HPE Community
Operating System - HP-UX
1833785 Members
2051 Online
110063 Solutions
New Discussion

icmp(8) every 183 seconds ??

 
SOLVED
Go to solution
Ceesjan van Hattum
Esteemed Contributor

‎03-07-2002 04:28 AM

‎03-07-2002 04:28 AM

icmp(8) every 183 seconds ??

I was not able to determine the origin of echo-packets which are send to the default gateway every 183 seconds.

Using nettl did not give me
the anser, using
nettl -tn 0x56000000 -e ns_ls_icmp -c lan0 -f /tmp/icmptrace
and
netfmt -f /tmp/icmptrace.TRC0
for reading.
I only saw strange packets with PID=[ICS] ?? and UID=-1. What is this?

No nfs (server/client) is running, only nfskd, but this
is not used in the early releases of HPUX-11.

In the syslog.log i found the following (might be related?):
rpcbind: svc_tli_create: t_getname failed; T_IDLE
rpcbind: svc_dg_create: could not get transport information
rpcbind: init_transport: Could not create rmtcall fd for ticlts

The system does not have any strange or complex applications running and all known processes were stopped.
Can somebody help determining its origin?
0 Kudos
Reply
5 REPLIES 5
Steve Steel
Honored Contributor

‎03-07-2002 04:39 AM

‎03-07-2002 04:39 AM

Re: icmp(8) every 183 seconds ??

Hi


Is this a ServiceGuard cluster.


A similar problem is known and fixed with the latest patch for ServiceGuard.

These or later versions for your OS.

11.09 - [PHSS_23511/PACHRDME/English]
11.12 - [PHSS_23373/PACHRDME/English]
10.12 - [PHSS_22870/PACHRDME/English]


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎03-07-2002 04:50 AM

‎03-07-2002 04:50 AM

Re: icmp(8) every 183 seconds ??

Hi,

Does your system by any chance run any router discovery protocol daemon eg. rdpd?

To check:

# ps -fae|grep rdpd

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Steven Gillard_2
Honored Contributor

‎03-07-2002 05:03 AM

‎03-07-2002 05:03 AM

Solution

Re: icmp(8) every 183 seconds ??

I believe this is part of the dead-gateway-detection strategy which is on by default on hpux 11.x. You can turn it off if you want by setting the ndd parameter ip_ire_gw_probe, but if its not doing any harm I would leave it alone. Here's a document describing this parameter:

Turns the Dead Gateway Detection on and off.

IP periodically tests if the gateways are available. It not only probes the
active one, but also the "dead" gateways in case the came back to live in the
meantime. The default for this value is "1", so we probe the gateways.

You could see which value is set by executing:

ndd -get /dev/ip ip_ire_gw_probe

This results in "1" probing or "0" not probing.

To see all gateways you could use ip_ire_status

ndd -get /dev/ip ip_ire_status | grep -e IRE_GATEWAY -e flag

This results in a list of all gateways, the flags will indicate a dead gateway.
Another option ip_ire_gw_probe_interval is available which changes the
frequency in which such probes will be performed.

Why would this be used?

The gateway probes are ICMP packets which await a proper reply.

In cases where e.g. a firewall is used it could be wanted to turn off ICMP, so
nobody could ping the firewall but still it works for the desired protocols.
So turning it off would not compromise the work, because we would never send an
ICMP packet to test the machine. On the other hand we would only know if a
gateway is not operational if we try to use it. This results in long timeouts
during the detection.

Usable commands:

Check the current value:

ndd -get /dev/ip ip_ire_gw_probe

Disable Dead Gateway Detection:

ndd -set /dev/ip ip_ire_gw_probe 0

Enable Dead Gateway Detection:

ndd -set /dev/ip ip_ire_gw_probe 1

nddconf entry example:

TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0


Regards,
Steve
Reply
Alan Schunemann_1
New Member

‎08-20-2002 05:31 PM

‎08-20-2002 05:31 PM

Re: icmp(8) every 183 seconds ??

the ndd command to disable the gw probe is not available on my hpux 11 system:

wksta1_root 27: ndd -get /dev/ip ip_ire_status | grep -e IRE_GATEWAY -e flag
IRE rfq stq addr mask src gateway mxfrg rtt ref in/out/forward type flag
015c6a74 00000000 00000000 000.000.000.000 ffffffff 162.033.144.145 162.033.144.001 01500 00911 000 0/0/0 IRE_GATEWAY DEAD
wksta1_root 28: ndd -get /dev/ip ip_ire_gw_probe
name is non-existent for this module
for a list of valid names, use name '?'
wksta1_root 29: uname -a
HP-UX wksta1 B.11.00 A 9000/715 2012922849 two-user license

Any ideas?

Thanks,
Alan
0 Kudos
Reply
Ceesjan van Hattum
Esteemed Contributor

‎08-22-2002 12:58 AM

‎08-22-2002 12:58 AM

Re: icmp(8) every 183 seconds ??

Hi Alan Schunemann,
I really have no clue. I repeated the commands, mean difference seems to be the last words: IRE_GATEWAY DEAD.
This very last word i do not have..
You use real ip-numbers in the output (for everyone to read), but what is the ip of the wksta1 ?
Maybe you should rephrase your problem into a new thread (new posting), instead of continueing on this old one. Although related, you ask a different question then the original.

Regards,
Ceesjan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.