Date: Sat, 04 Aug 2001 18:46:14 +0200 From: Andre Oppermann <oppermann@telehouse.ch> To: Bernd Walter <ticso@mail.cicely.de> Cc: Andre Oppermann <oppermann@telehouse.ch>, freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: 303,000 routes in kernel Message-ID: <3B6C26D6.FB006403@telehouse.ch> References: <3B69CE3F.1BCCB280@telehouse.ch> <20010803114648.A2565@cicely20.cicely.de> <3B6BD979.5BFD5890@telehouse.ch> <20010804182825.A7176@cicely20.cicely.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Bernd Walter wrote: > > On Sat, Aug 04, 2001 at 01:16:09PM +0200, Andre Oppermann wrote: > > Bernd Walter wrote: > > > > > > On Fri, Aug 03, 2001 at 12:03:43AM +0200, Andre Oppermann wrote: > > > > The problem I've got now is that for every packet I get the kernel is > > > > making one host entry in the routing table. Because of the many UDP > > > > DNS requests from all over the world I've got 303'000 (yes, three- > > > > hundredthreethousand) entries in the kernel routing table which have > > > > not expired yet. So I'm getting error messages like this now: > > > > > > Are you shure that these are not created via redirects when sending > > > the packet? > > > You might try to disable acepting redirects via sysctl and/or > > > setting the routes so that packets have a better chance to be send > > > to the right router. > > > > I think we have a winner here! With icmp redirect turned off the box > > having only three routes, link, net and default. > > > > This box is directly connected to the TIX Internet Exchange with > > 45 ISP. Although it does not do BGP itself it has one of the BGP > > routers as it's default route. Depending on where the DNS request > > came from the BGP router simply sent an ICMP redirect so the box > > could send the reply packet directly to that ISP. Unfortunatly the > > redirects are host routes this is why the routing table got so big, > > otherwise it would have stopped at 105'000 routes which is still > > managable. > > I have managed servers (proxy, dns and news) in similar configurations. > You might think about exporting /16 and bigger routes via BGP or OSPF > to the server. I will be doing BGP on the box itself but not yet. > That way you don't need to have all packets go through your default- > router. DNS servers are known to bring a good load on routers as > the packets are usually small with a high rate. The router, a Foundry BigIron, is supposed to do gigabit routing at wirespeed, even with small packets. But who knows... ;-) Thanks -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B6C26D6.FB006403>