This spring, services from heavy hitters like Google and Facebook seemed glitchy or inaccessible for people worldwide for more than an hour. But it wasn’t a hack, or even a glitch at any one organization. It was the latest mishap to stem from design weaknesses in the “Border Gateway Protocol,” the internet’s foundational, universal routing system. Now, after years of slow progress implementing improvements and safeguards, a coalition of internet infrastructure partners is finally turning a corner in its fight to make BGP more secure.
Today the group known as Mutually Agreed Norms for Routing Security is announcing a task force specifically dedicated to helping “content delivery networks” and other cloud services adopt the filters and cryptographic checks needed to harden BGP. In some ways the step is incremental, given that MANRS has already formed task forces for network operators and what are known as “internet exchange points,” the physical hardware infrastructure where internet service providers and CDNs hand off data to each others’ networks. But that process coming to the cloud represents tangible progress that has been elusive up until now.
“With nearly 600 total participants in MANRS so far, we believe the enthusiasm and hard work of the CDN and cloud providers will encourage other network operators around the globe to improve routing security for us all,” says Aftab Siddiqui, the MANRS project lead and a senior manager of internet technology at the Internet Society.
BGP is often likened to a GPS navigation service for the internet, enabling infrastructure players to swiftly and automatically determine routes for sending and receiving data across the complex digital topography. And like your favorite GPS mapping tool, BGP has quirks and flaws that don’t usually cause problems, but can occasionally land you in major bridge traffic. This happens when entities like internet service providers “advertise a bad route,” sending data on a haphazard, ill-advised journey across the internet and often into oblivion. That’s when web services start to seem like they’re down. And the risks from this…