From owner-freebsd-hackers Sat Aug 4 4:16:38 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70]) by hub.freebsd.org (Postfix) with SMTP id 037D637B407 for ; Sat, 4 Aug 2001 04:16:32 -0700 (PDT) (envelope-from oppermann@telehouse.ch) Received: (qmail 75145 invoked from network); 4 Aug 2001 11:16:03 -0000 Received: from unknown (HELO telehouse.ch) ([62.48.21.221]) (envelope-sender ) by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP for ; 4 Aug 2001 11:16:03 -0000 Message-ID: <3B6BD979.5BFD5890@telehouse.ch> Date: Sat, 04 Aug 2001 13:16:09 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Bernd Walter Cc: freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: 303,000 routes in kernel References: <3B69CE3F.1BCCB280@telehouse.ch> <20010803114648.A2565@cicely20.cicely.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bernd Walter wrote: > > On Fri, Aug 03, 2001 at 12:03:43AM +0200, Andre Oppermann wrote: > > The problem I've got now is that for every packet I get the kernel is > > making one host entry in the routing table. Because of the many UDP > > DNS requests from all over the world I've got 303'000 (yes, three- > > hundredthreethousand) entries in the kernel routing table which have > > not expired yet. So I'm getting error messages like this now: > > Are you shure that these are not created via redirects when sending > the packet? > You might try to disable acepting redirects via sysctl and/or > setting the routes so that packets have a better chance to be send > to the right router. I think we have a winner here! With icmp redirect turned off the box having only three routes, link, net and default. This box is directly connected to the TIX Internet Exchange with 45 ISP. Although it does not do BGP itself it has one of the BGP routers as it's default route. Depending on where the DNS request came from the BGP router simply sent an ICMP redirect so the box could send the reply packet directly to that ISP. Unfortunatly the redirects are host routes this is why the routing table got so big, otherwise it would have stopped at 105'000 routes which is still managable. -- Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message