Date: Sat, 4 Aug 2001 18:28:26 +0200 From: Bernd Walter <ticso@mail.cicely.de> To: Andre Oppermann <oppermann@telehouse.ch> Cc: Bernd Walter <ticso@mail.cicely.de>, freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: 303,000 routes in kernel Message-ID: <20010804182825.A7176@cicely20.cicely.de> In-Reply-To: <3B6BD979.5BFD5890@telehouse.ch>; from oppermann@telehouse.ch on Sat, Aug 04, 2001 at 01:16:09PM %2B0200 References: <3B69CE3F.1BCCB280@telehouse.ch> <20010803114648.A2565@cicely20.cicely.de> <3B6BD979.5BFD5890@telehouse.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 04, 2001 at 01:16:09PM +0200, Andre Oppermann wrote: > Bernd Walter wrote: > > > > On Fri, Aug 03, 2001 at 12:03:43AM +0200, Andre Oppermann wrote: > > > The problem I've got now is that for every packet I get the kernel is > > > making one host entry in the routing table. Because of the many UDP > > > DNS requests from all over the world I've got 303'000 (yes, three- > > > hundredthreethousand) entries in the kernel routing table which have > > > not expired yet. So I'm getting error messages like this now: > > > > Are you shure that these are not created via redirects when sending > > the packet? > > You might try to disable acepting redirects via sysctl and/or > > setting the routes so that packets have a better chance to be send > > to the right router. > > I think we have a winner here! With icmp redirect turned off the box > having only three routes, link, net and default. > > This box is directly connected to the TIX Internet Exchange with > 45 ISP. Although it does not do BGP itself it has one of the BGP > routers as it's default route. Depending on where the DNS request > came from the BGP router simply sent an ICMP redirect so the box > could send the reply packet directly to that ISP. Unfortunatly the > redirects are host routes this is why the routing table got so big, > otherwise it would have stopped at 105'000 routes which is still > managable. I have managed servers (proxy, dns and news) in similar configurations. You might think about exporting /16 and bigger routes via BGP or OSPF to the server. That way you don't need to have all packets go through your default- router. DNS servers are known to bring a good load on routers as the packets are usually small with a high rate. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010804182825.A7176>