Deepak Jain wrote:
> We've got a customer running a FreeBSD router with 2 x 1GE interfaces [ti0
> and ti1]. At no point was bandwidth an issue.
>
> The router was under some kind of ICMP attack:
>
> For about 30 minutes:
> icmp-response bandwidth limit 96304/200 pps
I've seen this happen in a lab when there are a large number
of ICMP redirects coming into the machine from the next hop,
which doesn't believe itself to be the next hop, directing
you to the "real" next hop.
This can happen with asymmetric routes.
You can also see this in the NAT case, where you get a
gateway redirect to the NAT box from the local gateway,
with a "ping".
Stopping and restarting the "ping" makes it honor the
redirect for subsequent packets, but the initial "ping"
program does not honor it after the first (or nth) time
it gets the redirect: it merrily pounds away at the
redirecting machine.
I don't know why the route does not get adjusted like it
should, so that subsequent attempts don't trigger the
redirect, but it doesn't (this seems to be a problem with
the FreeBSD routing code).
-- Terry
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
