remove bogon prefixes in the RIPE IRR NON-AUTH DB?
Dear WG, I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database. Today I was made aware of this example: $ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes: 0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list. Kind regards, Job
Yes please. This is a very sensible thing to do. Bogons do not belong in a public IRR. Nick Job Snijders via db-wg wrote on 04/09/2018 11:46:
Dear WG,
I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database.
Today I was made aware of this example:
$ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE
I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes:
0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast
Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list.
Kind regards,
Job
+1 /elvis Excuse the briefness of this mail, it was sent from a mobile device.
On Oct 5, 2018, at 12:47, Nick Hilliard via db-wg <db-wg@ripe.net> wrote:
Yes please. This is a very sensible thing to do. Bogons do not belong in a public IRR.
Nick
Job Snijders via db-wg wrote on 04/09/2018 11:46:
Dear WG, I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database. Today I was made aware of this example: $ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes: 0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list. Kind regards, Job
I do also support this suggestion. Kind regards, Cynthia On 2018-10-05 21:49, Elvis Daniel Velea via db-wg wrote:
+1
/elvis
Excuse the briefness of this mail, it was sent from a mobile device.
On Oct 5, 2018, at 12:47, Nick Hilliard via db-wg <db-wg@ripe.net> wrote:
Yes please. This is a very sensible thing to do. Bogons do not belong in a public IRR.
Nick
Job Snijders via db-wg wrote on 04/09/2018 11:46:
Dear WG, I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database. Today I was made aware of this example: $ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes: 0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list. Kind regards, Job
... $ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-09-04T19:49:25Z source: RIPE-NONAUTH Sometimes you will wonder why the suggestion has yet to be implemented. (and when disallowing MARTIANS was first suggested) ... Does this issue apply to most of the IRRs out there? -Netravnen Den 04-09-2018 kl. 12:46 skrev Job Snijders via db-wg:
Dear WG,
I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database.
Today I was made aware of this example:
$ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE
I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes:
0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast
Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list.
On Sun, 7 Oct 2018 at 04:13 netravnen--- via db-wg <db-wg@ripe.net> wrote:
...
Sometimes you will wonder why the suggestion has yet to be implemented. (and when disallowing MARTIANS was first suggested)
... Does this issue apply to most of the IRRs out there?
Certainly no issues in the APNIC. But if the IRR is mirroring RIPE IRR then its a big problem. $ whois -h whois.radb.net 2001:db8::/32 route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-09-04T19:49:25Z source: RIPE-NONAUTH
Hi Job, Colleagues,
On 4 Sep 2018, at 12:46, Job Snijders via db-wg <db-wg@ripe.net> wrote:
Dear WG,
I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database.
Today I was made aware of this example:
$ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE
I confirmed this is the only route(6) object with a bogon prefix in the RIPE-NONAUTH datasource. As this is non-routable space, this object shouldn't exist, and given agreement from the WG, we will ensure this object is removed.
I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes:
0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast
Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list.
As all of this space is already "out of region" (i.e. not allocated or delegated to the RIPE region), it is already not possible to create any more route(6) objects in this space. Regardless, we will add a specific validation for bogons in the next Whois feature release (1.93), which will return an error message in this case.
Kind regards,
Job
Regards Ed Shryane RIPE NCC
HI Ed Are there any ROUTE(6) objects with source: RIPE for bogon prefixes or is this one that Job mentioned with source RIPE-NONAUTH the only one in the database (with either source)? cheersdenisco-chair DB-WG From: Edward Shryane via db-wg <db-wg@ripe.net> To: Job Snijders <job@ntt.net> Cc: db-wg <db-wg@ripe.net> Sent: Monday, 8 October 2018, 16:44 Subject: Re: [db-wg] remove bogon prefixes in the RIPE IRR NON-AUTH DB? Hi Job, Colleagues,
On 4 Sep 2018, at 12:46, Job Snijders via db-wg <db-wg@ripe.net> wrote:
Dear WG,
I'd like to raise the issue of bogon prefixes in the RIPE IRR, and ask RIPE NCC to remove all "bogon" route object registrations from the "RIPE-NONAUTH" IRR database.
Today I was made aware of this example:
$ whois -h whois.ripe.net -- "-Troute6 2001:db8::/32" | egrep -v "%|^$" route6: 2001:db8::/32 origin: AS25375 descr: AS25375 mnt-by: ch-stafag-1-mnt mnt-by: LEUNET-SECURITY-MNT created: 2018-08-25T15:27:50Z last-modified: 2018-08-25T15:27:50Z source: RIPE
I confirmed this is the only route(6) object with a bogon prefix in the RIPE-NONAUTH datasource. As this is non-routable space, this object shouldn't exist, and given agreement from the WG, we will ensure this object is removed.
