Participant Info

  • Areas ServedRU
  • ASNs42861 49373

Implementation of MANRS Actions

  • Action 1: Prevent propagation of incorrect routing information During the setup of new customers and subnets we are in close contact with the global IRRs to make sure the customer owns the specific subnets. We are Filtering Downstream-Prefixes via IRR and RPKI Validation. The prefix-lists used to validate the IRR information are updated every night and pushed to all our routers automatically. We are working on only accepting RPKI valid prefixes from our IP-transit customers.Also we're applied strict AS-Path filter for all peers.As part of work to improve our interconnections security we will start adding inbound route filters in all of our BGP sessions. To build these filters we will initially use IRR data and we are evaluating the use of RPKI.
  • Action 2: Prevent traffic with spoofed source IP addresses Foton Telecom prevents traffic with spoofed source IP addresses, uRPF filter is implemented. We has executed anti-spoofing filters in both client and global peering inbound interfaces. Separating arrangement depends on express ACLs which just allows traffic from the client whose source deliver has a place with its appointed or own prefixes. Our network operates under the principles under of BCP38.
  • Action 3: Facilitate global operational communication and coordination We‘re using the IRR (RIPE/RADB) and the PeeringDB to publish the relevant contact (Abuse/NOC/Peering/Sales) information. Furthermore we are in close contact with other ISPs to be able to react quickly upon incidents.Our PeeringDB Entry: Looking Glass:
  • Action 4: Facilitate validation of routing information on a global scale We have a generally open peering policy.We applying route filters to all our BGP sessions. To build these filters we use your ASN data on the IRR system. To avoid any routing issues please keep your IRR objects up to date.IRR (RIPE/RADB) and PeeringDB are available for get our routing policy. ROAs are available in RIPE RPKI Repository.All the prefixes we announce are secured via RPKI and we drop RPKI Invalid prefixes (inbound).

Why Foton Telecom, CJSC Supports MANRS