my ISP gives me this ip via DHCP
100.101.198.98/8
and of course my routing table goes to hell and I can’t use the 100.64/10 network for my purposes. the gateway IP is 100.0.0.1.
What can I do to be able to use 100.64/10 for my internal segments? policy-based routing?
Who is your ISP? They are definitely not using that IP space correctly seeing as 100.0.0.0/12 is Verizon public IP space.
Have you reached out to them with this fact?
This IP space is reserved for private networks. There’s no way verizone exposes it to the public space. Providers use it as their “intranet” and I’ve seen in most often in their mobile nets.
Yes, that is what it is for. So you cannot use it for “your” purposes, it is for “their” purposes (a CG-NAT network).
Of course the /8 at the end is wrong. is that really there?
@Smokeshow
Please don’t start writing things uninformed or uncomplete…
Assign 100.101.198.98**/8** is a bullshit from ISP, contact the ISP and put the link to this post, so they probably learn something…
The IPv4 shared address space 100.64.0.0/10 must not be used for private networks.
It’s a mistake for home users to use it, so the problem isn’t at the beginning of the ISP if you claim to use something that doesn’t belong to you.
If I notice that some users are using it on the internal network, I block the service until they correct this situation. Everyone must use the IPs that belong to them.
The interval 100.64.0.0/10 cover from 100.64.0.0 to 100.127.255.255, outside that interval are present regular Public IPs
and anyone that use the 100.x.x.x/8 as private IPs or CGNAT do not understand what is trying to do (whether the other IPs belong to it or not).
is like 172.16.0.0/12 that go from 172.16.0.0 to 172.31.255.255, but all the other IPs on interval 172.0.0.0/8 are used…
So, is a idiotic beaviour like use 192.0.0.0/8 for internal network just because 192.168.0.0/16 (and other little portions) is reserved for private use…
EDIT: fix the name.
chill a little. I don't know and I'm asking. and politely explaining what I know to someone who knows even less. you say it's bad and I wont' use it. thanks for the insight.
This is major telco in Bulgaria (A1, former Mtel). Yes, their DHCP assigns exactly this IP with that mask, this is what my MT reports. I've complained already to their twitter account about this being itiotic some time ago. Doubt they'll do something about it.
My other provider in different country, uses the 10.x.x.x (not sure about the mask) and 172.x.x.x net for the same purposes. I've seen 10.x.x.x used also in hotels and this messed with my WG client because I use 10.1.1.0/24 for my WG "road warriors". What exactly was the case I don't remember, it was long day, I was tired..so on.
So I'm bit at a loss what address space to allocate to my backbone/backhaul and WG clients that would be safe under any circumstances.
While I know that more specific routes win in the router's routing table and this serves me well, I wish I could find some sort of clean layout where I shouldn't worry about such stupid stuff.
Sorry, @gdanov, I copy&paste wrong name, It’s YOUR topic, not the @Smokeshow one,
sorry again for the exchange of the names…
When answering, it must be done completely, even if only one correct piece of information is given, the rest must be specified.
no offense. especially provided you obviously know what you are talking about.
The 100.64.0.0/10 is born to give to the ISP CGNAT or IPs for internal device o other use, for leave the 10… 192.168… and 172.16… ranges free for consumer/business network.
But those ISPs often are lazy more than the end users…
I do not know how many IPs you need but the 192.0.2.0/24 segment (from 198.0.2.0 to 198.0.2.255) is unassigned, or better, is assigned for testing purpose,
nothing forbid you to use that range on your VPN.
Ranges usable as alternative. Are not routed on internet, and can be used for own network for testing purposes.
No one can complain if you use it for YOUR OWN network…
192.0.2.0/24 TEST-NET-1
198.51.100.0/24 TEST-NET-2
203.0.113.0/24 TEST-NET-3
Of course it would be better to contact them directly instead of sending a tweet. That may be read only by the marketing department.
The correct netmask is /10 instead of /8 and they should really fix that, or their customers have trouble reading the other 100.x.x.x networks outside 100.64.0.0/10.
My other provider in different country, uses the 10.x.x.x (not sure about the mask) and 172.x.x.x net for the same purposes. I’ve seen 10.x.x.x used also in hotels and this messed with my WG client because I use 10.1.1.0/24 for my WG “road warriors”. What exactly was the case I don’t remember, it was long day, I was tired..so on.
So I’m bit at a loss what address space to allocate to my backbone/backhaul and WG clients that would be safe under any circumstances.
“Safe” would be difficult to say, I presume you want to be able to roam between such different networks.
Normally when you use only a /24 network out of the RFC1918 space and do not pick an obvious one, you should be reasonably safe.
When you want to deploy an entire network much larger than a /24 there will always be a risk that someone else already uses it, or that it is being blocked somewhere.
(those test networks mentioned by rextended are often blocked in firewalls)
Time to move on to IPv6 !
Yes, I’m expecting nothing less from seroius ISP,
but if used as IP on own VPN, ISP can not read or block what is passed inside the VPN, so the test addresses are safe to use…
Time to move on to IPv6!
Agree… but often on Hotel & Co. you have only IPv4…
(or you mean use IPv6 inside VPN tunnel… 
)
that’s the point — there’s zero reliability what net I’ll be connected to and with little luck it would overlap with some of my subnets.
ipv6 sounds like great idea, would be significant effort. Apart from the much bigger address space — is there other mechanism to avoid such problems there?
thanks! I need several /24 nets , will look into these
Several???
198.18.0.0/15
from 198.18.0.0 to 198.19.255.255
actually is the same as the 3 subnets before…
Be careful what you wish for! I am barely grasping ipv4 fundamentals.
If they switch to IPV6, I hope you have a spare bed in your house because I will be there for intensive training,
oh and perhaps a little sampling of the fine foods and beverages ........ 
My other options are Slovenia, Belgium and Czechia............... if you think one of those places is better.............
Note: I didnt mention Latvia because quite frankly it would be too distracting for both me and MT as I would end up picketing outside their office spaces every day with a sign that says.........
ZEROTRUST CLOUDFLARE
OPTIONS PACKAGE
FOR ALL MT USERS
Too much water will have to pass under the bridge before there is only IPv6…
Translation: No need to wait for IPV6, you are welcome anytime and the sooner the better and yes Belgium, Slovenia and Czechia pale in comparison!!
( the comparison is wrong, they are equally beautiful and welcoming states )
Sending you a cat gif… Cause you are so patient and helpful that I want to give you a… https://media.tenor.com/fRIfg-otefcAAAAC/kith-cat.gif
Thanks!
