From owner-freebsd-net@FreeBSD.ORG  Tue Mar 21 13:47:55 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5146E16A423
	for <freebsd-net@freebsd.org>; Tue, 21 Mar 2006 13:47:55 +0000 (UTC)
	(envelope-from lk@tempest.sk)
Received: from proxy.dgrp.sk (proxy.dgrp.sk [195.28.127.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2ACD943D46
	for <freebsd-net@freebsd.org>; Tue, 21 Mar 2006 13:47:53 +0000 (GMT)
	(envelope-from lk@tempest.sk)
Received: by proxy.dgrp.sk (Postfix, from userid 1003)
	id 509D5800A; Tue, 21 Mar 2006 14:47:52 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on proxy.dgrp.sk
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=4.0 tests=AWL autolearn=ham 
	version=3.1.0
Received: from webmail.tempest.sk (domino1.tempest.sk [195.28.100.38])
	by proxy.dgrp.sk (Postfix) with ESMTP id EE5578004;
	Tue, 21 Mar 2006 14:47:48 +0100 (CET)
Received: from lk107.tempest.sk ([195.28.109.37])
	by webmail.tempest.sk (Lotus Domino Release 6.5.4)
	with ESMTP id 2006032114474797-2834 ;
	Tue, 21 Mar 2006 14:47:47 +0100 
Received: from localhost (localhost [127.0.0.1])
	by lk107.tempest.sk (8.13.4/8.13.4) with ESMTP id k2LDlexD032332;
	Tue, 21 Mar 2006 14:47:41 +0100 (CET) (envelope-from lk@tempest.sk)
Date: Tue, 21 Mar 2006 14:47:40 +0100 (CET)
Message-Id: <20060321.144740.71081196.lk@tempest.sk>
To: lists@wm-access.no
From: Ludovit Koren <lk@tempest.sk>
in-reply-to: <441F8B53.7050304@wm-access.no> (message from
	=?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= on Tue,
	21 Mar 2006 06:12:51 +0100)
References: <20060320.125130.92586288.lk@tempest.sk>
	<441F8B53.7050304@wm-access.no>
X-Mailer: xcite1.57> Mew version 4.2 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.4|March 27,
	2005) at 21.03.2006 14:47:48,
	Serialize by Router on Domino1/DGRP(Release 6.5.4|March 27, 2005) at
	21.03.2006 14:47:48, Serialize complete at 21.03.2006 14:47:49,
	Serialize by Router on Domino1/DGRP(Release 6.5.4|March 27, 2005) at
	21.03.2006 14:47:49
Content-Transfer-Encoding: 7bit
Content-Type: Text/Plain; charset=us-ascii
Cc: freebsd-net@freebsd.org
Subject: Re: static routes
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2006 13:47:55 -0000


>>>>> On Tue, 21 Mar 2006 06:12:51 +0100
>>>>> lists@wm-access.no(=?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?=)  said:
> 
> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
> --------------enig31C5AF3351A4904FFAEF208E
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: quoted-printable
> 
> Ludovit Koren wrote:
> > Hi,
> >=20
> > I realized on several different versions of FreeBSD including
> > 5.4-STABLE, when using static routes to specific subnets and the WAN
> > link goes down for unpredictable reasons, the server gets ICMP
> > redirect message and rearranges routes to use default router. Then all
> > the traffic is routed to the default router even the WAN link is again
> > up. Other unix like system (HP-UX, Linux) do not act the way,
> > i.e. they do not change static routes.
> >=20
> 
> Are the routes still there after link goes down and then up?
> 

yes

netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            195.28.109.1       UGS         0      760   bge0
127.0.0.1          127.0.0.1          UH          0    11589    lo0
192.168.100        195.28.109.24      UGS         0        8   bge0
192.168.100.1      195.28.109.1       UGHD3       0        2   bge0   3598
195.28.109         link#1             UC          0        0   bge0
195.28.109.1       00:0b:ac:29:1e:ca  UHLW        3        0   bge0    324
195.28.109.24      00:0f:34:04:a2:f0  UHLW        2        0   bge0   1162


for each usage the expire counter starts again from 3600. 

I must admit, after analyzing the problem again, that the problem
arises only if the net (routing devices) are not configured
consistently, i.e. not all of them can or send ICMP redirect. The
problem was on the net with Cisco router and PIX. It seems, according
to the Cisco declaration, that PIX cannot send ICMP messages through
the same interface and cannot route back via the same interface.

Now, I have no 2 routers or 2 PIX-es at the disposal that's why I
cannot test all possible combinations.

Thanks.

Regards,

lk