Date: Fri, 31 Aug 2001 16:18:18 -0400 From: "Deepak Jain" <deepak@ai.net> To: <tlambert2@mindspring.com> Cc: "freebsd-hackers@FreeBSD. ORG" <freebsd-hackers@FreeBSD.ORG> Subject: RE: FW: Interesting Router Question Message-ID: <GPEOJKGHAMKFIOMAGMDIOELEFEAA.deepak@ai.net> In-Reply-To: <3B8FEB0D.52F83818@mindspring.com>
index | next in thread | previous in thread | raw e-mail
I think this is EXACTLY what happened. We give the customer two upstream GigE connections and the customer is preferentially using one. Routes are actually staticly routed to both GigE interfaces. Is there an RFC you know of that says this is bad behavior? I guess we'll have to filter ICMP packets destined for the router from now on or remove one of the interfaces. Thanks, Deepak Jain AiNET -----Original Message----- From: owner-freebsd-hackers@FreeBSD.ORG [mailto:owner-freebsd-hackers@FreeBSD.ORG]On Behalf Of Terry Lambert Sent: Friday, August 31, 2001 3:53 PM To: deepak@ai.net Cc: freebsd-hackers@FreeBSD. ORG Subject: Re: FW: Interesting Router Question Deepak Jain wrote: > We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0 > and ti1]. At no point was bandwidth an issue. > > The router was under some kind of ICMP attack: > > For about 30 minutes: > icmp-response bandwidth limit 96304/200 pps I've seen this happen in a lab when there are a large number of ICMP redirects coming into the machine from the next hop, which doesn't believe itself to be the next hop, directing you to the "real" next hop. This can happen with asymmetric routes. You can also see this in the NAT case, where you get a gateway redirect to the NAT box from the local gateway, with a "ping". Stopping and restarting the "ping" makes it honor the redirect for subsequent packets, but the initial "ping" program does not honor it after the first (or nth) time it gets the redirect: it merrily pounds away at the redirecting machine. I don't know why the route does not get adjusted like it should, so that subsequent attempts don't trigger the redirect, but it doesn't (this seems to be a problem with the FreeBSD routing code). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?GPEOJKGHAMKFIOMAGMDIOELEFEAA.deepak>