-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disallow creation of "default gateway" route/route6 objects #906
Comments
In a world where someday, 0.0.0.0/8 was available, having 0.0.0.0/32 exist would actually be useful. https://www.ietf.org/archive/id/draft-schoen-intarea-unicast-0-00.html 0.0.0.0/8 has been supported in linux at least, for over 5 years now. |
I hear you, but the IRRd software package is used in context of the global Internet routing system, in which no network operator has been assigned authority for A further complication IRRd's primary purpose is to facilitate generation of BGP prefix filters, and |
Thank you for the explanation. As to your latter point, are you saying that BGP does not distribute 0.0.0.0/0 as a default route, but 0.0.0.0 with the implicit assumption of that? |
scopefilter.prefixes default values in irrd.yaml could get a 0.0.0.0/8, perhaps ? Some others we could see there:
|
Yes, in BGP-2 and BGP-3 it was literally encoded on-the-wire as Because in various network protocols and implementations |
Not clear how 0.0.0.0/8 would be appropriate in a public registry. The IANA status of 0.0.0.0/8 is "local identification", defined in rfc791, and 0.0.0.0/32 is defined in rfc1122, section 3.2.1.3 (self-host). Unless these RFCs are changed, the IRRD default should not be to publish them. Raising an error sounds reasonable. |
Before I even finished reading the entire thread I had already thought about Scope Filter, as suggested by Rubens. From where I can see, this is not a business rule to be hardcoded, but rather something to be adjusted and parameterized in each instance of IRRd. I just don't remember if the Scope Filter only has an effect on Objects from the base itself, or if it also has an effect on objects originating from base replication. In my opinion, the "owner" of the IRR base should decide how this type of object should be treated in "his" base. |
Yep, agreed. The default should reflect IANA assignments / IETF policies, i.e. raise an error for anything in 0.0.0.0/8 or other address blocks marked as reserved in the IANA address space registry (https://www.iana.org/assignments/ipv4-address-space). But if someone wants to configure 0.0.0.0/32 or /8, or another reserved block in a private irrd instance, they should be able to do it. If the block assignment is changed by IANA, the default in irrd can change too. |
We used TEST-NET allocations to showcase IRR operation in training classes, so having the (non-default) option to allow them is useful. |
All sources, authoritative ou replications, have options to enable or disable RPKI filtering and scope filtering: sources.{name}.rpki_excluded |
One thing I haven't tested is whether having a scope filter for a particular slice of the IPv4 space (like 10.0.0.0/8) blocks 0.0.0.0/0 or not. It should, since 0.0.0.0/0 means the whole IPv4 space. But only a scope filter of 0.0.0.0/8 or smaller would block 0.0.0.0/32. |
Hi! As @dtaht mentioned above, we're continuing to work on a standards proposal under which 0/8 could become useful in the future. Contrary to his recollection, we wouldn't allow 0.0.0.0/32 to refer to a host or network route, but we would allow 0.0.0.0/8. The IETF standards do indeed call for all of 0/8 to be rejected, and that hasn't changed yet, but the local-configuration mechanism for which 0/8 was originally meant to be used was obsolete by the time of RFC 1122. So there's not actually a competing use there. We'd like to ask everybody to make it straightforward to use 0/8 (or smaller subnets, other than 0/32) in the future, either for testing and experimentation around this, or in response to possible future standards changes. It sounds like this is already what you're expecting to do here! |
Sure, but in the context of the hierarchical use of this application and its intended context, a route object which covers Similarly, an overclaim in this context (for example IRRd v4 erroring on |
@job, do you think that in a hypothetical future deployment of parts of 0/8, we need to specifically carve out some space around 0.0.0.0 to exclude from announcements (beyond just continuing to reserve 0.0.0.0/32 itself)? E.g. only announcing 0.0.1.0/24 and up, or something? |
IANA depletion rate was 20 /8s in the last year of downstream allocations. So, allowing 0.0.0.0/8 gives us 18 days of IPv4. That said, if it comes to that, removing it from a possible default IRRd configuration will hardly be the only codebase to be updated to allow for such use. So it doesn't hurt following current allocation scenario for now, and updating it if the future brought us a use for such space. |
If I understood Job's intention correctly, he wants to prevent NNF[1] installations of IRRd from allowing negligent maintainers to create objects that could cause harm. But I reiterate that this should not be hardcoded. I'm not a programmer! So a deep understanding of what the difficulties and negative impacts of my following suggestion would be. But I imagine that in a new minor release (4.X), and not in a patch (4.X.Y), respecting the concepts of semantic versioning, the IRRd installer/updater could add a scope filter specifically for 0.0.0.0/32 that was enabled by default. In doing so, anyone who wanted to disable this scope-filter would have to do so on purpose, which would create a feeling of co-responsibility on the part of the operator of this base if any problem on the global Internet occurs due to their deliberate attitude. The old concept of: "If you don't know what it means, don't touch it! If you touch it and it appears broken, it's your fault! [1] Next-Next-Finish |
I do not think we should enforce this in the code.
|
Another way to read this statement is that the scope filter is incapable of covering the 0/0 case, meaning it would remain at issue.
I understand this thought, but I would counter it with the observation that much of the discussion above was actually about 0/8, which isn't what Job asked to suppress. IMO that distracts from the original request and confuses the question. These two specific cases are special and aren't ever going to change.
I support Job's original request which, as a reminder, was only related to |
Two points here: A) Default-Configs, Default-Behavior I understand that it is a responsibility that one wants to avoid, but it is as Antoine de Saint-Exupéry said: "you become responsible, forever, for what you have tamed" B) Blacklist/Whitelist, Exclude/Include, in scope. An example of this is the MESS that ASN operators are making with AS-SETs... AS-SETs containing 10-12 thousand ASNs. Based on Dan Lowe's statement, I imagine that a condition composed of includes and excludes in the scope would be what would bring a solution closer to what is desirable for this issue. Given this issue of the default route, and also the prospect of future problems with ASN scope filtering, I suggest that a combined use of excludes and includes be considered. |
Describe the bug
It doesn't make sense for objects like these to exist:
Expected behaviour
IRRd should throw an error when an operator attempts to create a route/route6 object for
0.0.0.0/0
,0.0.0.0/32
,::/0
, or::/128
.IRRd version you are running
4.2.6
The text was updated successfully, but these errors were encountered: