On Mon, May 23, 2011 at 09:59:53AM -0500, Chris Wopat wrote: > Had a strange issue overnight. In short I had two OpenBSD boxes acting > as routers denial of service my network with OSPFv3 multicast packets. > > The setup is as follows: > > Two OpenBSD 4.9 amd64 boxes running ospfd and ospf6d. Each box has two > NICs, each of which is on a separate subnet. Both of these subnets are > used for redundant connections for routers through separate switches > (C 6500). There's about 10 OSPF neighbors on both subnets, each of > those are generally Cisco devices that are dual homed the same way. > > The issue was discovered with tcpdump on a 3rd OpenBSD box that's > setup with the same config as above. It showed multicast OSPFv3 > packets with the above two routers source IP with their router ID's. > The rate was extremely high, something like 500k such packets in 10 > seconds. Unplugging these two boxes immediately restored connectivity. > > I'm not understanding why an OSPFv3 packet would have IPv4 source / > destination addresses but myself and three others concur that that was > what was going on OR something about ipv6 was mentioned in the dump > but with v4 addresses. > > Unfortunately I didn't have the foresight to do a binary tcpdump. The > tcpdump data that was on the local console also scrolled back too far > for us to get back to to with scroll lock/page up. > > We're also exploring the possibility of these multicast packets > somehow being forwarded or looped through and causing a denial of > service. These OpenBSD boxes do have `net.inet.ip.mforwarding=1` but > I'm leaning more towards some ospf6d/ospfd bug or issue since OSPF's > TTL is 1. > >
Just one note here, OSPF group is not routable (224.0.0.0/24), this is a link local multicast address, so no, it's not being forwarded. And the net.inet.ip.mforwarding=1 makes no sense I suppose. -- Christiano Farina HAESBAERT Do NOT send me html mail.
