Terrestrial network service provider Workonline Communications has become the first pan-African NSP to join the group of worldwide MANRS supporters by declaring that it implements all four of the routing manifesto actions.
MANRS (Mutually Agreed Norms for Routing Security) forms the basis of the Routing Resilience Manifesto, and aims to improve the security and resilience of the global internet routing system. It is subscribed to by leading international network providers like Level 3, NTT and Comcast.
“Over the last 10 years, Workonline Communications has increasingly implemented innovative and leading security and resilience practices,” says Edward Lawrence, business development director of Workonline Communications. “We are encouraged that these are set out in MANRS and that our standards meet international recognised best practices.
“Our pledge of support to the manifesto is a guarantee of our continued commitment to the highest international standards in security and resilience. Resilience and security lie at the core of our network, and adhering to global standards is part of our DNA,” he adds.
“By publicly stating the measures that we take to ensure the robustness of our network, we hope to encourage our customers and peers to do the same.”
Ben Maddison explains that Workonline filters by prefix on ingress from non-transit peers and on egress towards non-customer peers, using prefix-lists built nightly from the IRR. “Additionally, we use a detailed scheme of communities to filter non-customer prefixes from announcements towards non-customer peers, and to provide additional flexibility for customers to trigger selective prepending or suppression.”
Workonline also configures strict mode uRPF on all customer peering interfaces and loose mode on all non-customer peering interfaces to ensure anti-spoofing. “Reserved address space and bogons are null routed using RTBH on all iBGP speakers,” explains Maddison.
Additionally, Workonline maintains up-to-date NOC contacts, policy and peering information in the PeeringDB, RADb and AfriNIC databases. “The Workonline NOC is accessible 24/7/365 for assistance with inter-network routing and security incidents.”
Maddison notes that Workonline maintains a fully implementable (although simplified) external routing policy description in RPSLng syntax in the RADb, and uses the IRR to build peer-peer inbound prefix-filters that are updated nightly without operator intervention.
A full external routing policy description document, including complete descriptions of all BGP attribute handling is available to peers on request. “We also ensure that all prefixes originated by AS37271 are covered by a valid ROA.”