Re: Could an ICMP Redirect have disconnected my server?



On Thu, 30 Aug 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <13dc5a2kl2ivud0@xxxxxxxxxxxxxxxxxx>, ljb wrote:

Does Linux (2.4.x) act on ICMP Redirect packets by default?

Under limited conditions, yes - but you seem to have a strange network
layout which might confuse things. 2.4.x? Which 2.4.x? 2.4.31.2 is the
latest (released about two weeks ago).

If so, can an ICMP Redirect override a static default route?
If so, does a routing table entry from an ICMP Redirect time out?

1122 Requirements for Internet Hosts - Communication Layers. R.
Braden, Ed.. October 1989. (Format: TXT=295992 bytes) (Updated by
RFC1349, RFC4379) (Also STD0003) (Status: STANDARD)

1812 Requirements for IP Version 4 Routers. F. Baker, Ed.. June 1995.
(Format: TXT=415740 bytes) (Obsoletes RFC1716, RFC1009) (Updated by
RFC2644) (Status: PROPOSED STANDARD)

A quick scan of those two, I don't see a timeout.

I have this Linux server that went mostly off-line suddenly today,
disconnecting a number of database users and such. The server is on an
intranet, private static IP address and one default route to a internal
router. (The only odd thing is that there are multiple logical subnets on
the same physical subnet.)

Usually, having logical subnets on the same physical wire is a bad idea.

When it dropped all those connections, it was still reachable from, and
could still reach, systems with the same subnet number.

Logical or physical?

Unfortunately, I didn't realize that at the time - I found two systems
that could still reach it, but I didn't make the subnet connection. So I
didn't check the routing table until later.

Is syslogd configured to log any routing information?

About 90 minutes after it dropped off, it came back up; nobody did
anything to it - it just started taking to the network normally again.

Assuming you are not using a routing daemon like routed or gated, a
redirect should stick until networking is restarted (clearing and
reloading the routing table). The only way to change the table would
be an ICMP Redirect (which a distribution-standard kernel should be
ignoring except under very limited conditions).

Trying to figure out what happened, I was wondering if a 'rogue' ICMP
redirect could cause this. Is this possible?

Depends on your network layout. Not very likely, but not impossible.

Old guy

.