From owner-freebsd-hackers  Sun Oct 28 16:25:52 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106])
	by hub.freebsd.org (Postfix) with ESMTP id 45BF037B401
	for <freebsd-hackers@FreeBSD.ORG>; Sun, 28 Oct 2001 16:25:47 -0800 (PST)
Received: (from uucp@localhost)
	by srv1.cosmo-project.de (8.11.0/8.11.0) with UUCP id f9T0Pf764018;
	Mon, 29 Oct 2001 01:25:42 +0100 (CET)
Received: from mail.cicely.de (cicely20.cicely.de [10.1.1.22])
	by cicely5.cicely.de (8.12.1/8.12.1) with ESMTP id f9T0PiSe049705;
	Mon, 29 Oct 2001 01:25:45 +0100 (CET)?g
	(envelope-from ticso@cicely8.cicely.de)
Received: from cicely8.cicely.de (cicely8.cicely.de [10.1.2.10])
	by mail.cicely.de (8.11.0/8.11.0) with ESMTP id f9T0PPF12360;
	Mon, 29 Oct 2001 01:25:25 +0100 (CET)
Received: (from ticso@localhost)
	by cicely8.cicely.de (8.11.4/8.11.4) id f9T0PJQ53272;
	Mon, 29 Oct 2001 01:25:20 +0100 (CET)
	(envelope-from ticso)
Date: Mon, 29 Oct 2001 01:25:18 +0100
From: Bernd Walter <ticso@cicely8.cicely.de>
To: David Kirchner <davidk@accretivetg.com>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: disabling dynamic route addition
Message-ID: <20011029012518.C49388@cicely8.cicely.de>
References: <20011028114328.C35308-100000@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011028114328.C35308-100000@localhost>
User-Agent: Mutt/1.3.23i
X-Operating-System: FreeBSD cicely8.cicely.de 5.0-CURRENT i386
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Sun, Oct 28, 2001 at 11:47:16AM -0800, David Kirchner wrote:
> Hi,
> 
> Is there currently a way (sysctl, patch?) to disable dynamic route

I asume your "dynamic" routes are simple redirects.
sysctl -w net.inet.icmp.drop_redirect=1
or in /etc/rc.conf:
icmp_drop_redirect="YES"

Or get a better routing table in the first place.

> addition? We have a few very busy web servers here, and we're running in
> to a bug in FreeBSD 4.2 (which is related to a bug in previous versions of
> FreeBSD - the one that's fixed by lowering net.inet.ip.rtexpire to 10 from
> 3600) where the dynamic route table grows but never flushes completely.
> Here it is just as it hit the buffer space limit, according to vmstat -m:

What does netstat tells you about the expire time for these routes?
How are they flagged?

-- 
B.Walter              COSMO-Project         http://www.cosmo-project.de
ticso@cicely.de         Usergroup           info@cosmo-project.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message