Date: Fri, 31 Aug 2001 12:52:45 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: deepak@ai.net Cc: "freebsd-hackers@FreeBSD. ORG" <freebsd-hackers@FreeBSD.ORG> Subject: Re: FW: Interesting Router Question Message-ID: <3B8FEB0D.52F83818@mindspring.com> References: <GPEOJKGHAMKFIOMAGMDIMEKJFDAA.deepak@ai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Deepak Jain wrote: > We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0 > and ti1]. At no point was bandwidth an issue. > > The router was under some kind of ICMP attack: > > For about 30 minutes: > icmp-response bandwidth limit 96304/200 pps I've seen this happen in a lab when there are a large number of ICMP redirects coming into the machine from the next hop, which doesn't believe itself to be the next hop, directing you to the "real" next hop. This can happen with asymmetric routes. You can also see this in the NAT case, where you get a gateway redirect to the NAT box from the local gateway, with a "ping". Stopping and restarting the "ping" makes it honor the redirect for subsequent packets, but the initial "ping" program does not honor it after the first (or nth) time it gets the redirect: it merrily pounds away at the redirecting machine. I don't know why the route does not get adjusted like it should, so that subsequent attempts don't trigger the redirect, but it doesn't (this seems to be a problem with the FreeBSD routing code). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B8FEB0D.52F83818>