From owner-freebsd-net@FreeBSD.ORG Thu Jul 3 11:52:47 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5D0D1065671 for ; Thu, 3 Jul 2008 11:52:47 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail36.syd.optusnet.com.au (mail36.syd.optusnet.com.au [211.29.133.76]) by mx1.freebsd.org (Postfix) with ESMTP id 4F4088FC1A for ; Thu, 3 Jul 2008 11:52:46 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from server.vk2pj.dyndns.org (c122-106-215-175.belrs3.nsw.optusnet.com.au [122.106.215.175]) by mail36.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id m63BqiFF007563 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 3 Jul 2008 21:52:45 +1000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.2/8.14.2) with ESMTP id m63Bqitj026549 for ; Thu, 3 Jul 2008 21:52:44 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.2/8.14.2/Submit) id m63Bqh61026548 for freebsd-net@freebsd.org; Thu, 3 Jul 2008 21:52:44 +1000 (EST) (envelope-from peter) Date: Thu, 3 Jul 2008 21:52:43 +1000 From: Peter Jeremy To: freebsd-net@freebsd.org Message-ID: <20080703115243.GR29380@server.vk2pj.dyndns.org> References: <20080703025822.GA24765@server.vk2pj.dyndns.org> <486C8446.9060302@moneybookers.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5CUMAwwhRxlRszMD" Content-Disposition: inline In-Reply-To: <486C8446.9060302@moneybookers.com> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: arplookup x.x.x.x failed: host is not on local network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2008 11:52:48 -0000 --5CUMAwwhRxlRszMD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable OK, my responses to the replies so far. One off-line reply requested a topology and netstat output. Since the toplogy may be relevant, below is an extremely simplified approximation (the real network has about 60 subnets and about 70 hosts, each appearing in between two and four subnets). Corp Network 192.168.10.0/24 | 192.168.12.0/24 +------+-------------+----------| | |----------+-------------+-----+ .1| .2| .254| | |.254 .3| .4| +-------+ +-------+ +-------+ +-------+ +-------+ | | | | | | | | | | | host1 | | host2 | | NAT | | host3 | | host4 | | | | | | | | | | | +-------+ +-------+ +-------+ +-------+ +-------+ .1| .2| .254| |.254 .3| .4| +------+-------------+----------| |----------+-------------+-----+ 192.168.11.0/24 192.168.13.0/24 The errors appear to be randomly spread across hosts and subnets. It does not appear consistently and seems to correlate with load (I am getting significant numbers at present and the NAT host is routing about 90Kpps and 100MBps if netstat can be believed). The problem also shows up on another interior routing host that has visibility across the internal networks so it isn't related to NAT or directly related to host load (that host is only seeing about 3.5Kpps - but is also a much slower host). I have managed to capture a tcpdump across the error. syslog reported: Jul 3 21:28:30 xxxx kernel: arplookup 192.168.169.26 failed: host is not o= n local network and the packets for that host during that second are: 21:28:30.320340 00:0b:cd:d6:66:26 > 00:03:ba:ab:6f:ef, ethertype 802.1Q (0x= 8100), length 64: vlan 169, p 0, ethertype IPv4, IP (tos 0x0, ttl 64, id 2= 9304, offset 0, flags [none], length: 28) 192.168.169.26 > 192.168.169.111:= icmp 8: echo request seq 35079 21:28:30.320429 00:d0:b7:20:8f:ee > 00:03:ba:ab:6f:ef, ethertype 802.1Q (0x= 8100), length 46: vlan 168, p 0, ethertype IPv4, IP (tos 0x0, ttl 63, id 2= 9304, offset 0, flags [none], length: 28) 192.168.169.26 > 192.168.169.111:= icmp 8: echo request seq 35079 21:28:30.320445 00:0b:cd:d6:66:26 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x= 8100), length 64: vlan 169, p 0, ethertype ARP, arp who-has 192.168.169.250= tell 192.168.169.26 21:28:30.320459 00:0b:cd:d6:66:26 > 00:d0:b7:20:8f:ee, ethertype 802.1Q (0x= 8100), length 64: vlan 169, p 0, ethertype IPv4, IP (tos 0x0, ttl 64, id 2= 9307, offset 0, flags [none], length: 28) 192.168.169.26 > 192.168.169.250:= icmp 8: echo request seq 35079 21:28:30.320493 00:d0:b7:20:8f:ee > 00:0b:cd:d6:66:e4, ethertype 802.1Q (0x= 8100), length 46: vlan 168, p 0, ethertype IPv4, IP (tos 0x0, ttl 64, id 1= 5305, offset 0, flags [none], length: 28) 192.168.169.250 > 192.168.169.26:= icmp 8: echo reply seq 35079 21:28:30.320531 00:d0:b7:20:8f:ee > 00:0b:cd:d6:66:26, ethertype 802.1Q (0x= 8100), length 46: vlan 169, p 0, ethertype ARP, arp reply 192.168.169.250 i= s-at 00:d0:b7:20:8f:ee (this was captured MAC 00:d0:b7:20:8f:ee). Possibly, I'm seeing packet leakage from the switches and that is confusing FreeBSD - definitely the first packet above should not be visible. On 2008-Jul-03 09:05:15 +0200, Daniel Ponticello wrote: >i'm having exactly the same problem, but without NAT configuration. Just= =20 >a simple host on network 192.168.170.xxx >that when tries to reach an host on 192.168.181.xxx: it gives the same err= or Except that in my case, the addresses _are_ local. On 2008-Jul-03 02:16:30 -0500, David DeSimone wrote: >My theory is that this is a response to ARP requests. ARP requests are >broadcast, so the BSD box hears someone asking for this IP, but cannot >find it on any local interfaces, and so complains that it cannot >construct a proper reply. Except that the address it's complaining about is on a local subnet. Interestingly, in the above case, the host is spuriously seeing a packet and has re-routed it via vlan168 - which is the wrong subnet, though the destination host will still see it there. On 2008-Jul-03 10:48:22 +0300, Stefan Lambrev wrote: >I bet 192.168.181.114 have a wrong network mask ;) You lose. --=20 Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. --5CUMAwwhRxlRszMD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhsvYsACgkQ/opHv/APuIed6QCeJ+STyhbqADxqD8AS4Wr9hbAy rFIAoIDQYODT2p6Zae0xFic7S4zSFI1B =rEx7 -----END PGP SIGNATURE----- --5CUMAwwhRxlRszMD--