Securing routing for Uganda’s research, education networks
By Arthur Tumwesigye, Network Engineer, Research and Education Network for Uganda (RENU)
Following a recent three-week MANRS workshop offered to a group of network engineers in Africa, our team at the Research and Education Network for Uganda (RENU) has taken concrete steps to help secure the global routing system. Let me share our story here.
Along with 17 other engineers from various National Research and Education Networks (NRENs), I took part in the online training in July and August organized by MANRS and the UbuntuNet Alliance. You can read UbuntuNet Alliance’s summary of the training here.
During the course, I learned the MANRS actions both in theory and with hands-on practice. The actions are as follows:
- Filtering – Preventing propagation of incorrect routing information
- Anti-spoofing – Preventing traffic with spoofed source IP addresses
- Coordination – Facilitating global operational communication and coordination between network operators
- Global Validation – Facilitating validation of routing information on a global scale
The training also included other post-training tasks, such as requiring participants to update our routing information with AFRINIC to make sure it is accurate and updated.
From the training, I learnt to implement the MANRS actions using various networking techniques in a virtualized lab environment. I learned about Access Control Lists (ACLs), route maps, prefix lists, and Unicast Reverse Path Forwarding (uRPF). I was also able to set up a routinator which works as a Resource Public Key Infrastructure (RPKI) validator.
Within three weeks of attending the course, we signed and validated all Route Origin Authorizations (ROAs) for both our IPv4 and IPv6 prefixes. We have also deployed route filtering in our entire network backbone. We are now working on updating our information on PeeringDB, WHOIS database, and, eventually, deploying a routinator and Resource Public Key Infrastructure (RPKI).
For a long time, our team at RENU wanted to join MANRS, and this course paved the way for us to do that more easily. We are looking forward to becoming a member of MANRS by the end of 2020.
I highly recommend this training course for ISP engineers and network operators, IXP community members, and other NREN community members because the knowledge and practical information we learned from this course can help in improving the security posture of your organizations while reducing the number and negative impact of common routing incidents, such as prefix hijacks, route leaks, and IP address spoofing.
Moreover, this course helps to build personal skills useful in our profession as network engineers. We are the builders of the Internet, and it is important that we work together. Personally, not only will the MANRS training benefit me, but it will also help secure RENU and the Internet at large.
Check out the Workshops page for more information and to arrange one for your organization!
Leave a Comment