route: 0.0.0.0/32 in LEVEL3 IRR
Hi, I got 2 bounces for the email addresses seen below for an email similar to the below... Anyone want to remove this IRR entry before anyone notices...??? ;-) Frank I believe that the entry of route: 0.0.0.0/32 does not serve any good purpose? I was surprised to see it in a list of prefixes from bgpq4 and the very good https://irrexplorer.nlnog.net/prefix/0.0.0.0 guided me that it's in "Level3". I'm wondering how many auto-generated filters contain this unnecessary prefix.... PS: Oh, just seen - it's from TODAY. Maybe remove before anyone sees it...? Thanks for looking into this, Frank [frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32 [Querying rr.level3.com] [rr.level3.com] route: 0.0.0.0/32 origin: AS10753 mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:04:49Z [frank@fisi ~]$ whois -h rr.level3.com TCCGlobalNV-MNT [Querying rr.level3.com] [rr.level3.com] mntner: TCCGlobalNV-MNT descr: TCC Global N.V. auth: CRYPT-PW DummyValue # Filtered for security upd-to: ripehostmaster@eu.centurylink.net tech-c: LTHM admin-c: LTHM mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:01:52Z
That's pretty cool, actually. I keep wondering when someone will offer up a 0.0.0.0/8... https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-0-00.html There must be more people out there than just amazon and google that ran out of 10/8. On Tue, Jan 30, 2024 at 11:29 AM Frank Habicht <geier@geier.ne.tz> wrote:
Hi,
I got 2 bounces for the email addresses seen below for an email similar to the below...
Anyone want to remove this IRR entry before anyone notices...??? ;-)
Frank
I believe that the entry of route: 0.0.0.0/32
does not serve any good purpose?
I was surprised to see it in a list of prefixes from bgpq4 and the very good https://irrexplorer.nlnog.net/prefix/0.0.0.0 guided me that it's in "Level3".
I'm wondering how many auto-generated filters contain this unnecessary prefix....
PS: Oh, just seen - it's from TODAY. Maybe remove before anyone sees it...?
Thanks for looking into this, Frank
[frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32 [Querying rr.level3.com] [rr.level3.com] route: 0.0.0.0/32 origin: AS10753 mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:04:49Z
[frank@fisi ~]$ whois -h rr.level3.com TCCGlobalNV-MNT [Querying rr.level3.com] [rr.level3.com] mntner: TCCGlobalNV-MNT descr: TCC Global N.V. auth: CRYPT-PW DummyValue # Filtered for security upd-to: ripehostmaster@eu.centurylink.net tech-c: LTHM admin-c: LTHM mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:01:52Z
-- 40 years of net history, a couple songs: https://www.youtube.com/watch?v=D9RGX6QFm5E Dave Täht CSO, LibreQos
DoD's /8s are usually squatted by networks that run out of private IPv4 space. Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you, for some reason like it not appearing in the DFZ people seem to like it. Rubens On Tue, Jan 30, 2024 at 11:40 PM Dave Taht <dave.taht@gmail.com> wrote:
That's pretty cool, actually. I keep wondering when someone will offer up a 0.0.0.0/8...
https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-0-00.html
There must be more people out there than just amazon and google that ran out of 10/8.
On Tue, Jan 30, 2024 at 11:29 AM Frank Habicht <geier@geier.ne.tz> wrote:
Hi,
I got 2 bounces for the email addresses seen below for an email similar to the below...
Anyone want to remove this IRR entry before anyone notices...??? ;-)
Frank
I believe that the entry of route: 0.0.0.0/32
does not serve any good purpose?
I was surprised to see it in a list of prefixes from bgpq4 and the very good https://irrexplorer.nlnog.net/prefix/0.0.0.0 guided me that it's in "Level3".
I'm wondering how many auto-generated filters contain this unnecessary prefix....
PS: Oh, just seen - it's from TODAY. Maybe remove before anyone sees it...?
