ICMP-floods
Jon Otterholm
jon.otterholm at ide.resurscentrum.se
Wed Mar 21 21:08:12 UTC 2007
Chuck Swiger wrote:
> On Mar 20, 2007, at 4:05 PM, Jon Otterholm wrote:
>>>> When setting net.inet.ip.redirect=0 on my routers, the icmp-redirects
>>>> disappear, but instead I get a large amount of ICMP-time-exceed
>>>> from my
>>>> routers.
>>>
>>> The information you've provided strongly suggests either problems
>>> with the netmasks being used, or a routing loop, or some combination
>>> of both.
>> I have checked netmasks and they are all on the same network. There
>> should not be any routing involved in the communication between these
>> hosts.
>
> OK. Care to show a "tcpdump -ntv icmp" illustrating the problem...? :-)
Nope :-)
I dug a little deeper into this. It seems like my problems are far more
extensive than I first expected.
I did not mention earlier that all if's are vlan-based sub-intefaces. It
seems that if I move admin-if's on my routers to a different physical if
than the one with the default route, all weird time-exeed/redir are gone
and all traffic on my Nagios-machine are OK.
It seems allmost as if my routers can not hold apart inbound traffic
destined to different sub-if's on one physical if. Can this be it? I
have checked my topology from all around now and I can not find any
routing loops.
For example: Router1 has it's default route connected to em0.10. With
admin-net on em0.20 I get my icmp-floods. Moving admin-net to em1.20
makes the icmp-floods go away.
A possible bug in if_vlan?
//Jon
More information about the freebsd-net
mailing list