecosystem<\/span><\/a>, we at CAIDA (UC San Diego), in collaboration with Georgia Tech, and IIJ Research Lab, provided the first independent look into the MANRS ecosystem by using publicly available data to analyze the routing behavior of participant networks. MANRS membership has increased significantly in recent years, but our research goal was to get more clarity on the impact of the MANRS initiative on the state of overall Internet routing security. \u00a0 In this post, we summarize how we characterized the growth of MANRS members, explain our process of analyzing ISP conformance with the MANRS practices we studied, compare RPKI ROA registration status between MANRS and non-MANRS members, and reflect on implications of our analysis for the future of MANRS.\u00a0<\/span><\/p>\n

 <\/p>\n

We first analyzed what types of networks have joined MANRS over time, and whether MANRS members are properly implementing the routing security practices (MANRS <\/span>conformance<\/span><\/i>).\u00a0 The two practices (which MANRS calls <\/span>actions)<\/span><\/i> we focused on in our study are:\u00a0<\/span><\/p>\n

    \n
  1. Participating ISPs will register their IP prefixes in a trusted routing database (either Resource Public Key Infrastructure (RPKI) or one of the databases of the Internet Routing Registry (IRR). \u00a0 This practice is \u201cMANRS Action #4\u201d.<\/span><\/li>\n
  2. Participating ISPs will use such information to prevent propagation of invalid routing information. This practice is \u201cMANRS Action #1\u201d.<\/span><\/li>\n<\/ol>\n

     <\/p>\n

    Our paper analyzed the MANRS ecosystem in May 2022. Since MANRS is a growing community, for this post we have updated our analysis using data collected in November 2022 to capture a more recent view of the MANRS ecosystem. We have also <\/span>published our analysis code<\/span><\/a> here for interested readers to reproduce the analysis using the latest available data.<\/span><\/p>\n

     <\/p>\n

    MANRS growth<\/span><\/h3>\n

    We first downloaded a list of MANRS members. The Internet Society kindly provided us the dates when each MANRS participant joined the programs. We found that between 2015 and November 2022, 863 ASes joined MANRS. Over this 7-year period, an additional 12.1% of routed IPv4 address space was originated by MANRS ASes. Plotting growth by ASes and by address space (Figure 1) shows that most of these new ASes were based in the LACNIC region, but that those ASes originated little or no address space into BGP.\u00a0\u00a0\u00a0<\/span><\/p>\n

    \"\"<\/a><\/span><\/p>\n

    (a)<\/p>\n

    \"\"<\/a><\/span><\/p>\n

    (b)<\/span><\/p>\n

    Figure 1 \u2013 MANRS participation grew between 2015 and 2022, but the picture looks quite different if measured by number of ASes vs. % of routed address space.\u00a0<\/span><\/p>\n

    <\/h3>\n

    MANRS Conformance\u00a0<\/span><\/h3>\n

    We examined whether MANRS (ISP and CDN) members properly implemented MANRS Action #4 and #1 according to the MANRS requirements:<\/span><\/p>\n