Experience with 0.0.0.0/8?

Hi to all

yes, i know this is not directly related to OWRT but still ...

lets say we run some large enterprise graded network
and we run out of "private" IPv4 space
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
then we started using 169.254.0.0/16 for management on network devices
and now we need more :slight_smile:
so, since kernel 5.x, address space 0.0.0.0/8 (except .1) is usable
this 0/8 work wery well on all linux based OSes, including OWRT
for example

ip r a 0.0.2.0/24 via 169.254.2.1
ping 0.0.2.30
PING 0.0.2.30 (0.0.2.30): 56 data bytes
64 bytes from 0.0.2.30: seq=0 ttl=62 time=1.087 ms
64 bytes from 0.0.2.30: seq=1 ttl=62 time=1.067 ms

so far, so good

now, lets be eager :slight_smile: and assign 0.0.0.0/8 to docker containers running on OWRT
since docker doing NAT, it is OK

but ...
if we don't want to use Docker NAT, and simply route 0.0.0.0/8 via DockerHost things get complicated
at least on Windows
Linux based OSes could ping,access,whatever to containers hosted on docker host
including OWRT, RouterOS, Linux etc

but
Windows will refuse to

  1. accept DNS record which point to 0.something address
  2. make outgoing connection to 0.something address

interesting thing is that Windows nslookup correctly grab DNS record
for example

nslookup testnms.docker.XXX
Server:  XXXX
Address:  192.168.0.1

Non-authoritative answer:
Name:    testnms.docker.XXX
Addresses:  fd00:2:0:97::28
          0.0.2.28

but simple ping testnms.docker.XXX from windows CLI will return "bad address"

so, 0.0.2.28 is here, half job done, but after this step, black hole ... :frowning: ... nothing

why it is related to OWRT?
because OWRT as other Linux based distros could use 0/8 and someone will once make a internal network with 0/8 addresses

question:
did someone ever find a workarround how to use 0/8 on Windows?
or it is wasted time ?

OpenWRT does not manufacture Windows, likely it is made by Microsoft Corp if not by local carpenter.

1 Like

Have you tried other windows tools beyond ping? I would not be amazed if assumptions about IPv4 space might be partially be baked into applications

1 Like

Dare I mention the solution to this, it's quite mature by now...

IPv6.

4 Likes

hi @moeller0 , @brada4 , @slh
thank you for joining in

yes, i am using IPv6 in parallel with v4, and in v6 space everything works as it should
but some devices does not handle v6
and some windows programs simply does not run without IPv4

yes, i tried both ping with DNS and with 0.0.x.x addr from CMD and from PSHELL
same result
tried Chrome with
manual http://0.0.2.28:18000
and with http://fqdn:18000
both are dead end
even tried PUTTY with both manual 0/8 and FQDN
both returned network is unreachable

all tests done on win11 & server2019

looks like it will be "nice try, but don't do it" :frowning:

ps. @brada4 , yes, i know that OWRT have nothing to do with M$
simply, this problem cost me half of work day to realize, that win does not respect same "allowed address space" as Linux

1 Like

Windows work the way IPv4 is supposed to work. You can have overlapping RFC1918 networks in isolated homes, like done internetwide with NAT.

Sorry that is not correct, windows operates not according to IPv4's definitions, but by the long conventional tradition... that is not how it is supposed to work, just howe it worked for a long time...

who talk about RFC1918?

my topic is simply about newly opened 0.0.0.0/8 address space starting with kernel 5.x.something and since OWRT is network "device" involved in routing, it is valid topic to discuss this 0.0.0.0/8 space

ok, looks like there is no
"magic-win-registry-hack" for 0/8 :frowning:

What it has to do with OpenWRT? You can overlap RFC1918 networks, like done for decades with home NATs.

Maybe just ignore this thread if you consider it off-topic?

4 Likes

https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml

0/8 is a waste of time.

If 10/8 isn't enough, then you need to think smarter. You cannot expect to add another X/8 and then Y/8 and so on. IPv6 is one solution. Splitting your network and reuse IPv4 addresses is another.

5 Likes

Hi @bmork

my original intention was how to USE 0/8 and not how to avoid using it ...
so i still hoping that someone will point to some windows patch/update/hack

it will be really off-topic (and security expose of network topology) to discuss how the company internal network is built
sadly, it is enough to say that whole 10/8 is out of question because government expect to company use openconnect to access government services and they took whole 10/8 + forcing using their DNS+PROXY for 10/8 space
so there is not so much left
100+ vlans
25 location
approx 10-15 network device/location
many ups,temperature, humidity sensors across all locations
many department
many road warriors
and, many equipment vendors, some support v6 some don't
old + new programs running on different platforms ...

yes, there is always a possibility to optimize/squeeze out something
but 0/8 was like a magic wand at first glance ... until i meet windows :frowning:

You might as well go for -1 or 256. They are numbers too.

I hear your address waste excuses. I just don't care. There are simple solutions. You've been given two. Using 0/8 is not one of them.

with this attitude ...
what is then purpose of enabling 0/8 in Linux kernel ?

What about CG nat address space? https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml

1 Like

The intention behind that is creating more sellable IPv4 address space (it's certainly not meant to give you more RFC1918-like addresses).

However, given how explicitly these addresses have been marked reserved, restricted and invalid over the last 42 years, these blocks are burned forever, just like the MoD address block. Pretty much anything in hard- and software blackholes those addresses, while you might have a relatively easy chance to get changes like these into modern linux kernels, it gets increasingly more difficult to convince the rest of the eco-system, be it the various BSDs, Solaris, Windows, MacOS/ iOS, the various system tools (firewalls, network managers, cli- and gui tools) - before even talking about hardware appliances (routers, switches, core switches, etc. - many of them may run linux, but certainly not a recent version of linux (v2.6.18 still strives… and I actually still have a phone pbx running v2.0 underneath…)). That's before convincing armies of neckbeard administrators who tend to blacklist those address blocks as a matter of principle, always and everywhere, as nothing good will ever come from there.

In practice, chances are indeed much better for your (relevant) devices to learn about IPv6 (because those started to support IPv6 two decades ago - and really had to cope with it for the last decade by now), than about those invalid IPv4 address blocks. IPv6 may not be loved by a sizeable chunk of people, but it still has 28 years headway over any potential successor or any of these funny reclaim efforts for invalid IPv4 blocks, and at least 10 years of wide-scale actual deployment in existing hard- and software.

1 Like

yes, sadly ...
that was a reason to leave "normal" 1918 addresses for HW devices with ancient IP stack and try to use 0/8 for human use (web server, DB, etc) VMs (docker/lxc/VM) assuming that every "modern" OS will handle 0/8
wrong assumption :frowning:
ok, tnx, as i see, this is a dead end :frowning:

yes, i have that in mind :slight_smile: tnx

@psherman
would you please close this tread ?
since there is obvious no solution for OP

1 Like

Sure. I can close this.

1 Like