ICMP-floods

Peter Jeremy peterjeremy at optushome.com.au
Thu Mar 22 18:41:32 UTC 2007 

On 2007-Mar-21 22:08:06 +0100, Jon Otterholm <jon.otterholm at ide.resurscentrum.se> wrote:
>I did not mention earlier that all if's are vlan-based sub-intefaces. It
>seems that if I move admin-if's on my routers to a different physical if
>than the one with the default route, all weird time-exeed/redir are gone
>and all traffic on my Nagios-machine are OK.
>
>It seems allmost as if my routers can not hold apart inbound traffic
>destined to different sub-if's on one physical if. Can this be it?

I have a old switch at work that understands that IP traffic should be
kept in VLANs but other traffic (eg DECnet) gets flooded across all
VLANs.  It got removed from the network very rapidly once the
resulting problems were traced to it.

That said, your problem sounds more like a switch/router configuration
problem than a bug.  Most managed switches default to a mode where
they try to automatically just work - ie ports automatically enable or
disable STP and switch between untagged and trunk mode depending on
the management packets they see on that port.  If you don't have a
homogenous switch network, it's worth noting that some switch vendors
use non-standard MAC addresses for switch management - these packets
won't be recognized as management packets by other vendors' switches
and can result in two switches that are not physically connected
deciding that they _are_ connected and making topology decisions on
that basis.

I suggest you work through and manually configure all your switches to
do what you want whilst disabling most or all of the auto-detection
functionality.

>A possible bug in if_vlan?

I haven't bumped into any if_vlan bugs.  There used to be some VLAN
related bugs in the bridge code but these were very noisy so it would
be immediately obvious if you hit them (the VLAN tag wasn't part of
the MAC table hash so having the same MAC in different VLANs triggered
error messages).

--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070322/d03285a0/attachment.pgp

More information about the freebsd-net mailing list