Action 1: Prevent propagation of incorrect routing information
DigitalOcean ensures correctness of our own announcements through 100% automation and heavy egress prefix filtering. DigitalOcean ensures correctness of announcements from peers through IRR-based prefix filtering. Strict prefix-lists are generated regularly for each applicable peer and applied per-session. DigitalOcean also implements RPKI ROV and dropping of invalid announcements.
Action 2: Prevent traffic with spoofed source IP addresses
DigitalOcean implements multiple layers of egress filtering to drop traffic sourced from non-DigitalOcean controlled IP address space. We also have monitoring infrastructure in place to notify us when this is not effective.
Action 3: Facilitate global operational communication and coordination
DigitalOcean maintains contact information with relevant registry providers and PeeringDB which is audited periodically. We actively monitor the inboxes associated with these providers by a team of senior network engineers.
Action 4: Facilitate validation of routing information on a global scale
DigitalOcean uses RADB IRR to publicly document routing intent and we’re in the process of implementing RPKI ROAs for our own IP space and ROV for route filtering.
Action 5: Encourage MANRS adoption
DigitalOcean encourages other networks to adopt MANRS and play their part in keeping the global Internet secure.