FreeBSD Router : ARP who-has requests
From: Lee Johnston (lee_at_wildcard.net.uk)
Date: 12/20/04
- Previous message: Nickolay A. Kritsky: "RE: FW: Curiosity in IPFW/Freebsd bridge. [more] 802.1q VLAN at fault?"
- Next in thread: gnn_at_FreeBSD.org: "Re: FreeBSD Router : ARP who-has requests"
- Reply: gnn_at_FreeBSD.org: "Re: FreeBSD Router : ARP who-has requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 20 Dec 2004 19:28:21 +0000 To: freebsd-net@freebsd.org
Hi there,
We are using a FreeBSD machine as a router in one of our PoPs (using Quagga
for BGP support). Today I've noticed a sudden increase in the amount of
ether broadcast traffic on the network. This seems to boil down to the rate
the router is issuing ARP who-has requests.
The machine has about 10 local subnets connected to it via one interface
(ranging in size up to /26's, totalling about a /23). I'm using device
polling on the network adapters, and have the following option in the
kernel: 'options HZ=1000'.
The requests are only for IPs not in use (presumably because the ones in
use are cached). I'm seeing the same who-has request for the same IP about
3-4 times a second.
We've had the machine configured the same way for about a month, normal
broadcast traffic is around 2kbps, but suddenly today it's increased 10
fold to about 20kbps.
Does any one have any ideas on this? Could the kernel option (options HZ)
which we use for dummynet/polling effect the rate in which ARP requests are
issued?
I had planned to place each subnet in a VLAN, and looks like this will have
to be done fairly quickly. But I just don't understand the sudden increase.
My only other though is that some could be port scanning, or someone has
just been exploited.
Appreciate any feedback.
Thanks,
Regards,
Lee.
Lee Johnston, Wildcard Internet
t: +44 (0)845 165 1510 f: +44 (0)845 165 1511 m: +44 (0)7795 423 617
e: lee@wildcard.net.uk www: http://www.wildcard.net.uk/
Web Development - Domains - Hosting - Co-location - Dedicated Servers
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Nickolay A. Kritsky: "RE: FW: Curiosity in IPFW/Freebsd bridge. [more] 802.1q VLAN at fault?"
- Next in thread: gnn_at_FreeBSD.org: "Re: FreeBSD Router : ARP who-has requests"
- Reply: gnn_at_FreeBSD.org: "Re: FreeBSD Router : ARP who-has requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