Thanks for looking into this, Frank
[frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32 [Querying rr.level3.com] [rr.level3.com] route: 0.0.0.0/32 origin: AS10753 mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:04:49Z
[frank@fisi ~]$ whois -h rr.level3.com TCCGlobalNV-MNT [Querying rr.level3.com] [rr.level3.com] mntner: TCCGlobalNV-MNT descr: TCC Global N.V. auth: CRYPT-PW DummyValue # Filtered for security upd-to: ripehostmaster@eu.centurylink.net tech-c: LTHM admin-c: LTHM mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:01:52Z
-- 40 years of net history, a couple songs: https://www.youtube.com/watch?v=D9RGX6QFm5E Dave Täht CSO, LibreQos
Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you
Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern." If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still. On Wed, Jan 31, 2024 at 12:49 AM Rubens Kuhl <rubensk@gmail.com> wrote:
DoD's /8s are usually squatted by networks that run out of private IPv4 space. Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you, for some reason like it not appearing in the DFZ people seem to like it.
Rubens
On Tue, Jan 30, 2024 at 11:40 PM Dave Taht <dave.taht@gmail.com> wrote:
That's pretty cool, actually. I keep wondering when someone will offer up a 0.0.0.0/8...
https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-0-00.html
There must be more people out there than just amazon and google that ran out of 10/8.
On Tue, Jan 30, 2024 at 11:29 AM Frank Habicht <geier@geier.ne.tz>
wrote:
Hi,
I got 2 bounces for the email addresses seen below for an email similar to the below...
Anyone want to remove this IRR entry before anyone notices...??? ;-)
Frank
I believe that the entry of route: 0.0.0.0/32
does not serve any good purpose?
I was surprised to see it in a list of prefixes from bgpq4 and the very good https://irrexplorer.nlnog.net/prefix/0.0.0.0 guided me that it's
in
"Level3".
I'm wondering how many auto-generated filters contain this unnecessary prefix....
PS: Oh, just seen - it's from TODAY. Maybe remove before anyone sees it...?
Thanks for looking into this, Frank
[frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32 [Querying rr.level3.com] [rr.level3.com] route: 0.0.0.0/32 origin: AS10753 mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:04:49Z
[frank@fisi ~]$ whois -h rr.level3.com TCCGlobalNV-MNT [Querying rr.level3.com] [rr.level3.com] mntner: TCCGlobalNV-MNT descr: TCC Global N.V. auth: CRYPT-PW DummyValue # Filtered for security upd-to: ripehostmaster@eu.centurylink.net tech-c: LTHM admin-c: LTHM mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com source: LEVEL3 last-modified: 2024-01-30T11:01:52Z
-- 40 years of net history, a couple songs: https://www.youtube.com/watch?v=D9RGX6QFm5E Dave Täht CSO, LibreQos
For many years, a large customer (telco/VOIP/ISP carrier that should have known better) of a former employer was using 11.0.0.0/8 as an extension of 10.0.0.0/8 and literally forced said employer to carry their routes to those prefixes in those tables (or lose an extremely lucrative contract). At the time, 11/8 was IANA resrved, and my point that it was likely to be allocated to an RIR and subsequently some real entitie(s) on the internet was utterly lost in the pursuit of the almighty dollar. I left that job for greener pastures before IANA allocated that prefix, but I’m sure there were some definite interesting results there when it happened. Owen
On Jan 31, 2024, at 14:45, Tom Beecher <beecher@beecher.cc> wrote:
Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you
Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern."
If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still.
On Wed, Jan 31, 2024 at 12:49 AM Rubens Kuhl <rubensk@gmail.com <mailto:rubensk@gmail.com>> wrote:
DoD's /8s are usually squatted by networks that run out of private IPv4 space. Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you, for some reason like it not appearing in the DFZ people seem to like it.
