From owner-freebsd-hackers  Fri Aug 31 12:54: 1 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP id 3238937B401
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 31 Aug 2001 12:53:56 -0700 (PDT)
Received: from mindspring.com (dialup-209.245.138.180.Dial1.SanJose1.Level3.net [209.245.138.180])
	by swan.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id MAA21783;
	Fri, 31 Aug 2001 12:52:06 -0700 (PDT)
Message-ID: <3B8FEB0D.52F83818@mindspring.com>
Date: Fri, 31 Aug 2001 12:52:45 -0700
From: Terry Lambert <tlambert2@mindspring.com>
Reply-To: tlambert2@mindspring.com
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: deepak@ai.net
Cc: "freebsd-hackers@FreeBSD. ORG" <freebsd-hackers@FreeBSD.ORG>
Subject: Re: FW: Interesting Router Question
References: <GPEOJKGHAMKFIOMAGMDIMEKJFDAA.deepak@ai.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Deepak Jain wrote:
> We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0
> and ti1]. At no point was bandwidth an issue.
> 
> The router was under some kind of ICMP attack:
> 
> For about 30 minutes:
> icmp-response bandwidth limit 96304/200 pps


I've seen this happen in a lab when there are a large number
of ICMP redirects coming into the machine from the next hop,
which doesn't believe itself to be the next hop, directing
you to the "real" next hop.

This can happen with asymmetric routes.

You can also see this in the NAT case, where you get a
gateway redirect to the NAT box from the local gateway,
with a "ping".

Stopping and restarting the "ping" makes it honor the
redirect for subsequent packets, but the initial "ping"
program does not honor it after the first (or nth) time
it gets the redirect: it merrily pounds away at the
redirecting machine.

I don't know why the route does not get adjusted like it
should, so that subsequent attempts don't trigger the
redirect, but it doesn't (this seems to be a problem with
the FreeBSD routing code).

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message