Fast, reliable and secure solutions purpose built for research and education
Solutions for managing data and enabling collaboration virtually anywhere
Solutions for protecting campus networks and assets from cyber threats
Empower collaboration, discovery and innovation
Accelerate digital transformation
Inspire great teaching and learning
Transform the classroom experience
Discover, share and preserve collections
About our company and what we do
From pioneering the internet in Australia in 1989 to today
Our Board, Executive Team and Advisory Committee
Our company policies, statements and public reports
Explore opportunities and benefits of working with AARNet
Log in to view details about your AARNet services, including usage reports
Log in to send files of any size, quickly and securely
CloudStor is being decommissioned on 15 December, 2023.
Browse answers to frequently asked questions about our products and services
Check the current performance status for our services
Fast local access to popular international open-source content
Check to see if a web address is on-net
AARNet is helping to provide network operators with crucial fixes to reduce the most common Internet routing threats as part of the MANRS global initiative
AARNet is part of the global initiative Mutually Agreed Norms for Routing Security (MANRS), which provides network operators with crucial fixes to reduce the most common Internet routing threats, including route hijacking, route leaks, and IP address spoofing.
These harmful activities are global in scale and can lead to Distributed Denial of Service attacks, data surveillance, lost revenue, reputational damage and more.
For the research and education sector, the implementation of MANRS actions can help universities secure their network infrastructure and reduce the risk of data being compromised.
Route hijacking is a common problem and can allow the interception of network traffic by a third party. If you create Route Object Authorisation (ROA) entries for your network blocks, Internet Service Providers (ISPs) are able to validate that the routes received from their peers for your network blocks are either valid or invalid. If a route is received with an invalid ROA, ISPs can and will drop the invalid route as per best practice guidance from MANRS.
If ROA records are not created or maintained correctly, route hijacking by accident or deliberate actions can easily occur because the validity of the route will not be clear to the ISPs. This lack of clarity can be quite disruptive for productivity. An example case occurred within an institution heavily reliant on Google’s cloud services. While data was successfully sent to Google’s servers, instead of data coming back to the institution, the response was routed to a US-based ISP. This effectively locked them out of accessing Google cloud services, and connectivity was only re-established after an involved and time-consuming process.
MANRS co-chair and AARNet Head of Network and Systems Architecture, Warrick Mitchell, explains that it’s more important than ever for universities to ensure their data is protected and to minimise the risk of accidentally advertising their IP block.
“With a growing dependence on cloud services in the research and education sectors, a reliable and secure network infrastructure is vitally important,” he said.
“Through community collaboration with MANRS, institutions can ensure via best practices that their data is routed to the correct destination and they continually retain full access to those crucial services.”
In addition to these data security measures, MANRS also provides guidance on how to maintain a globally accessible repository of your contact information, to enable ISPs or other entities to reach out to you when a security incident is detected.
To further boost customer security, AARNet will soon be implementing the dropping of invalid ROA information, and encourages all institutions to review their records in APNIC to ensure they are up to date and create ROA entries for their network blocks.
Please note, if you peer with AARNet using a private BGP Autonomous System Number (ASN), then your ROA entries need to be created with the ASN originating the network block as 7575 (AARNet), otherwise your network may be dropped from the internet by AARNet’s upstream providers. If you have a public ASN, then your network blocks should be signed with that ASN.
If your institution has historical network blocks, APNIC is now offering a “Historical Maintenance Non-Membership account” allowing you to create ROA’s for your historical network blocks for a small annual fee. For more information on this service, please reach out to APNIC.
If you’d like to find out more, please visit the MANRS website or contact us to have a conversation about how MANRS can help safeguard your institution.