Unable to add a local route to LAN 100.64.0.0/10

Follow

Jaime Rodriguez

• February 15, 2023 18:57
• Edited

I am in networking and security field and find that RFC1918 addresses are used by clients. So to avoid this I started using 100.64.0.0/10 based on RFC6598. Prior to getting a firewalla I was able to add a route to my basic vyos router. Transitioning to my firewalla I found that it doesn't allow me to add the same route. so I had to re-IP my home lab network. 

0

• 

  Firewalla

  • February 14, 2023 17:37

  See if this helps, this is under routes. 

  

  0

  Comment actions Permalink
• 

  Jaime Rodriguez

  • February 15, 2023 17:28
  • Edited

  Try to add route 100.64.0.0/16

  

  0

  Comment actions Permalink
• 

  Firewalla

  • February 15, 2023 18:38

  Are you numbering the client network this way? I don't think you are supposed to use 100.64,0.0, on your home/business network, they are reserved for service providers doing CGNAT. 

   

  0

  Comment actions Permalink
• 

  Jaime Rodriguez

  • February 15, 2023 18:51

  I am not a provider and I NAT my devices to my public address provided by my ISP. The thing about the shared address is it is not Routable like RFC 1918 addresses. 

   Shared Address Space is similar to [RFC1918] private address space in
     that it is not globally routable address space and can be used by
     multiple pieces of equipment.

  0

  Comment actions Permalink
• 

  Jaime Rodriguez

  • February 15, 2023 18:55

  https://datatracker.ietf.org/doc/html/rfc6598

     This document requests the allocation of an IPv4 /10 address block to
     be used as Shared Address Space to accommodate the needs of Carrier-
     Grade NAT (CGN) devices.  It is anticipated that Service Providers
     will use this Shared Address Space to number the interfaces that
     connect CGN devices to Customer Premises Equipment (CPE).
  
     Shared Address Space is distinct from RFC 1918 private address space
     because it is intended for use on Service Provider networks.
     However, it may be used in a manner similar to RFC 1918 private
     address space on routing equipment that is able to do address
     translation across router interfaces when the addresses are identical
     on two different interfaces.  Details are provided in the text of
     this document.

  0

  Comment actions Permalink
• 

  Firewalla

  • February 15, 2023 20:34

  Do you have a quick network topology diagram that can show how you are routing to these 100.64.x.x addresses? I can show them to our developers and see if there is anything they can do about it. Right now, it is hard to tell how you are using these 

  0

  Comment actions Permalink
• 

  Jaime Rodriguez

  • February 15, 2023 20:44
  • Edited

  Yes please see attached.

  Firewalla would have a route: 100.64.0.0/16 -> Next Hop 100.64.0.2

  

  0

  Comment actions Permalink
• 

  Firewalla

  • February 15, 2023 20:50

  I assume you don't want to change the address to the more traditional private IP space? (RFC1918)? Let me forward this to our team and get someone look at it

  0

  Comment actions Permalink
• 

  Jaime Rodriguez

  • February 15, 2023 20:55

  I mean I am right now... I basically did 10.64.0.0/16 as a bandaid. It would be nice to setup routes I want when I need to... I guess this is a safety feature sort of...

  0

  Comment actions Permalink

Please sign in to leave a comment.