[lacnog] Bogon route objects in the LACNIC IRR
Job Snijders
job en sobornost.net
Sab Ago 14 04:40:52 -03 2021
Greetings all,
Ronald F Guilmette appears to misunderstand how the RPKI works, and also
appears to be unaware of the origins of the LACNIC IRR database content.
The route/route6 objects in the LACNIC IRR are a direct copy of
validated RPKI ROAs. The LACNIC IRR exists as a (much appreciated!)
facility for legacy systems which do not yet natively support RPKI.
This lack of understanding does not deter Ronald from demanding deletion
of objects! :-) Ronald also provides NO EVIDENCE that RPKI ROAs
authorizing unassigned ASNs cause anyone any trouble.
I'll copy+paste some paragraphs from a different forum where a similar
discussions took place.
"For sound operational reasons both in the RIPE database and in the RPKI
in general, the IP resource holder is permitted to designate any ASN
they wish as the origin."
source: https://www.ripe.net/ripe/mail/archives/db-wg/2021-July/007083.html
"In many RPKI deployment scenarios it is *** technically impossible ***
for the RIR to impose restrictions on the content of the ASId field,
because the RIR is not involved in the issuance or publication of said
objects."
source: https://www.ripe.net/ripe/mail/archives/db-wg/2021-July/007091.html
In summary: resource holders who create RPKI ROAs are (by design)
allowed to (mis)configure their ROAs. The IP space is theirs, and if the
resouce holder chooses to authorize an arbitrary unsigned 32-bit
integer, than that is what it is.
Kind regards,
Job
On Fri, Aug 13, 2021 at 07:02:40PM -0700, Ronald F. Guilmette wrote:
> Greetings all,
>
> Recently, I have been working with the various Regional Internet Registries
> in an effort to try to find and remove all invalid "bogon" route objects
> from the respective IRR data bases of the five RIRs. These invalid "bogon"
> route objects fall into two categories:
>
> (1) route objects that refer to unassigned "bogon" IP address space, or
>
> (2) route objects that refer to unassigned "bogon" AS numbers
>
> At the present time there are a total of 20 such "bogon" route objects in
> the LACNIC IRR data base, and they are all of type 2 --- they all refer
> to valid/assigned IP address space, but they refer to AS numbers that are
> invalid and that are NOT assigned to anyone. A summary of these currently
> live LACNIC bogon route objects is given below:
>
> Address block ASN last-modified date
> ---------------------------------------
> 179.61.200.0/23 200557 2021-06-16
> 179.61.238.0/24 203786 2021-06-16
> 181.214.37.0/24 200557 2021-06-16
> 181.214.79.0/24 200872 2021-06-16
> 181.214.99.0/24 203786 2021-06-16
> 181.214.234.0/24 203786 2021-06-16
> 181.215.185.0/24 203786 2021-06-16
> 181.215.235.0/24 203786 2021-06-16
> 181.215.254.0/23 203786 2021-06-16
> 189.127.166.0/24 260027 2021-08-01
> 189.127.167.0/24 260027 2021-08-01
> 190.2.17.0/24 23456 2021-06-16
> 190.210.206.0/24 23456 2021-06-16
> 190.210.210.0/23 1000 2021-06-16
> 191.96.230.0/24 203786 2021-06-16
> 191.96.235.0/24 203786 2021-06-16
> 191.101.54.0/23 50896 2021-06-16
> 191.101.160.0/23 203786 2021-06-16
> 200.46.144.0/24 263733 2021-06-16
> 200.68.114.0/24 23456 2021-06-16
>
> In addition to the above summaries I am also providing the fuill text of all
> 20 of these bogon route objects at the end of this message.
>
> These bogon route objects concern me for two reasons:
>
> 1) They are, by definition, invalid because they use invalid AS numbers.
>
> 2) The full text of each of these route objects (see below) always says
> that the objects are "LACNIC generated". This seems to imply that
> LACNIC staff is operating some sort of (buggy?) software that is
> improperly generating these bogon route objects, and that the route
> objects are NOT being generated by anyone manually.
>
> If these objects are not being generated by some automated software process,
> then I hope that the LACNIC staff will explain why nearly all of these
> invalid route obects have the exact same last-modified date. That seems
> to be more than a mere coincidence!
