Oracle releases free Internet routing security monitoring tool
Oracle has released a free tool that shows the strengths and weaknesses of Internet Exchange Point (IXP) filtering errors or malicious traffic routing information to prevent major Internet outages. The IXP Filter Check is designed to help IXP identify and fix vulnerabilities in route filtering while revealing to the public the role of IXPs in maintaining Internet security. IXP routes traffic between different ISP networks. This is a physical location with a large number of network switches that seamlessly connect to different service providers’ networks. Oracle’s new tool, the IXP Filter Check, is part of Mutually Agreed Norms for Routing Security (MANRS) project, which aims to enhance Internet routing security.
In recent years, Internet routing errors, whether accidental or malicious, have frequently caused major problems. For example, Google’s traffic was misdirected to an ISP in China last year, causing the company’s search and other services to be intermittently interrupted in more than an hour. Earlier this year, Cloudflare’s key customers’ traffic was routed through a network of small companies in Pennsylvania. This misdirection led to the unavailability of sites hosted by Cloudflare and many other service providers, which lasted about two hours and affected a large percentage of users across the Internet.
The MANRS project aims to address the fundamental weaknesses in the Internet’s core routing infrastructure. At a high level, the initiative wants to ensure that ISPs and IXPs have a way to quickly identify and filter bad routing information and prevent misrouted traffic from spreading across the Internet.
To join the MANRS program, IXPs need to filter all routing decisions they receive with specific criteria to ensure the legitimacy of routing messages. The goal is to ensure that any routing information that cannot be properly verified is filtered out, such as routing information that the source cannot verify.
Oracle’s IXP Filter Check is a monitoring service that is currently deployed in approximately 200 IXP locations, essentially checking for the effectiveness of IXP filtering errors and malicious routes. According to Doug Madory, director of Oracle Internet Analytics, this is a free service that provides a third-party review of routing on IXP routing servers. The goal is to publicly report invalid information flowing in order to help improve IXP and report the performance of the IXP to the public.
Instead of helping the IXP filter routing messages, the Oracle tool helps the IXP administrators monitor and analyze the effectiveness of their existing route filtering.
The filtering mechanism used by IXP Filter Check is similar to that used by the MANRS project. The tool checks the routing information in the same way as the IXP filtering mechanism, such as ensuring that the routing message has the appropriate source information and prefix length.
According to Madory, the IXP Filter Check is the first tool to provide independent real-time analysis of the behavior of IXP routing servers worldwide.