Working Toward a More Secure Global Internet
China Telecom Commits to Safe Internet MANRS
China Telecom Becomes First Chinese ISP to Adopt MANRS Internet Routing Security Standards
The Mutually Agreed Norms for Routing Security (MANRS) global initiative is leading the future of internet routing security with crucial fixes to reduce common routing threats. Working with network operators, internet service providers, content delivery networks, cloud providers and equipment vendors it monitors and provides solutions for common routing threats like route hijacking, route leaks and IP address falsification that can result in breaches, and revenue and productivity losses. China Telecom Americas is an integral part of this enhanced global internet security effort.
China's Internet: A Brief History to China's Internet Evolution and the Need for More Routing Security1
ASN Proliferation Increases
Routing Risks
The concept of the Internet as we know it today can be traced back to the Autonomous Networks (ASN) of the early 1990s. An ASN is a collection of IP prefixes that belong to a network. ASNs are how network operators, carriers, and Internet service providers (ISP) route internet traffic between each other.
Since 2016, growth of ASN registrations has exploded. The United States has more than a quarter of the world's registered ASNs at 27%, followed by Brazil, 8%; China, 6%; Russia, 5% and India, 5%.
More ASNs = More Routing Incidents2
0
Total ASNs registered as of September 2022
+0 %
Growth in ASNs since 2016
0 %
Share of ASN space owned by U.S. operators
0 %
Share of ASN space owned by Chinese operators
BGP: A Routing System Unchanged Since 1994
At the beginning, the primary goal of internet technologies was connectivity, not security. Border Gateway Protocols (BGP) were developed early on to determine how information packets are routed around the world. BGP uses a system of routing prefixes and tables to communicate with other networks. It is one of the most long-lasting, widely used internet protocols to connect the global internet.
BGP Basics: A Protocol Built on Trust
Step 1
The information is appended with a unique identifier corresponding to the network operator’s ASN number
Step 2
The network operator announces the exact route the information should follow
Step 3
The BGP protocol checks the route announcement to verify that it is correct
Challenges for Global Internet Operators
As the number of ASNs grows, BGP routing tables are more likely to be misconfigured, causing a steady growth of BGP mishaps each year.
"While there might be a temptation to assume that bad actors are at work, incidents like this only serve to demonstrate just how much frailty is involved in how packets get from one point on the Internet to another"
Tom Paseka
Network Strategy, Cloudflare
Invalid announcements are instantly addressed at network boundaries. If the source network sees that the destination network is not part of its determined route, it will stop transmission. However, route leaks, route hijacking or misconfiguration can lead to breaches with major consequences.
2021 Saw Major Routing Incidents
Massive BGP Hijack by Large European Telecom
Massive BGP Hijack by Large European Telecom
Large Route Leak by American ISP
Attempted Hijack of Social Media Service
775 Route Hijacking Instances3
830 Possible Leaks3
China Telecom and the Move Toward a Safer Internet
While BGP leaks are distressingly common, they are preventable. China Telecom is at the forefront of enabling more a responsible internet and preventing disruptive outages and issues. China Telecom uses BGPSec and Resource Public Key Infrastructure (RPKI) in its networks plus a range of cryptographic methods of Route Origin Authorization (ROA) and verification to reduce internet routing mishaps.
China Telecom routes AS4134, AS4809, AS23764 and AS36678 are part of the MANRS network operator program. Enterprises using these networks are transmitting information across secure routing infrastructure.
Read Our Press Release
Internet Routing Security Options
According to Doug Maddory of Kentik, “Adjacent networks should deploy filtering mechanisms to contain the damage [caused by route leaks].”4 These can include:
China Telecom Steps Up Routing Security by Joining MANRS
In 2019, China Telecom proudly became the first Chinese service provider to join the Mutually Agreed Norms for Routing Security or the "MANRS" initiative. MANRS and its 870 members, as of 2022, are leading the future internet. The MANRS global initiative is leading the future of internet routing security with crucial fixes to reduce common routing threats. Working with network operators, internet service providers, content delivery networks, cloud providers and equipment vendors it monitors and provides solutions for common routing threats like route hijacking, route leaks and IP address falsification that can result in breaches, and revenue and productivity losses. China Telecom Americas is an integral part of this enhanced security effort with all backbone networks recognized as MANRS-conformant since 2021.
“MANRS represents the future of Internet routing security. Network operators in the MANRS community are pioneers, making global routing infrastructure as robust and secure as possible, through innovation and investment. As a leading global communications and network service provider, China Telecom (Americas) has been collaborating with the MANRS team since early 2019 to implement the best routing security standards on all of our major Internet networks.”
Yu Yi
Vice President, China Telecom Americas
Learn more about China Telecom's global internet citizenship efforts
