PT. Berkah Setia Digital

Implementation of MANRS Actions

• Action 1: Prevent propagation of incorrect routing information We are fully committed to ensuring the security and integrity of the global routing system. As part of our implementation of Action 1 (Prevent propagation of incorrect routing information):1. Strict Prefix Filtering:- We implement robust prefix filters for all BGP sessions, ensuring only authorized prefixes are announced. These filters are dynamically updated based on IRR and RPKI data to minimize errors and maintain accuracy. 2. RPKI-based Validation:- All prefixes announced by our network are validated against RPKI records to ensure they have valid Route Origin Authorizations (ROAs). 3. Customer Verification:- We rigorously verify that our customers are authorized to use the ASNs and IP blocks they announce, using IRR checks, RPKI validation, and official documentation. 4. Monitoring and Incident Response:- Real-time monitoring systems and alerts allow us to detect anomalies or invalid announcements, enabling swift corrective actions. 5. Transparency and Accountability:- We openly share our routing policies and actively engage with the community to promote routing security best practices. These measures ensure that our network not only complies with MANRS requirements but also contributes to a safer, more resilient global internet. Visitors should feel confident that our proactive approach helps protect the integrity of routing information across the internet.
• Action 2: Prevent traffic with spoofed source IP addresses We are fully committed to the prevention of source address spoofing as part of Action 2 (Prevent traffic with spoofed source IP addresses):1. Source Address Validation (SAV):- We deploy Unicast Reverse Path Forwarding (uRPF) in strict mode on all interfaces where feasible, ensuring that packets with invalid source IP addresses are dropped at the ingress point. 2. Alternative SAV Measures:- In scenarios where strict mode is not applicable (e.g., multi-homed customers), we implement ACLs and policy-based filtering to validate source addresses against customer-assigned prefixes. 3. Compliance Monitoring:- Regular network audits and monitoring systems ensure that all configurations for source address validation remain effective and up to date. 4. Collaboration with Customers:- We actively engage with customers, providing guidance on configuring their networks to prevent spoofed traffic and ensuring compliance with best practices. 5. Spoofer Testing:- We have run Spoofer tests to validate the effectiveness of our implementation. These tests confirm that our network does not allow traffic with spoofed source IP addresses to propagate.
• Action 3: Facilitate global operational communication and coordination We are dedicated to fostering effective communication and collaboration with the global network operator community as part of Action 3 (Facilitate global operational communication and coordination between network operators):1. Globally Accessible Contact Information:- Our up-to-date contact details are published on platforms like PeeringDB, WHOIS, and IRR databases, ensuring other network operators can reach us quickly for routing-related queries or incidents. 2. 24/7 Network Operations Center (NOC):- We maintain a 24/7 NOC to address any operational issues, including routing anomalies, security incidents, and peer communication. 3. Active Participation in NOGs:- We actively engage with regional and global Network Operator Groups (NOGs), participating in discussions, forums, and events to collaborate on routing security and operational improvements. 4. Proactive Communication:- We notify peers and upstream providers about planned changes, such as configuration updates or maintenance activities, to minimize disruptions and maintain transparency.
• Action 4: Facilitate validation of routing information on a global scale We are dedicated to ensuring the transparency and accuracy of our routing information as part of Action 4 (Facilitate validation of routing information on a global scale):1. Publicly Documented Routing Policy:- Our routing policy, including details about the ASNs and prefixes we advertise, is publicly available and regularly updated to ensure transparency. This allows other operators to validate our announcements effectively. 2. IRR and RPKI Registration:- All our prefixes and ASNs are registered in Internet Routing Registries (IRRs) and validated through Resource Public Key Infrastructure (RPKI) ROAs. This prevents unauthorized announcements and improves the reliability of global routing validation. 3. Proactive Updates:- We promptly update our IRR records and RPKI ROAs whenever changes occur, ensuring our advertised routing information is always accurate. 4. Support for BGP Communities:- Our routing policy includes clear documentation of BGP communities, providing peers and customers with the tools to manage route preferences transparently.