Rubens
On Tue, Jan 30, 2024 at 11:40 PM Dave Taht <dave.taht@gmail.com <mailto:dave.taht@gmail.com>> wrote:
That's pretty cool, actually. I keep wondering when someone will offer up a 0.0.0.0/8. <http://0.0.0.0/8.>..
https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-0-00.html
There must be more people out there than just amazon and google that ran out of 10/8.
On Tue, Jan 30, 2024 at 11:29 AM Frank Habicht <geier@geier.ne.tz <mailto:geier@geier.ne.tz>> wrote:
Hi,
I got 2 bounces for the email addresses seen below for an email similar to the below...
Anyone want to remove this IRR entry before anyone notices...??? ;-)
Frank
I believe that the entry of route: 0.0.0.0/32 <http://0.0.0.0/32>
does not serve any good purpose?
I was surprised to see it in a list of prefixes from bgpq4 and the very good https://irrexplorer.nlnog.net/prefix/0.0.0.0 guided me that it's in "Level3".
I'm wondering how many auto-generated filters contain this unnecessary prefix....
PS: Oh, just seen - it's from TODAY. Maybe remove before anyone sees it...?
Thanks for looking into this, Frank
[frank@fisi ~]$ whois -h rr.level3.com <http://rr.level3.com/> 0.0.0.0/32 <http://0.0.0.0/32> [Querying rr.level3.com <http://rr.level3.com/>] [rr.level3.com <http://rr.level3.com/>] route: 0.0.0.0/32 <http://0.0.0.0/32> origin: AS10753 mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com <mailto:ankita.grewal@lumen.com> source: LEVEL3 last-modified: 2024-01-30T11:04:49Z
[frank@fisi ~]$ whois -h rr.level3.com <http://rr.level3.com/> TCCGlobalNV-MNT [Querying rr.level3.com <http://rr.level3.com/>] [rr.level3.com <http://rr.level3.com/>] mntner: TCCGlobalNV-MNT descr: TCC Global N.V. auth: CRYPT-PW DummyValue # Filtered for security upd-to: ripehostmaster@eu.centurylink.net <mailto:ripehostmaster@eu.centurylink.net> tech-c: LTHM admin-c: LTHM mnt-by: TCCGlobalNV-MNT changed: ankita.grewal@lumen.com <mailto:ankita.grewal@lumen.com> source: LEVEL3 last-modified: 2024-01-30T11:01:52Z
-- 40 years of net history, a couple songs: https://www.youtube.com/watch?v=D9RGX6QFm5E Dave Täht CSO, LibreQos
On 01/02/2024 01:45, Tom Beecher wrote:
Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern."
If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still.
Well... If you're using 20.20.20.0/24 which is not "yours" (as I've seen happen), then certainly your customers can't get to the real 20.20.20.x And even if that's not announced and used /today/ - this can change quickly... Frank
On Jan 31, 2024, at 23:19, Frank Habicht <geier@geier.ne.tz> wrote:
On 01/02/2024 01:45, Tom Beecher wrote:
Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern." If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still.
Well...
If you're using 20.20.20.0/24 which is not "yours" (as I've seen happen), then certainly your customers can't get to the real 20.20.20.x And even if that's not announced and used /today/ - this can change quickly...
Frank
You are repeating exactly the argument I made at the time. Owen
If you are using IPv4 address that belong to someone else internally you really are in a prime position to use IPv6 only internally and use one of the IPv4AAS mechanisms to reach the IPv4 internet. After a quarter of a century all your equipment should be IPv6 capable. -- Mark Andrews
On 1 Feb 2024, at 19:57, Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Jan 31, 2024, at 23:19, Frank Habicht <geier@geier.ne.tz> wrote:
On 01/02/2024 01:45, Tom Beecher wrote: Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern." If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still.
Well...
If you're using 20.20.20.0/24 which is not "yours" (as I've seen happen), then certainly your customers can't get to the real 20.20.20.x And even if that's not announced and used /today/ - this can change quickly...
Frank
You are repeating exactly the argument I made at the time.
