Action 1: Prevent propagation of incorrect routing information
We have implemented filtering on Cloudflare's BGP sessions. We have deployed RPKI.
Action 2: Prevent traffic with spoofed source IP addresses
We have Access Control Lists (ACL). Only traffic from Cloudflare IPs is allowed.
Action 3: Facilitate global operational communication and coordination
- [email protected] is monitored 24/7
- Peeringdb page is up to date.
- We have a history of being quick to respond
Action 4: Facilitate validation of routing information on a global scale
We signed our prefixes with RPKI.
We have open-sourced tools and provide free RPKI services.
Action 5: Encourage MANRS adoption
Cloudflare has been actively promoting the need for robust routing security over the last number of years, and continues to promote MANRS adoption and best practices through frequent industry presentations, blogging (https://blog.cloudflare.com/) and publications.
Action 6: Provide monitoring and debugging tools to the peering partners
We have a peering portal available on https://peering.cloudflare.com, displaying traffic stats and BGP sessions. Also https://rpki.cloudflare.com shows the RPKI status.