LACNIC

Routing

Promotion of Best Practices Drives Reduction of Route Hijacking Incidents in the Region

30/07/2020

So far this year, Internet route hijacking in the LACNIC region has decreased dramatically, reinforcing a trend that had already been noticed throughout 2019. 

According to research conducted by Alejandro Acosta, R&D Coordinator at LACNIC, the sharp drop in the number of network hijacks comes at a time when IP address assignments and consequently Internet routing tables and prefixes have grown, which means that there is significant value in reducing the number of routing incidents.

The decrease in routing incidents is the result of the region’s commitment to creating a secure and resilient Internet. 

According to Acosta, there is a marked reduction in the number of hijacks each year, largely thanks to the adoption of best practices to increase network resilience, the implementation and use of RPKI (resource certification) and the IRR (Internet Routing Registry).

LACNIC has played a key role in this sense, both by raising awareness on the subject as well as by offering training and developing tools to strengthen Internet routing security.

The Regional Internet Registry for Latin America and the Caribbean has provided training on routing security within the framework of its annual events, in addition to online courses offered through the LACNIC Campus, during network operators group meetings and working jointly with IXPs. Likewise, LACNIC launched the FORT Project which includes the creation of the open-source FORT Validator; FORT Monitor, a tool to identify regional trends in route hijacking, and the FORT Report, which provides a diagnosis of the impact of routing security on the experience of Internet users. LACNIC is also working on the MANRS (Mutually Agreed Norms for Routing Security) initiative supported by the Internet Society to promote the adoption of recommended best practices for both operators and IXPs, together with LACNOG’s Training and Routing working groups.

“LACNIC has played a significant role in best routing practices,” said Guillermo Cicileo, Head of Internet Infrastructure Research and Development at LACNIC. The expert explained that the regional IRR is a database that allows operators to specify their routing policies and make them publicly available so that other actors who are part of the Internet routing system can use this information to configure their own devices.

Hijacking. According to the research conducted by Acosta in collaboration with Graciela Martínez, Head of LACNIC CSIRT, Brazil is the country with the highest number of prefix hijacks in the region and the second highest worldwide. 

In this regard, Cicileo highlighted the work of NIC.Br, which has managed to cut down routing incidents by almost fifty percent. The FORT Report particularly stresses the reduction of incidents thanks to “the actions of organizations such as NIC.Br that have worked with network operators to implement route filtering measures and thus mitigate BGP routing incidents.”

NIC.Br has organized training activities on RPKI and Krill, and has worked strongly on RPKI adoption this past year.

As for the dates on which route hijacks occur, Acosta compared how hijacks behaved between 2016 and 2019. He grouped the events by month and presented an additional breakdown for IPv4 and IPv6.

“Considering the total number of hijacks, November is the month with the most activity, while March is the one with the least. Nevertheless, March is the month that shows the second highest IPv6 incident rate (percentage),” the research concluded.