Re: promiscuous mode / strange ethernet packets duplication problem
This is a simle question That has generated a lot of well-meaning but very complicated replies. You can only have one default gateway. This is an easy thing to set up. If you need to define spcific routes, then its a bit more complicted. But not rocket science. One day someone will write a book about it. Listening Greg ? -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: promiscuous mode / strange ethernet packets duplication problem
From: Yann GROSSEL [EMAIL PROTECTED] Hi, We have several FreeBSD 4.7 boxes that put automatically all their interfaces into promiscuous mode during the boot process. What should I do to prevent this from happening ? Our boxes are connected on a D-Link switch. We have noticed a very weird behaviour from a few of these machines, I'll try yo explain it : Our switch has a standard MAC address aging value of 300 seconds. When one MAC address expires on the switch, the next packet targeted to this MAC address is broadcasted on all ports of the switch (because the switch doesn't remember anymore on what port the target MAC address is). That at least seems to be normal. But each time an ethernet packet broadcasted as descrbibed above arrives on the interfaces of our machines, these machines resend the packet to the network, decrementing the TTL value bye one. I mean, these machines are resending packets that are NOT targeted to them - neither the destination MAC address OR the destination IP address of the packet match the interface of the machine. This happends only on machines with interfaces in promiscuous mode AND with net.inet.ip.forwarding = 1. There's your answer. Any machine with forwarding turned on will resend a packet that isn't destin for it. That's by design. It doesn't make much sense to me that you'd have a lot of machines with forwarding turned on. Usually only gateways use this. Honestly, I can't thing of any reason to have forwarding on if your machine only has 1 IP address. As several boxes have this problem, they resend packets to each others very quickly, generating a flood on the network. This flood only stop when all TTL of packets reach 0 or when the switch finally re-learn on what port is located the interface with the target MAC address. Does anybody have any clue about what this kind of problem may be ? Turn forwarding of on all but your gateways. -Bill _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: promiscuous mode / strange ethernet packets duplication problem
On Thu, 02 Jan 2003 08:56:42 -0500 Bill Moran [EMAIL PROTECTED] wrote: There's your answer. Any machine with forwarding turned on will resend a packet that isn't destin for it. That's by design. It doesn't make much sense to me that you'd have a lot of machines with forwarding turned on. Usually only gateways use this. Honestly, I can't thing of any reason to have forwarding on if your machine only has 1 IP address. As several boxes have this problem, they resend packets to each others very quickly, generating a flood on the network. This flood only stop when all TTL of packets reach 0 or when the switch finally re-learn on what port is located the interface with the target MAC address. Does anybody have any clue about what this kind of problem may be ? Turn forwarding of on all but your gateways. Mhhh. Gateways are designed to forward packets from network to network. If a machine wants to send a packet to a remote network, it will send that packet to the gateway by putting the gateway interface MAC address in the destination field of the ethernet packet. The gateway will know that it must forward the packet because of that. And it will know where to forward the packet by looking to the destination IP address field of the packet. Here the machines are forwarding ethernet packets with a destination MAC address field set to ANOTHER machine of our network. In other words, these packets are NOT targetted to the gateways, neither from their MAC address destination field nor from their IP address destination field. So why are these packets forwarded ? Regards Yann -- Yann GROSSEL Email: [EMAIL PROTECTED] HEXANET NOC URL: http://www.hexanet.fr/ Tel: +33 (0)3 26 79 30 05 Fax: +33 (0)3 26 79 30 06 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: promiscuous mode / strange ethernet packets duplication problem
From: Yann GROSSEL [EMAIL PROTECTED] On Thu, 02 Jan 2003 08:56:42 -0500 Bill Moran [EMAIL PROTECTED] wrote: There's your answer. Any machine with forwarding turned on will resend a packet that isn't destin for it. That's by design. It doesn't make much sense to me that you'd have a lot of machines with forwarding turned on. Usually only gateways use this. Honestly, I can't thing of any reason to have forwarding on if your machine only has 1 IP address. As several boxes have this problem, they resend packets to each others very quickly, generating a flood on the network. This flood only stop when all TTL of packets reach 0 or when the switch finally re-learn on what port is located the interface with the target MAC address. Does anybody have any clue about what this kind of problem may be ? Turn forwarding of on all but your gateways. Mhhh. Gateways are designed to forward packets from network to network. If a machine wants to send a packet to a remote network, it will send that packet to the gateway by putting the gateway interface MAC address in the destination field of the ethernet packet. The gateway will know that it must forward the packet because of that. And it will know where to forward the packet by looking to the destination IP address field of the packet. Here the machines are forwarding ethernet packets with a destination MAC address field set to ANOTHER machine of our network. In other words, these packets are NOT targetted to the gateways, neither from their MAC address destination field nor from their IP address destination field. So why are these packets forwarded ? Well, this is getting into internals that are a little beyond me, but I would say that it's because forwarding occurs at the IP level. You seem to be confusing the behaviour your expecting with a bridge, which forwards at the MAC level. I'd bet the kernel logic that handles forwarding knows nothing about MAC addresses (based on the network stack model) and thus can't make decisions based on them. IP forwarding would have nothing to do with MAC addresses, if it did, how could you forward across a PPP or serial link (or any other media that doesn't have a MAC addy)? Is there a reason that forwarding should be on for these machines? -Bill _ Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: promiscuous mode / strange ethernet packets duplication problem
