Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jan 2017 09:28:05 -0500
From:      Jon Radel <jon@radel.com>
To:        dweimer@dweimer.net
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Tuning Route Cache
Message-ID:  <c749cde5-7329-822d-7ab2-8c65510fbc75@radel.com>
In-Reply-To: <23dc5b28cf21bbea762700e426346d39@dweimer.net>
References:  <ae39bbc53f3e2f2b1afa3afa93b43fa4@dweimer.net> <28d24a44-9e1c-7c12-d7e8-6f243a350510@radel.com> <23dc5b28cf21bbea762700e426346d39@dweimer.net>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On 1/20/17 7:49 AM, Dean E. Weimer wrote:
> On 2017-01-19 9:04 pm, Jon Radel wrote:
>> See
>>
>> man 8 routed
>>
>> for more on some of that, including reducing the 30 minutes.
>>

<snip>

>> Even if you want routes learned
>> from an ICMP Redirect to be cleaned up automatically, you'll need routed
>> to do it for you.  See the above referenced man page.

My earlier response reduced to the pertinent parts.  You have now read
the man page where it describes the mechanism that leads routed to clean
up routes learned via ICMP Redirect when they stop working, right?  You
are running routed, right?


> The default gateway along with the other routers are in the same subnet,
> so the router responds with a route redirection, then the FreeBSD server
> caches that they show up if you do a netstat -rnf inet listing the
> remote devices and the next hop. These are staying there at least 11
> hours that I can confirm. I guess maybe a solution would be to set the
> server up with a routing protocol and let it talk to the router to get
> the updates rather than just receive the re directions. But that seems
> overly complex.

RIP isn't *that* much more complicated than this chain of
correspondence, but of course you'll need the Cicso router admin to play
along.

> 
> Perhaps the change needs to occur on the Cisco router so that it sends
> an expiration along with the redirect.
> 
> 

Configuring the router to accurately forecast the future, so it knows
when the network admin plans to change the topology, and then inserting
that time into a packet that has no field for such data, now that's
complicated.  You'll need to redo a whole bunch of RFCs.  And invent an
accurate mechanism for forecasting the future, after which your server
will be the very least of your worries.  :-)

See http://www.networksorcery.com/enp/protocol/icmp/msg5.htm for the
details on that; there really isn't a mechanism built into redirects for
expiring them.

On FreeBSD, the only mechanisms I know about (and on this I'd love it if
somebody can tell me about others) for clearing routes learned from a an
ICMP Redirect are to manually remove the route or to allow the kernel
and routed to interact to start pulling routes when TCP handshakes start
timing out.  Or you could just reboot your server on a regular basis,
but that seems a bit crude.

I suppose the closest thing to your original request would be to write a
script and drop it into cron that removed all routes with the D (and M?)
flags periodically.


-- 
--Jon Radel
jon@radel.com


[-- Attachment #2 --]
0	*H
010
	`He0	*H

00#SanzTgk!0
	*H
0o10	USE10U
AddTrust AB1&0$UAddTrust External TTP Network1"0 UAddTrust External CA Root0
141222000000Z
200530104838Z010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0"0
	*H
0

zSNpRV&IQZI`zQBy"aNv#
J	n=ٺ.CRC|2PȦOZϓ%{0dV*$3DiFK3@@:*S= a<UNv%!)|qvO_T{5R"=,0-1YR73i-C֥wgQ'뼥8v8ߌIs:2:=F:WtaP@?⟢!00U#0z4&&T$T0UakᢠOg£0U0U00U%0++0U 
00U 0DU=0;09753http://crl.usertrust.com/AddTrustExternalCARoot.crl05+)0'0%+0http://ocsp.usertrust.com0
	*H
*nU:Uka+	#fjow^a}[jr
AX&MX"cR6}Xޫ;cs{B#ʶM>K-ػBKiۦ74{:ǟO4ne6d)5ֱqC>2Svʆ4,Jؙ
␒ZBj#!eջ~ꌅ b:,Yř38zyJ&|00sT<}k
`i
0
	*H
010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0
150330000000Z
180329235959Z010	UUS10U2215010	UVA10USpringfield10U	6917 Ridgeway Dr.10U
Jon T. Radel1200U)Issued through Jon T. Radel E-PKI Manager10UCorporate Secure Email10U	Jon Radel10	*H
	
jon@radel.com0"0
	*H
0
aЩ@@g3eGރ͛;	d#>q7&Hf
:3vL"jV#Xݷ>U-H[$SUڻ{Ϝ,z¶IchO=rcyrnv.Vh7k;%ueYuӬ󯅅nz6!| !Aȡ+,u+ 
CAպF-un#vjUJWnk%j]
2JPkl00U#0akᢠOg£0UE|GDp/ʚB0U0U00U%0++0FU ?0=0;+10+0)+https://secure.comodo.net/CPS0]UV0T0RPNLhttp://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl0+00X+0Lhttp://crt.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crt0$+0http://ocsp.comodoca.com0U0
jon@radel.com0
	*H
KS`?H_D`8G߿VbĘ<tB-Ӈї|{'Ũݹg0Gp$%F(;*MO*gt$@t6,?0|#ăz,&!{j2i[%b7ߪP+9G㲍["y<?8rZ'[UR6%L̤
w"=:L~Ƨ^jf36 OP1•.}(e1A0=0010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT<}k
`i
0
	`Hea0	*H
	1	*H
0	*H
	1
170120142805Z0/	*H
	1" BҬfTa+אY_$H>70l	*H
	1_0]0	`He*0	`He0
*H
0*H
0
*H
@0+0
*H
(0	+710010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT<}k
`i
0*H
	1010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT<}k
`i
0
	*H
jWeK??cF?3\N
mɻO
~m2ݠ^n-
A1qcAZJ^vN_}άnDA:9Vg;	#G}"cuV2tj>fqj3&-5&aF;;N"NμK٢
oI- zypda㾡=4EPWq6`
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c749cde5-7329-822d-7ab2-8c65510fbc75>