Date: Tue, 20 Mar 2007 15:47:59 -0700 From: Chuck Swiger <cswiger@mac.com> To: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Cc: freebsd-net@freebsd.org Subject: Re: ICMP-floods Message-ID: <65531A6A-7178-48A1-97D0-9DCB4F72E315@mac.com> In-Reply-To: <460060A8.1080109@ide.resurscentrum.se> References: <460060A8.1080109@ide.resurscentrum.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 20, 2007, at 3:31 PM, Jon Otterholm wrote: > Basically I have a admin-net where all routers and switches are > connected. On this net I have a nagios-machine for surveillance > (running > FreeBSD). Sometimes when my Nagios sends icmp-echo-replies to > equipment > on my admin-net my FreeBSD-routers replies with a icmp-redirect (even > though the echo-reply is not destined for the routers). This > wouldn't be > a problem if the routers would just send a single icmp-redirect, the > problem is that they (sometimes more than one) send out about > 15000 of > them in reply to a single echo. > > All FreeBSD-machines are 6.2-RELEASE > > When setting net.inet.ip.redirect=0 on my routers, the icmp-redirects > disappear, but instead I get a large amount of ICMP-time-exceed > from my > routers. The information you've provided strongly suggests either problems with the netmasks being used, or a routing loop, or some combination of both. ICMP time-exceeded messages happen when the packets have been shuffled around, decrementing the TTL at each hop, until it reaches zero. ICMP redirects happen when a machine sends traffic to a router where the router knows that the sending machine can reach the intended destination more directly via some other path. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65531A6A-7178-48A1-97D0-9DCB4F72E315>