On 2006/07/11 10:46, Michael Durket wrote: > Yes - I am using 'pf' with keep state. I'm not sure what you'd > define as high-rate. Our mail servers process hundreds of messages > a minute, but I doubt that would qualify as high-rate (compared to > what some other mail sites get). Our other OpenBSD systems that got > the "No route to host" messages were not processing high-rate > connections (< 10 connections per minute) but did run pf with keep state.
"No route to host" when there is a route entry is generally indicating packets are blocked by PF.. try `pfctl -x misc' and take a look at syslog. Moved to misc@openbsd.org, this is not a tech@ topic and more people who may have input might see it there. > On Tue, 11 Jul 2006 12:09:45 -0500 > Kevin <[EMAIL PROTECTED]> wrote: > > > On 7/11/06, Michael Durket <[EMAIL PROTECTED]> wrote: > > > On multiple OpenBSD releases > > > (currently we're running 3.7, 3.8 and 3.9) and across multiple > > > architectures > > > (i386, both SMP and non-SMP, as well as AMD (SMP)) with different network > > > devices we're seeing intermittent (and we believe, spurious) "No route > > > to host" errors. > > > > I get these errors as well, but not from normal production traffic. > > I see the "No route to host" message only under certain specific > > testing conditions, such as running 'nmap' from an OpenBSD box or > > running high connection rate HTTP load benchmarks. > > > > Is there something unusual about your OpenBSD server deployment which > > would lead to a very high rate of short-lived TCP sessions? > > Are you using 'pf' with keep state? > > > > Kevin