I'd consider the following prefixes, and any more-specifics of these to be bogons prefixes:
0.0.0.0/8 # RFC 1122 'this' network 10.0.0.0/8 # RFC 1918 private space 100.64.0.0/10 # RFC 6598 Carrier grade nat space 127.0.0.0/8 # RFC 1122 localhost 169.254.0.0/16 # RFC 3927 link local 172.16.0.0/12 # RFC 1918 private space 192.0.2.0/24 # RFC 5737 TEST-NET-1 192.168.0.0/16 # RFC 1918 private space 198.18.0.0/15 # RFC 2544 benchmarking 198.51.100.0/24 # RFC 5737 TEST-NET-2 203.0.113.0/24 # RFC 5737 TEST-NET-3 224.0.0.0/4 # Multicast 240.0.0.0/4 # Reserved ::/8 # RFC 4291 IPv4-compatible, loopback, et al 0100::/64 # RFC 6666 Discard-Only 2001:2::/48 # RFC 5180 BMWG 2001:10::/28 # RFC 4843 ORCHID 2001:db8::/32 # RFC 3849 documentation 3ffe::/16 # RFC 3701 old 6bone fc00::/7 # RFC 4193 unique local unicast fe80::/10 # RFC 4291 link local unicast fec0::/10 # RFC 3879 old site local unicast ff00::/8 # RFC 4291 multicast
Any route/route6 objects covered by the above prefixes should be deleted from the database, and the software should be extended in such a way that nobody can register new route/route6 objects covered by the above list.
As all of this space is already "out of region" (i.e. not allocated or delegated to the RIPE region), it is already not possible to create any more route(6) objects in this space. Regardless, we will add a specific validation for bogons in the next Whois feature release (1.93), which will return an error message in this case.
Kind regards,
Job
Regards Ed Shryane RIPE NCC
Hi Denis,
On 8 Oct 2018, at 19:51, denis walker <ripedenis@yahoo.co.uk> wrote:
HI Ed
Are there any ROUTE(6) objects with source: RIPE for bogon prefixes or is this one that Job mentioned with source RIPE-NONAUTH the only one in the database (with either source)?
cheers denis co-chair DB-WG
there weren't any ROUTE(6) objects with source: RIPE for bogon prefixes. The one that Job mentioned is the only one. Regards Ed Shryane RIPE NCC
Thanks Ed. Perhaps a way forward then would be if you can ask Customer Services to contact the maintainers of this object and ask them to delete it, explaining why. It's always better if people clean up their own objects. cheersdenisco-chair DB-WG From: Edward Shryane <eshryane@ripe.net> To: denis walker <ripedenis@yahoo.co.uk> Cc: Job Snijders <job@ntt.net>; db-wg <db-wg@ripe.net> Sent: Monday, 8 October 2018, 20:04 Subject: Re: [db-wg] remove bogon prefixes in the RIPE IRR NON-AUTH DB? Hi Denis, On 8 Oct 2018, at 19:51, denis walker <ripedenis@yahoo.co.uk> wrote: HI Ed Are there any ROUTE(6) objects with source: RIPE for bogon prefixes or is this one that Job mentioned with source RIPE-NONAUTH the only one in the database (with either source)? cheersdenisco-chair DB-WG there weren't any ROUTE(6) objects with source: RIPE for bogon prefixes. The one that Job mentioned is the only one. RegardsEd ShryaneRIPE NCC
Hi Denis, sorry I wasn't clear, we will contact the user directly to ensure this object is removed. Regards Ed Shryane RIPE NCC
On 8 Oct 2018, at 23:20, denis walker <ripedenis@yahoo.co.uk> wrote:
Thanks Ed. Perhaps a way forward then would be if you can ask Customer Services to contact the maintainers of this object and ask them to delete it, explaining why. It's always better if people clean up their own objects.
cheers denis co-chair DB-WG
From: Edward Shryane <eshryane@ripe.net> To: denis walker <ripedenis@yahoo.co.uk> Cc: Job Snijders <job@ntt.net>; db-wg <db-wg@ripe.net> Sent: Monday, 8 October 2018, 20:04 Subject: Re: [db-wg] remove bogon prefixes in the RIPE IRR NON-AUTH DB?
Hi Denis,
On 8 Oct 2018, at 19:51, denis walker <ripedenis@yahoo.co.uk <mailto:ripedenis@yahoo.co.uk>> wrote:
HI Ed
Are there any ROUTE(6) objects with source: RIPE for bogon prefixes or is this one that Job mentioned with source RIPE-NONAUTH the only one in the database (with either source)?
cheers denis co-chair DB-WG
there weren't any ROUTE(6) objects with source: RIPE for bogon prefixes. The one that Job mentioned is the only one.
Regards Ed Shryane RIPE NCC
participants (8)
-
Aftab Siddiqui
-
Cynthia Revström
-
denis walker
-
Edward Shryane
-
Elvis Daniel Velea
-
Job Snijders
-
netravnen@gmail.com
-
Nick Hilliard