The Trusted Networks Initiative aims to mitigate the risks as well as the negative effects of certain security incidents by identifying and certifying ‘Trusted Networks’. These networks (i.e. autonomous systems) are offered a separate, ‘trusted’, environment where they can interconnect and exchange IP traffic with each other, as opposed to using the public, ‘untrusted’, Internet. This is what the initiative calls ‘Trusted Routing’. Participants can decide to use the platform either during emergency situations (e.g. large foreign DDoS attacks), or set up peering relations for permanent risk mitigation. This is up to the participating networks themselves. Partners of the initiative include the NLnet foundation, The Hague Security Delta, companies from the financial sector, ISPs who provide Internet access to end-users, and Internet Exchanges (AMS-IX and NL-ix).
See for more details the Trusted Networks Initiative website.
Networks who want to join the initiative, need to abide by rules set out in the Trusted Networks Policy. When awarded the Trusted Network quality label (see figure below), a network can start using the Trusted Routing service at AMS-IX.
The policy describes principles for compliance. A participating network for example has a functioning and reachable 24x7 NOC, and it has the obligation to apply source address filtering in order to prevent IP-spoofing. It also needs to be able to demonstrate it monitors its network and eliminates sources of attacks similar to DNS amplification, and that it follows a number of rules with regard to the advertising of its prefixes.
At AMS-IX Trusted Routing will be facilitated with a dedicated VLAN. Inside this VLAN only certified Trusted Networks can interconnect and exchange traffic with each other.
Trusted Routing as an AMS-IX service is to be provided to certified Trusted Networks soon. These parties can then use their AMS-IX connectivity for both peering in the public ISP VLAN as well as the Trusted Routing VLAN: tagging of their AMS-IX switch ports for multiple VLANs is supported.
Please contact the AMS-IX sales team to learn more about the Trusted Networks Initiative, as well as how to use the AMS-IX Trusted Routing service in the near future.