Internet Exchange Point

Technical

MANRS

LONAP joined the programme for Mutually Agreed Norms for Routing Security (MANRS) IXP Programme in 2019. This is a collaborative effort by network operators and Internet Exchange Points to reduce and mitigate the weaknesses that exist in routing security. These weaknesses include Route hijacking, route leaks, IP address spoofing and other harmful activities that can lead to DDOS attacks, traffic inspection, lost revenue and reputational damage. The effects of an attack cascade out from the target network and can be experienced by a significant number of users.

LONAP encourages its members to join the MANRS program and improve the routing hygiene for all users of the internet.

How LONAP Implements the MANRS IXP Programme Action Set

  • MANRS actions

  • Description

  • 1: Facilitate prevention of propagation of incorrect routing information
  • LONAP route servers filter on RPKI and IRRDB data. More details and filtering policy is on our route servers page.
  • 2: Promote MANRS in the IXP membership
  • 1 - LONAP uses IXP Manager which provides tools for members to identify filtered prefixes. During the member provisioning process, LONAP Support also checks IRRDB and RPKI information and offers assistance and guidance when needed.
    2 - LONAP periodically runs peering and BGP introductory training courses.
    This hands-on training course includes the MANRS principles of routing security and best practice.
    3 - This web page!
  • 3: Protect the peering platform
  • 1 - LONAP has a published policy detailing technical requirements and prohibited traffic types.
    2 - New connections are subject to a "quarantine" check process before being moved to the live peering VLAN.
    3 - We implement port security features on our switches and rate-limit certain traffic.
    4 - We use IXP-Watch and other tools to monitor the Layer-2 condition of the exchange. Action is taken to remove non-compliant traffic, including temporarily disabling ports where traffic could adversely affect the exchange.
  • 4: Facilitate global operational communication and coordination between network operators
  • 1 - Our portal allows members to see contact details of all other members.
    2 - We maintain a mailing list for all LONAP members for announcements and discussion.
    3 - LONAP Members are strongly encouraged to join PeeringDB.
  • 5: Provide monitoring and debugging tools to participants
  • LONAP provides collector router and route server looking glasses.
    Our portal allows members to see the status of prefixes filtered by the route servers, and also peer-to-peer SFLOW traffic stats to help identify unusual traffic flows.