Below is a summary of the current draft plan, including the policy objectives, implementation phases, and projected timeline. Internet2 invites feedback from its members and R&E network peers worldwide, with the plan subject to change based on the community’s valuable input.
Objectives of the New Routing Policy
The new policy focuses on the following four objectives:
- Prevent the Propagation of Leaked Commercial Routes: Stop unintended commercial routes from being propagated to Internet2 and other R&E peers, thus preserving dedicated R&E network paths.
- Preserve Zero-Touch Mutual Backup Transit: Maintain existing mutual backup transit arrangements that are crucial for robust global connectivity among the R&E community and require no manual intervention or configuration changes.
- Enhance Intentional Best Path Selection: Implement a more deliberate and optimized path selection process, particularly during normal operations when backup transit is not required.
- Maintain Current Route Announcements: Ensure that these routing security improvements do not disrupt or modify existing route announcements to Internet2’s peers. Instead, these changes will enable Internet2 to function as a protective firewall, preventing the propagation of leaked routes. Additionally, the route filters used to implement these changes will be published as Internet Routing Registry (IRR) objects, allowing other networks to adopt complementary policies.
Implementation Phases and Timeline
The phased rollout of this policy will start in early 2026, with all three phases expected to be completed by year’s end.
Phase 1: Preventing Commercial Route Leaks
Initially, Internet2 will collect and compile snapshots of typical routes announced by our international R&E peer networks. We will use these snapshots to create a common prefix filter applied to all Internet2 international R&E peers. This proactive filtering will prevent leaked commercial routes from entering the R&E ecosystem while still supporting automatic backup transit in the event of path failures.
We will update filters regularly and as requested by our direct peers. To support this, Internet2 is collaborating with CAIDA to further automate the detection and validation of new legitimate routes.
Phase 2: Enhancing Path Selection for Peers with IRR AS-Sets
For peers that publish their customer Autonomous System Numbers (ASNs) as IRR AS-sets, Internet2 will introduce peer-specific routing policies. These policies will prioritize paths from within each peer’s customer cone. Routes that match the common R&E filter but fall outside a peer’s AS-set will continue to be accepted as backup routes with a lower local-preference.
Phase 3: Full Transition to AS-Set-Based Filtering
The final stage will begin once all of Internet2’s R&E peers have fully adopted comprehensive customer cone declarations via IRR AS-sets. At that point, the common prefix filter — currently based on routing snapshots — will transition entirely to an AS-set-based model. This method will further simplify route management, reduce the risk of errors, and maintain minimum necessary exceptions.
Looking ahead to future standards, RPKI Autonomous System Provider Authorization (ASPA) may also become an option to support automated filtering and validation.
Your Feedback is Critical
Internet2 recognizes the importance of community engagement in policy formation. We encourage and value feedback from members of the international R&E community as we finalize and implement this policy.
Additionally, Internet2 will continue working with the Global Network Advancement Group (GNA-G) Routing Working Group to ensure the new policy complements the approaches utilized by other global partners.
Please send your thoughts, concerns, or suggestions to Steven Wallace, ssw@internet2.edu. Your input is crucial in ensuring that our routing policies effectively enhance the security, performance, and reliability of our shared global R&E network infrastructure.
ICYMI