Owen
It's unfortunate, but quite common. I've seen similar occurrences in several companies I worked for previously. For instance, one of my former employers utilized public IP addresses belonging to others for IPMI server access, even though it was solely for management purposes and not communicated to any peers internally. Consequently, none of the customers could access these public IPs. The reason for this? When the company initially acquired these IPs, they were part of a leased range. Upon termination of the agreement, instead of changing all the IPs, they opted to continue using them due to the perceived hassle. Similarly, another service provider used IPs from its leased range for DNS servers. When the agreement ended and IPs were reallocated, they persisted with the old IPs because updating DNS server settings on customer CPEs lacked automation and thought it was too much trouble. Unfortunately, such examples are not uncommon, and certainly don't represent best practices *Andrian Visnevschi* On Thu, Feb 1, 2024 at 10:58 AM Owen DeLong via NANOG <nanog@nanog.org> wrote:
On Jan 31, 2024, at 23:19, Frank Habicht <geier@geier.ne.tz> wrote:
Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern." If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't
On 01/02/2024 01:45, Tom Beecher wrote: likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still.
Well...
If you're using 20.20.20.0/24 which is not "yours" (as I've seen happen), then certainly your customers can't get to the real 20.20.20.x And even if that's not announced and used /today/ - this can change quickly...
Frank
You are repeating exactly the argument I made at the time.
Owen
Yes, absolutely. That's part of the technical risk that you take if you decide to do such things. If it's a "good" choice or not is entirely situational. Some organizations are fine with kicking that tech debt down the road, others like to double down and create a house of cards. On Thu, Feb 1, 2024 at 2:21 AM Frank Habicht <geier@geier.ne.tz> wrote:
On 01/02/2024 01:45, Tom Beecher wrote:
Seems a bit dramatic. Companies all over the world have been using other people's public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else's public space. When I asked why, the guy who built it said "Well I just liked the pattern."
If you're not announcing someone else's space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren't likely to come knocking. Doesn't mean anyone SHOULD be doing it, but still.
Well...
If you're using 20.20.20.0/24 which is not "yours" (as I've seen happen), then certainly your customers can't get to the real 20.20.20.x And even if that's not announced and used /today/ - this can change quickly...
Frank
Rubens, Le 31/01/2024 à 06:48, Rubens Kuhl a écrit :
DoD's /8s are usually squatted by networks that run out of private IPv4 space.
Indeed, most I've seen just came to the conclusion that if there's no more blocks available in 10/8, just use the next best thing : 11/8. Best regards, -- Jérôme Nicolle +33 6 19 31 27 14
On Jan 31, 2024, at 12:48 AM, Rubens Kuhl <rubensk@gmail.com> wrote: DoD's /8s are usually squatted by networks that run out of private IPv4 space. Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you, for some reason like it not appearing in the DFZ people seem to like it. Folks - A network that wants to be creative and utilize an address block that’s assigned to others for their own internal purposes runs two distinct risks: 1. An address block that’s not utilized today may easily become publicly routed tomorrow (either by the original address holder or by their assignee/successor) and it is not possible to reliably predict whether your customers will need access to the resources that end up on that address space. 2. If you should leak routes publicly for another's address space, there are organizations that will object – and in the case US government networks, this can include some uncomfortable conversations. [1] None of this suggests that one cannot configure their routers any way that they wish – just that it’d be best if done with appropriate care and an upfront understanding of the risks involved. Thanks! /John John Curran President and CEO American Registry for Internet Numbers [1] https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverso... pg 4.
Excellent summary of the USG position as of 2019. It is, um, nearly 5 years later, has any of these stuff evolved? On Tue, Feb 13, 2024 at 9:58 PM John Curran <jcurran@arin.net> wrote:
On Jan 31, 2024, at 12:48 AM, Rubens Kuhl <rubensk@gmail.com> wrote:
DoD's /8s are usually squatted by networks that run out of private IPv4 space. Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you, for some reason like it not appearing in the DFZ people seem to like it.