>
> On the other hand, if these route objects HAVE indeed been generated by
> software, and not by human beings, then perhaps the LACNIC staff will be
> kind enough to explain why their software is generating artificial (and
> invalid) route objects, and then inserting those invalid route objects
> into the LACNIC IRR data base, even though the ASNs being referenced can
> be easily shown to be invalid and unassigned.
>
> Regardless of whether these invalid route objects have been generated by
> softare or by human hands, I believe that it is only correct and proper
> that these invalid route objects should be removed immediately from the
> LACNIC IRR data base. After all, who wants to have garbage in that data
> base? Also, removing these garbage route objects from the LACNIC IRR
> data base would be consistant with what the other four RIRs have already
> been doing for some time now. RIPE, ARIN, APNIC, and AFRINIC have all
> been removing invalid "bogon" route objects that I have previously reported
> to them. And in fact, AFRINIC currently has ZERO invalid route objects
> in their data base.
>
> I hope that LACNIC will not be the last RIR to clean up these invalid route
> objects from the LACNIC IRR data base.
>
>
> Regards,
> rfg
>
>
> -------------------------------------------------------------------------
> route: 179.61.200.0/23
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS200557
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 23
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 179.61.238.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.214.234.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.214.37.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS200557
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.214.79.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS200872
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.214.99.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.215.185.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.215.235.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 181.215.254.0/23
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 189.127.166.0/23
> descr: LACNIC generated route for RED SERVITEL, CA
> origin: AS270026
> remarks: LACNIC generated route for RED SERVITEL, CA
> remarks: maxLength 24
> mnt-by: MNT-VE-RSCA1-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:06Z
>
> route: 189.127.167.0/24
> descr: LACNIC generated route for RED SERVITEL, CA
> origin: AS260027
> remarks: LACNIC generated route for RED SERVITEL, CA
> remarks: maxLength 24
> mnt-by: MNT-VE-RSCA1-LACNIC
> changed: 20210801
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-08-01T13:05:03Z
>
> route: 190.2.17.0/24
> descr: LACNIC generated route for NSS S.A.
> origin: AS23456
> remarks: LACNIC generated route for NSS S.A.
> remarks: maxLength 24
> mnt-by: MNT-AR-NSSA-LACNIC
> changed: abuse- 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:06Z
>
> route: 190.210.206.0/24
> descr: LACNIC generated route for NSS S.A.
> origin: AS23456
> remarks: LACNIC generated route for NSS S.A.
> remarks: maxLength 24
> mnt-by: MNT-AR-NSSA-LACNIC
> changed: abuse- 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:06Z
>
> route: 190.210.210.0/23
> descr: LACNIC generated route for NSS S.A.
> origin: AS1000
> remarks: LACNIC generated route for NSS S.A.
> remarks: maxLength 24
> mnt-by: MNT-AR-NSSA-LACNIC
> changed: abuse- 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:06Z
>
> route: 191.101.160.0/23
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 191.101.54.0/23
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS50896
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 23
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 191.96.230.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 191.96.235.0/24
> descr: LACNIC generated route for Digital Energy Technologies Chile SpA
> origin: AS203786
> remarks: LACNIC generated route for Digital Energy Technologies Chile SpA
> remarks: maxLength 24
> mnt-by: MNT-CL-DETC-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:05Z
>
> route: 200.46.144.0/24
> descr: LACNIC generated route for Cable Onda
> origin: AS263733
> remarks: LACNIC generated route for Cable Onda
> remarks: maxLength 24
> mnt-by: MNT-PA-CAON1-LACNIC
> changed: 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:06Z
>
> route: 200.68.114.0/24
> descr: LACNIC generated route for NSS S.A.
> origin: AS23456
> remarks: LACNIC generated route for NSS S.A.
> remarks: maxLength 24
> mnt-by: MNT-AR-NSSA-LACNIC
> changed: abuse- 20210616
> source: LACNIC
> remarks: ***************************************************
> remarks: This object may have been modified
> remarks: For more information, please query whois.lacnic.net
> remarks: ***************************************************
> last-modified: 2021-06-16T22:05:06Z
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
Más información sobre la lista de distribución LACNOG