Date: Thu, 22 Mar 2007 22:02:50 +0100 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: freebsd-net@freebsd.org Subject: Re: ICMP-floods Message-ID: <4602EEFA.5020907@ide.resurscentrum.se> In-Reply-To: <20070322184128.GI847@turion.vk2pj.dyndns.org> References: <460060A8.1080109@ide.resurscentrum.se> <65531A6A-7178-48A1-97D0-9DCB4F72E315@mac.com> <4600689C.3080306@ide.resurscentrum.se> <D0ACB868-E4D7-4438-92B5-F3769F7CD31C@mac.com> <46019EB6.6010209@ide.resurscentrum.se> <20070322184128.GI847@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Jeremy wrote: > On 2007-Mar-21 22:08:06 +0100, Jon Otterholm <jon.otterholm@ide.resurscentrum.se> wrote: > >> I did not mention earlier that all if's are vlan-based sub-intefaces. It >> seems that if I move admin-if's on my routers to a different physical if >> than the one with the default route, all weird time-exeed/redir are gone >> and all traffic on my Nagios-machine are OK. >> >> It seems allmost as if my routers can not hold apart inbound traffic >> destined to different sub-if's on one physical if. Can this be it? >> > > I have a old switch at work that understands that IP traffic should be > kept in VLANs but other traffic (eg DECnet) gets flooded across all > VLANs. It got removed from the network very rapidly once the > resulting problems were traced to it. > From what I have seen my problem only concerns ICMP-traffic. > That said, your problem sounds more like a switch/router configuration > problem than a bug. Most managed switches default to a mode where > they try to automatically just work - ie ports automatically enable or > disable STP and switch between untagged and trunk mode depending on > the management packets they see on that port. If you don't have a > homogenous switch network, it's worth noting that some switch vendors > use non-standard MAC addresses for switch management - these packets > won't be recognized as management packets by other vendors' switches > and can result in two switches that are not physically connected > deciding that they _are_ connected and making topology decisions on > that basis. > Interesting. My switch-network is homogeneous D-link and it would not be the first time we find bugs in their products if that is the case. But I'm still not convinced it is related to my switches, my switches are working on L2, ICMP is L4. I'm just wondering why my problem goes away when moving my admin-vlan to another nic-port connected to the same switch. Cisco-routers connected to the same switch do not react to this as my FreeBSD-routers do. //Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4602EEFA.5020907>