From owner-freebsd-net Sat Aug 4 9:28:36 2001 Delivered-To: freebsd-net@freebsd.org Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by hub.freebsd.org (Postfix) with ESMTP id 70B6837B401; Sat, 4 Aug 2001 09:28:29 -0700 (PDT) (envelope-from ticso@mail.cicely.de) Received: from mail.cicely.de (cicely20 [10.1.1.22]) by srv1.cosmo-project.de (8.11.0/8.11.0) with ESMTP id f74GSQV57935; Sat, 4 Aug 2001 18:28:26 +0200 (CEST) Received: (from ticso@localhost) by mail.cicely.de (8.11.0/8.11.0) id f74GSRw07311; Sat, 4 Aug 2001 18:28:27 +0200 (CEST) Date: Sat, 4 Aug 2001 18:28:26 +0200 From: Bernd Walter To: Andre Oppermann Cc: Bernd Walter , freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: 303,000 routes in kernel Message-ID: <20010804182825.A7176@cicely20.cicely.de> References: <3B69CE3F.1BCCB280@telehouse.ch> <20010803114648.A2565@cicely20.cicely.de> <3B6BD979.5BFD5890@telehouse.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B6BD979.5BFD5890@telehouse.ch>; from oppermann@telehouse.ch on Sat, Aug 04, 2001 at 01:16:09PM +0200 X-Operating-System: NetBSD cicely20.cicely.de 1.5 sparc Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Aug 04, 2001 at 01:16:09PM +0200, Andre Oppermann wrote: > Bernd Walter wrote: > > > > On Fri, Aug 03, 2001 at 12:03:43AM +0200, Andre Oppermann wrote: > > > The problem I've got now is that for every packet I get the kernel is > > > making one host entry in the routing table. Because of the many UDP > > > DNS requests from all over the world I've got 303'000 (yes, three- > > > hundredthreethousand) entries in the kernel routing table which have > > > not expired yet. So I'm getting error messages like this now: > > > > Are you shure that these are not created via redirects when sending > > the packet? > > You might try to disable acepting redirects via sysctl and/or > > setting the routes so that packets have a better chance to be send > > to the right router. > > I think we have a winner here! With icmp redirect turned off the box > having only three routes, link, net and default. > > This box is directly connected to the TIX Internet Exchange with > 45 ISP. Although it does not do BGP itself it has one of the BGP > routers as it's default route. Depending on where the DNS request > came from the BGP router simply sent an ICMP redirect so the box > could send the reply packet directly to that ISP. Unfortunatly the > redirects are host routes this is why the routing table got so big, > otherwise it would have stopped at 105'000 routes which is still > managable. I have managed servers (proxy, dns and news) in similar configurations. You might think about exporting /16 and bigger routes via BGP or OSPF to the server. That way you don't need to have all packets go through your default- router. DNS servers are known to bring a good load on routers as the packets are usually small with a high rate. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message