route: 0.0.0.0/32 in LEVEL3 IRR

Frank_Habicht1 · January 30, 2024, 4:28pm

Hi,

I got 2 bounces for the email addresses seen below for an email similar to the below...

Anyone want to remove this IRR entry before anyone notices...???

Frank

I believe that the entry of
route: 0.0.0.0/32

does not serve any good purpose?

I was surprised to see it in a list of prefixes from bgpq4 and the very good IRR explorer guided me that it's in "Level3".

I'm wondering how many auto-generated filters contain this unnecessary prefix....

PS: Oh, just seen - it's from TODAY. Maybe remove before anyone sees it...?

Thanks for looking into this,
Frank

[frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32
[Querying rr.level3.com]
[rr.level3.com]
route: 0.0.0.0/32
origin: AS10753
mnt-by: TCCGlobalNV-MNT
changed: ankita.grewal@lumen.com
source: LEVEL3
last-modified: 2024-01-30T11:04:49Z

[frank@fisi ~]$ whois -h rr.level3.com TCCGlobalNV-MNT
[Querying rr.level3.com]
[rr.level3.com]
mntner: TCCGlobalNV-MNT
descr: TCC Global N.V.
auth: CRYPT-PW DummyValue # Filtered for security
upd-to: ripehostmaster@eu.centurylink.net
tech-c: LTHM
admin-c: LTHM
mnt-by: TCCGlobalNV-MNT
changed: ankita.grewal@lumen.com
source: LEVEL3
last-modified: 2024-01-30T11:01:52Z

Dave_Taht · January 30, 2024, 4:35pm

That's pretty cool, actually. I keep wondering when someone will offer
up a 0.0.0.0/8...

There must be more people out there than just amazon and google that
ran out of 10/8.

jobsnijders · January 30, 2024, 4:37pm

I don't think so either, I've created an issue to prevent that in future
releases of IRRd v4: Disallow creation of "default gateway" route/route6 objects · Issue #906 · irrdnet/irrd · GitHub

Thanks for noticing that!

It'll be up to Lumen to remove the record at hand.

Kind regards,

Job

Frank_Habicht1 · January 30, 2024, 7:39pm

Seems it disappeared now and we can go back to regular programming.

Thanks to those who did that.

Frank

[frank@fisi ~]$ whois -h rr.level3.com 0.0.0.0/32
[Querying rr.level3.com]
[rr.level3.com]
% No entries found for the selected source(s).

[frank@fisi ~]$

Rubens_Kuhl · January 31, 2024, 5:48am

DoD's /8s are usually squatted by networks that run out of private IPv4 space.
Even though it is very risky to steal resources from an organization
that can deploy a black helicopter or a nuclear warhead over you, for
some reason like it not appearing in the DFZ people seem to like it.

Rubens

Tom_Beecher · January 31, 2024, 10:45pm

Even though it is very risky to steal resources from an organization
that can deploy a black helicopter or a nuclear warhead over you

Seems a bit dramatic. Companies all over the world have been using other people’s public IPs internally for decades. I worked at a place 20 odd years ago that had an odd numbering scheme internally, and it was someone else’s public space. When I asked why, the guy who built it said “Well I just liked the pattern.”

If you’re not announcing someone else’s space into the DFZ, or otherwise trying to do anything shady, the three letter agencies aren’t likely to come knocking. Doesn’t mean anyone SHOULD be doing it, but still.

Owen_DeLong · January 31, 2024, 11:10pm

For many years, a large customer (telco/VOIP/ISP carrier that should have known better) of a former employer was using 11.0.0.0/8 as an extension of 10.0.0.0/8 and literally forced said employer to carry their routes to those prefixes in those tables (or lose an extremely lucrative contract). At the time, 11/8 was IANA resrved, and my point that it was likely to be allocated to an RIR and subsequently some real entitie(s) on the internet was utterly lost in the pursuit of the almighty dollar. I left that job for greener pastures before IANA allocated that prefix, but I’m sure there were some definite interesting results there when it happened.

Owen

Frank_Habicht1 · February 1, 2024, 7:19am

Well...

If you're using 20.20.20.0/24 which is not "yours" (as I've seen happen), then certainly your customers can't get to the real 20.20.20.x
And even if that's not announced and used /today/ - this can change quickly...

Frank

Owen_DeLong · February 1, 2024, 8:56am

You are repeating exactly the argument I made at the time.

Owen

Mark_Andrews2 · February 1, 2024, 9:52am

If you are using IPv4 address that belong to someone else internally you really are in a prime position to use IPv6 only internally and use one of the IPv4AAS mechanisms to reach the IPv4 internet. After a quarter of a century all your equipment should be IPv6 capable.

Andrian_Visnevschi · February 1, 2024, 10:48am

It’s unfortunate, but quite common. I’ve seen similar occurrences in several companies I worked for previously. For instance, one of my former employers utilized public IP addresses belonging to others for IPMI server access, even though it was solely for management purposes and not communicated to any peers internally. Consequently, none of the customers could access these public IPs. The reason for this? When the company initially acquired these IPs, they were part of a leased range. Upon termination of the agreement, instead of changing all the IPs, they opted to continue using them due to the perceived hassle. Similarly, another service provider used IPs from its leased range for DNS servers. When the agreement ended and IPs were reallocated, they persisted with the old IPs because updating DNS server settings on customer CPEs lacked automation and thought it was too much trouble.

Unfortunately, such examples are not uncommon, and certainly don’t represent best practices

Tom_Beecher · February 1, 2024, 4:05pm

Yes, absolutely. That’s part of the technical risk that you take if you decide to do such things.

If it’s a “good” choice or not is entirely situational. Some organizations are fine with kicking that tech debt down the road, others like to double down and create a house of cards.

Jerome_Nicolle · February 8, 2024, 11:57am

Rubens,

John_Curran1 · February 14, 2024, 2:57am

Folks -

A network that wants to be creative and utilize an address block that’s assigned to others
for their own internal purposes runs two distinct risks:

An address block that’s not utilized today may easily become publicly routed tomorrow
(either by the original address holder or by their assignee/successor) and it is not possible
to reliably predict whether your customers will need access to the resources that end up
on that address space.
If you should leak routes publicly for another’s address space, there are organizations that
will object – and in the case US government networks, this can include some uncomfortable
conversations. [1]

None of this suggests that one cannot configure their routers any way that they wish – just that
it’d be best if done with appropriate care and an upfront understanding of the risks involved.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

[1] https://pc.nanog.org/static/published/meetings/NANOG77/2108/20191028_Elverson_Your_As_Is_v1.pdf
pg 4.

Dave_Taht · February 14, 2024, 6:25am

Excellent summary of the USG position as of 2019. It is, um, nearly 5
years later, has any of these stuff evolved?

John_Curran1 · February 14, 2024, 3:36pm

Dave -

You’d need to ask someone who speaks for the USG to address that question – and that’s
definitely not my job.

However, I will observe in the time since then, the DoD has taken to occasionally publicly
routing some of its address blocks, so the probability of inadvertent routing impact has
almost certainly increased.

Thanks,
/John

John Curran
President and CEO
American Registry for Internet Numbers