On Thu, 02 Jan 2003 09:42:13 -0500 Bill Moran [EMAIL PROTECTED] wrote: Gateways are designed to forward packets from network to network. If a machine wants to send a packet to a remote network, it will send that packet to the gateway by putting the gateway interface MAC address in the destination field of the ethernet packet. The gateway will know that it must forward the packet because of that. And it will know where to forward the packet by looking to the destination IP address field of the packet. Here the machines are forwarding ethernet packets with a destination MAC address field set to ANOTHER machine of our network. In other words, these packets are NOT targetted to the gateways, neither from their MAC address destination field nor from their IP address destination field. So why are these packets forwarded ? Well, this is getting into internals that are a little beyond me, but I would say that it's because forwarding occurs at the IP level. You seem to be confusing the behaviour your expecting with a bridge, which forwards at the MAC level. I'd bet the kernel logic that handles forwarding knows nothing about MAC addresses (based on the network stack model) and thus can't make decisions based on them. I think it can't be so. If a gateway's kernel doesn't look at the destination MAC address of ethernet packets before forwarding them, a gateway on a network with hubs (and not switches) will try to forward ALL packets passing on the wire. IP forwarding would have nothing to do with MAC addresses, if it did, how could you forward across a PPP or serial link (or any other media that doesn't have a MAC addy)? Well, I think in this case the packets to be forwarded are already inside the machine that have got the PPP or serial link when the forwarding occurs. So the kernel knows how to send them through the link, there is no MAC addresses involved. Is there a reason that forwarding should be on for these machines? Some of the machines were not gateways, so we turned of forwading off on them after we noticed the problem. Doing so reduced the amount of flood. However other machines are true gateways to other networks so we can't turn forwading off on these. Regards Yann PS: someone is posting right now in the [EMAIL PROTECTED] ML a problem that look very much like mine (Routing and Zebra) -- Yann GROSSEL Email: [EMAIL PROTECTED] HEXANET NOC URL: http://www.hexanet.fr/ Tel: +33 (0)3 26 79 30 05 Fax: +33 (0)3 26 79 30 06 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: promiscuous mode / strange ethernet packets duplication problem
Yann GROSSEL [EMAIL PROTECTED] writes: On Thu, 02 Jan 2003 08:56:42 -0500 Bill Moran [EMAIL PROTECTED] wrote: There's your answer. Any machine with forwarding turned on will resend a packet that isn't destin for it. That's by design. It doesn't make much sense to me that you'd have a lot of machines with forwarding turned on. Usually only gateways use this. Honestly, I can't thing of any reason to have forwarding on if your machine only has 1 IP address. As several boxes have this problem, they resend packets to each others very quickly, generating a flood on the network. This flood only stop when all TTL of packets reach 0 or when the switch finally re-learn on what port is located the interface with the target MAC address. Does anybody have any clue about what this kind of problem may be ? Turn forwarding of on all but your gateways. Mhhh. Gateways are designed to forward packets from network to network. If a machine wants to send a packet to a remote network, it will send that packet to the gateway by putting the gateway interface MAC address in the destination field of the ethernet packet. The gateway will know that it must forward the packet because of that. And it will know where to forward the packet by looking to the destination IP address field of the packet. Yep. Here the machines are forwarding ethernet packets with a destination MAC address field set to ANOTHER machine of our network. In other words, these packets are NOT targetted to the gateways, neither from their MAC address destination field nor from their IP address destination field. The machines doing the forwarding don't know that. So why are these packets forwarded ? That's what a router does; when it receives a packet that isn't for itself, it forwards the packet towards the destination. Your FreeBSD machines, by running in promiscuous mode, are receiving *all* the packets on their bit of the wire, and are correct to do so. [A host on that net could send *all* of its packets to a gateway, even the ones to the local net, and expect them to get to the right places. This one-armed router configuration is legitimate and occasionally useful.] Here's what's probably happening: the MAC address mapping times out on the network switch before it times out on the routing hosts (gateways). Then the switch sends those packets to the routing hosts. The routing hosts normally would be screening out those packets on the NIC, because the destination MAC address doesn't belong to the host, but because it's in promiscuous mode, it sends the packet to the IP stack anyway. The IP stack knows how to reach the destination IP address from the packet, and does so. The correct solution is one of two things: make sure that the switch doesn't time out its MAC address mappings any faster than the hosts do, or make sure that the the forwarding machines don't get into promiscuous mode unless they're supposed to. Going further out on a limb, I'll guess that the switch is not refreshing its mappings from passing traffic like an ARP host would, and a smarter switch wouldn't have this problem. Good luck. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
