HPE Community
Operating System - HP-UX
1832978 Members
2642 Online
110048 Solutions
New Discussion

Re: Routing tables are filling

 
SOLVED
Go to solution
Mark Symmonds_1
New Member

‎05-06-2003 10:13 AM

‎05-06-2003 10:13 AM

Routing tables are filling

I am having a major problem with the routing tables on two HP-UX servers, running 10.20 and 11.00. The routing tables keep dynamically filling up with false UGHD or UGH flagged routes and it is causing clients to fail when attempting a connection. I am constantly having to run

netstat -rn | awk '$3=/UGHD/ {system ("route delete "$1" "$2" ")}'

in order to clear the junk entries.

Any ideas? I looked through everywhere and I do not appear to be running any dynamic routing daemons like routed. Also only the HP-UX servers are having these issues on the network. The Suns and Linux servers do not.

Thanks for any help, as I am getting frustrated.

0 Kudos
Reply
11 REPLIES 11
LucianoCarvalho
Respected Contributor

‎05-06-2003 10:19 AM

‎05-06-2003 10:19 AM

Re: Routing tables are filling

hi,

Those entries are been created by any router in your network.
The routers uses icmp redirect to create these entries on HP-UX, when the router thinks there is a route better thant that the hp are using. You can disable icmp redirect on your router, so the entries will not be created any more. On a cisco router the command is "no ip redirect".

Regards
0 Kudos
Reply
LucianoCarvalho
Respected Contributor

‎05-06-2003 10:19 AM

‎05-06-2003 10:19 AM

Re: Routing tables are filling

hi,

Those entries are been created by any router in your network.
The routers uses icmp redirect to create these entries on HP-UX, when the router thinks there is a route better thant that the hp are using. You can disable icmp redirect on your router, so the entries will not be created any more. On a cisco router the command is "no ip redirect".

Regards
0 Kudos
Reply
Mark Symmonds_1
New Member

‎05-06-2003 11:10 AM

‎05-06-2003 11:10 AM

Re: Routing tables are filling

Isn't there a way to stop the HP-UX servers from adding the entries? Again the HP-UX servers are the only ones having this problem.
0 Kudos
Reply
LucianoCarvalho
Respected Contributor

‎05-06-2003 11:33 AM

‎05-06-2003 11:33 AM

Solution

Re: Routing tables are filling

there is no way to configure HP-UX to reject that, you have to configure the router to not send. But there is an IP Paremter that you can set up so the entries created by icmp redirect will be deleted in 5 seconds.
This is ip_ire_redirect_interval.
How To use:

Verify the current value:

ndd -get /dev/ip ip_ire_redirect_interval

Set the redirect interval to 5 second

ndd -set /dev/ip ip_ire_redirect_interval 5000

Additional Information
HP-UX 11.0
Minimum 5000 (5sec)
Maximum 600000 (10min)
The values is given in milliseconds.

best regards
Reply
LucianoCarvalho
Respected Contributor

‎05-06-2003 11:34 AM

‎05-06-2003 11:34 AM

Re: Routing tables are filling

there is no way to configure HP-UX to reject that, you have to configure the router to not send. But there is an IP Paremter that you can set up so the entries created by icmp redirect will be deleted in 5 seconds.
This is ip_ire_redirect_interval.
How To use:

Verify the current value:

ndd -get /dev/ip ip_ire_redirect_interval

Set the redirect interval to 5 second

ndd -set /dev/ip ip_ire_redirect_interval 5000

Additional Information
HP-UX 11.0
Minimum 5000 (5sec)
Maximum 600000 (10min)
The values is given in milliseconds.

best regards
0 Kudos
Reply
Mark Symmonds_1
New Member

‎05-06-2003 11:39 AM

‎05-06-2003 11:39 AM

Re: Routing tables are filling

When I try that I get:

# ndd -set /dev/ip ip_ire_redirect_interval 5000
operation failed, Invalid argument

Thanks for your help!
0 Kudos
Reply
LucianoCarvalho
Respected Contributor

‎05-06-2003 11:53 AM

‎05-06-2003 11:53 AM

Re: Routing tables are filling

I got the same error too. I realized that the minimum value accepted is 60000 or 1 minute.

I forgote to say about nddconf file.
You have to configure an entry in /etc/rc.config.d/nddconf file (if it doesn't existe you can copy from /usr/newconfig/etc/rc.config.d) or after reboot the value will come back to the default value.
Example of an entry:

TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_ire_redirect_interval
NDD_VALUE[0]=6000

regards


0 Kudos
Reply
Mark Symmonds_1
New Member

‎05-06-2003 12:17 PM

‎05-06-2003 12:17 PM

Re: Routing tables are filling

Thank you. That looks like it is helping a little, but I still think HP needs to create a patch to be able to turn this off.
0 Kudos
Reply
Mark Symmonds_1
New Member

‎05-06-2003 12:25 PM

‎05-06-2003 12:25 PM

Re: Routing tables are filling

My networking folks say ICMP redirect is not turned on the routers.
0 Kudos
Reply
LucianoCarvalho
Respected Contributor

‎05-07-2003 03:06 AM

‎05-07-2003 03:06 AM

Re: Routing tables are filling

OK!. So I think it will be a good idea ask them to install a packet analyzer (tcpdump)and see where the icmp redirect is coming from.

regards
0 Kudos
Reply
rick jones
Honored Contributor

‎05-07-2003 10:07 AM

‎05-07-2003 10:07 AM

Re: Routing tables are filling

I would make sure that the HP-UX systems have the same defualt routers configured as the other systems on the network.

After that, the checking of the source of the ICMP redirect messages is a good idea - make sure to include the ethernet header in the tcpdump output and compare the source MAC address with that of the routers - do this in addition to the source IP address, lest there be something malicious out there generating the redirects. Also, check the stats on your router(s) to see that they are indeed recording that they have send ICMP redirect messages.

While there is no ndd tunable to sey "ignore redirects" (if there are such things on Solaris or Linux it would be worth filing an ER with the RC...) you could in theory install and configure ipfilter (www.software.hp.com) to filter-out the redirects.

One other possibility is that these are not triggered by ICMP redirects, but PathMTU entries (ICMP datagram too large messages). You can disable pathMTU discovery by setting ip_pmtu_strategy to a value of 0.

ftp://ftp.cup.hp.com/dist/networking/briefs/annotated_ndd.txt
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.