Folks -
A network that wants to be creative and utilize an address block that’s assigned to others for their own internal purposes runs two distinct risks:
1. An address block that’s not utilized today may easily become publicly routed tomorrow (either by the original address holder or by their assignee/successor) and it is not possible to reliably predict whether your customers will need access to the resources that end up on that address space.
2. If you should leak routes publicly for another's address space, there are organizations that will object – and in the case US government networks, this can include some uncomfortable conversations. [1]
None of this suggests that one cannot configure their routers any way that they wish – just that it’d be best if done with appropriate care and an upfront understanding of the risks involved.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
[1] https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverso... pg 4.
-- 40 years of net history, a couple songs: https://www.youtube.com/watch?v=D9RGX6QFm5E Dave Täht CSO, LibreQos
Dave - You’d need to ask someone who speaks for the USG to address that question – and that’s definitely not my job. However, I will observe in the time since then, the DoD has taken to occasionally publicly routing some of its address blocks, so the probability of inadvertent routing impact has almost certainly increased. Thanks, /John John Curran President and CEO American Registry for Internet Numbers
On Feb 14, 2024, at 1:25 AM, Dave Taht <dave.taht@gmail.com> wrote:
Excellent summary of the USG position as of 2019. It is, um, nearly 5 years later, has any of these stuff evolved?
On Tue, Feb 13, 2024 at 9:58 PM John Curran <jcurran@arin.net> wrote:
On Jan 31, 2024, at 12:48 AM, Rubens Kuhl <rubensk@gmail.com> wrote:
DoD's /8s are usually squatted by networks that run out of private IPv4 space. Even though it is very risky to steal resources from an organization that can deploy a black helicopter or a nuclear warhead over you, for some reason like it not appearing in the DFZ people seem to like it.
Folks -
A network that wants to be creative and utilize an address block that’s assigned to others for their own internal purposes runs two distinct risks:
1. An address block that’s not utilized today may easily become publicly routed tomorrow (either by the original address holder or by their assignee/successor) and it is not possible to reliably predict whether your customers will need access to the resources that end up on that address space.
2. If you should leak routes publicly for another's address space, there are organizations that will object – and in the case US government networks, this can include some uncomfortable conversations. [1]
None of this suggests that one cannot configure their routers any way that they wish – just that it’d be best if done with appropriate care and an upfront understanding of the risks involved.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
[1] https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverso... pg 4.
-- 40 years of net history, a couple songs: https://www.youtube.com/watch?v=D9RGX6QFm5E Dave Täht CSO, LibreQos
On Tue, Jan 30, 2024 at 07:28:01PM +0300, Frank Habicht wrote:
I believe that the entry of route: 0.0.0.0/32
does not serve any good purpose?
I don't think so either, I've created an issue to prevent that in future releases of IRRd v4: https://github.com/irrdnet/irrd/issues/906 Thanks for noticing that! It'll be up to Lumen to remove the record at hand. Kind regards, Job
Seems it disappeared now and we can go back to regular programming. Thanks to those who did that. Frank [frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32 [Querying rr.level3.com] [rr.level3.com] % No entries found for the selected source(s). [frank@fisi ~]$ On 30/01/2024 19:37, Job Snijders via NANOG wrote:
On Tue, Jan 30, 2024 at 07:28:01PM +0300, Frank Habicht wrote:
I believe that the entry of route: 0.0.0.0/32
does not serve any good purpose?
I don't think so either, I've created an issue to prevent that in future releases of IRRd v4: https://github.com/irrdnet/irrd/issues/906
Thanks for noticing that!
It'll be up to Lumen to remove the record at hand.
Kind regards,
Job
participants (10)
-
Andrian Visnevschi
-
Dave Taht
-
Frank Habicht
-
Job Snijders
-
John Curran
-
Jérôme Nicolle
-
Mark Andrews
-
Owen DeLong
-
Rubens Kuhl
-
Tom Beecher