Date: Fri, 23 Mar 2007 05:41:28 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> Cc: freebsd-net@freebsd.org Subject: Re: ICMP-floods Message-ID: <20070322184128.GI847@turion.vk2pj.dyndns.org> In-Reply-To: <46019EB6.6010209@ide.resurscentrum.se> References: <460060A8.1080109@ide.resurscentrum.se> <65531A6A-7178-48A1-97D0-9DCB4F72E315@mac.com> <4600689C.3080306@ide.resurscentrum.se> <D0ACB868-E4D7-4438-92B5-F3769F7CD31C@mac.com> <46019EB6.6010209@ide.resurscentrum.se>
next in thread | previous in thread | raw e-mail | index | archive | help
--UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On 2007-Mar-21 22:08:06 +0100, Jon Otterholm <jon.otterholm@ide.resurscentrum.se> wrote: >I did not mention earlier that all if's are vlan-based sub-intefaces. It >seems that if I move admin-if's on my routers to a different physical if >than the one with the default route, all weird time-exeed/redir are gone >and all traffic on my Nagios-machine are OK. > >It seems allmost as if my routers can not hold apart inbound traffic >destined to different sub-if's on one physical if. Can this be it? I have a old switch at work that understands that IP traffic should be kept in VLANs but other traffic (eg DECnet) gets flooded across all VLANs. It got removed from the network very rapidly once the resulting problems were traced to it. That said, your problem sounds more like a switch/router configuration problem than a bug. Most managed switches default to a mode where they try to automatically just work - ie ports automatically enable or disable STP and switch between untagged and trunk mode depending on the management packets they see on that port. If you don't have a homogenous switch network, it's worth noting that some switch vendors use non-standard MAC addresses for switch management - these packets won't be recognized as management packets by other vendors' switches and can result in two switches that are not physically connected deciding that they _are_ connected and making topology decisions on that basis. I suggest you work through and manually configure all your switches to do what you want whilst disabling most or all of the auto-detection functionality. >A possible bug in if_vlan? I haven't bumped into any if_vlan bugs. There used to be some VLAN related bugs in the bridge code but these were very noisy so it would be immediately obvious if you hit them (the VLAN tag wasn't part of the MAC table hash so having the same MAC in different VLANs triggered error messages). -- Peter Jeremy --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFGAs3Y/opHv/APuIcRApWKAKCB8FVt/pPN1tIXRYvFCbcgLzldvgCfa4yd n0rJQJLSE4wfS7BEXw9tGU0= =oo5N -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070322184128.GI847>