Grow and secure your network using Liberty Global IP Transit Services
Liberty Global is a Tier 1 IP Transit Services provider that puts a high value on creating a first-class network, adopting security practices that surpass industry averages. IP network security has been our top priority. As such, Liberty Global is one of the first providers to adopt new frameworks like MANRS (Mutually Agreed Norms for Routing Security) and RPKI (Resource Public Key Infrastructure) and implement measures against DDoS attacks.
Global Data Centers
Liberty Global Network (AS)
Liberty Global is one of the first global IP Transit Providers to apply Resource Public Key Infrastructure (RPKI).
Liberty Global is a Tier 1 IP network operator that provides a network security system which gives our customers the reassurance they demand
Liberty Global has signed the World Economic Forum's Cybercrime Prevention Principles for Internet Service Providers
Among the ﬁrst global IP Transit Providers to be MANRS Compliant
Among the first global IP Transit Providers to apply Resource Public Key Infrastructure (RPKI)
Liberty Global is one of the ﬁrst global IP Transit Providers to apply Resource Public Key Infrastructure (RPKI)
Border Gateway Protocol (BGP) is a standardized exterior gateway protocol. Unfortunately, it isn’t that secure. There have been some major BGP hijacks in the past years. That is why Internet Service Providers (ISPs) and other Internet providers decided to apply Resource Public Key Infrastructure (RPKI).
Beneﬁts of implementing RPKI
1. Further secure BGP Routing
2. Improve network stability
3. Ensure the network security
4. Prevent ourselves from being hijacked
5. Prevent our customers from participating in DDoS attacks
LIBERTY GLOBAL IS ONE OF THE FIRST IP TRANSIT PROVIDERS TO BE MANRS* COMPLIANT
*Mutually Agreed Norms for Routing Security
Facilitating global operational communication and coordination between network operators
What are the 6 recommendations for securing routing and signaling?
1. Understand current Border Gateway Protocol (BGP) peering relationships and seek to collaborate with peers to better identify BGP hijacks and be able to effectively respond.
2. Strongly consider joining the Mutually Agreed Norms for Routing Security (MANRS) project and implementing MANRS requirements.
3. Implement BCP38 (or similar) ingress filtering to reduce the ease with which some types of DDoS can be undertaken and the value of infrastructure to attackers.
4. Appropriately manage access to and use of protocols such as DNS which can be used to enact DDoS attacks.
5. Raise awareness of the security vulnerabilities of SS7 and implement relevant solutions (e.g. the GSMA SS7 filtering standard) to better protect customers. Ensure that the next generation of signalling is better secured.
6. Enable The Domain Name System Security Extensions (DNSSEC) validation in resolvers and encourage customers to DNSSEC-sign the zones for which they are authoritative.
How does RPKI (Resource Public Key Infrastructure) enhance Network Security?
Internet routing works with networks called autonomous systems. Each network has its own
unique number by which it is identified, the so called ASN: autonomous system number. With
this number a network advertises the IP addresses that are linked within that network.
can you be sure that this information is true? The IETF (Internet Engineering Task Force)
has worked to develop the RPKI, Resource Public Key Infrastructure, which is a way to
digitally sign and validate route announcements. In other words, proof that the IP addresses
you announce are indeed the ones you are allowed to announce, attested by the owner of the
The IP addresses are signed off with a Route Origin Authorization (ROA) via the
Regional Internet Registry (RIR, in Europe this is RIPE) that originally assigned the IP
addresses to the owner. It seems easy but in reality it isn’t.
As a Tier 1 provider Liberty
Global works according to these standards within its own network. All IP addresses we use on
our network and for our customers are RPKI signed. We strongly advise any of our BGP
customers that maintain their own IP addresses, to sign their prefixes with ROA’s to protect
against BGP hijacks when connecting to our network. RPKI protects BGP routing against both
intentional, but also unintentional misconfiguration BGP hijacks.
What does MANRS Compliancy mean?
MANRS stands for Mutually Agreed Norms for Routing Security. It is a set of principles and
actions that the global internet society has set up to further secure the internet and
prevent routing failures. This is done to protect both consumers and companies and make sure
the internet keeps on being the place where information is safely shared, worldwide.
The internet is a collection of networks. Its security depends on the collaboration of these
networks to ban malicious parties and to make it very hard for them to be successful.
Working together is the key. Liberty Global takes its role very seriously. It not only
applies RPKI and BCP38 within its own very large network, but is one of the first providers
to be fully MANRS compliant.