Supporting IXPs to Improve Routing Security

18/08/2021

A plan designed to support Internet Exchange Points promoted by  LACNIC, the Internet Society (ISOC), and LAC IX is improving Internet routing security in the region.

The project has allowed IXPs to have access to the RPKI validation system, automate their route servers, have a centralized management platform, and certify the Mutually Agreed Norms for Routing Security (MANRS).

The goal of the three organizations behind the program is to promote a culture of collective responsibility for global Internet routing system resilience and security, and to demonstrate the industry’s ability to solve these problems.

Mauricio Oviedo, SOCIUM.CR CEO and one of the collaborators in this project, explained that their work involves not only improving those IXPs that are already in operation but also creating new Internet exchange points across the region.

The program follows the evolution of IXPs to implement best practices and has managed to implement in weeks or months processes that might have previously taken a year or more to complete.

According to Oviedo, it also trains members applying a knowledge transfer process so that the IXPs will be able to continue operating independently once the support offered by the program comes to an end.

The plan. The program identifies the needs of the different IXPs (regardless of whether they are already in operation or taking the first steps towards implementation), and then continues with the implementation and training processes. Part of this process includes providing support in the form of infrastructure. In this case, LACNIC or the Internet Society provide support to strengthen existing infrastructure or to incorporate new equipment.

In addition, according to Guillermo Cicileo, Head of Internet Infrastructure Research and Development at LACNIC, “As part of the process, LACNIC’s value-added services are installed at the IXPs (BGP route collector and anycast instance of the reverse root servers).”

Oviedo noted that six of the IXPs that are part of this program are also already part of the MANRS IXP Program, while the remaining four will join at the end of this process. He stressed that the goal is to create a domino effect where IXPs set an example by joining the program, after which they will be followed by the operators in each of those countries.

“The purpose of strengthening IXPs as part of each country’s Internet infrastructure is to improve Internet security and stability at these points, where a significant part of local traffic is exchanged. In addition, IXPs have a multiplier effect among their members, leading many to adopt best practices and encouraging the operators themselves to join MANRS,” noted Guillermo Cicileo, Head of R&D at LACNIC.

According to Israel Rosas, Senior Regional Development Manager at the Internet Society, this type of collaboration benefits the Internet in many ways. “By helping to deploy and strengthen IXPs in our region, the Internet will be able to continue to grow and become increasingly resilient. At the same time, coordinated actions with stakeholders who are part of the technical community encourage IXPs to adopt best security practices, setting an important example for other members of the community.”

Likewise, LAC-IX Manager Gabriel Adonaylo stressed the importance of collaboration among regional Internet organizations for achieving concrete, short-term results. “We work together with the different actors, planning and implementing multiple initiatives to strengthen the Internet. And routing security is one of the key components of these initiatives,” he concluded.