What is the cause for such a message while running kernel 2.6.1 on RH9 ? Neighbour table overflow. NET: 282 messages suppressed. Neighbour table overflow. Alex Iruc _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi I''m not really sure, but "Neighbour table overflow" message is displayed when the arp addresses table of neighbour hosts is full and reseted. It''s common in proxies and routers Quoting Alex <alex@hostingcenter.ro>:> What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > Neighbour table overflow. > NET: 282 messages suppressed. > Neighbour table overflow. > > > Alex Iruc > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >Santiago J. Ruano Rincón Avatar Ltda. ParqueSoft Popayán +57-2 8221214 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I understand, it''s just that it never happend before yesterday and I was wondering is it normal to see such a message displayed over and over again, with the only difference that "NET: 282 messages suppressed" changes to NET: 355 messages suppressed and so on... A bit too much and to strange to happen all of the sudden in 1-3 hours time. So, maybe I''m wrong, but these messages are a bit too weird to happed so many at once. Any ideeas? Thanks Alex ----- Original Message ----- From: "Santiago J. Ruano Rincón" <santiago@avatar.com.co> To: "Alex" <alex@hostingcenter.ro> Cc: "Lartc" <lartc@mailman.ds9a.nl> Sent: Sunday, February 22, 2004 7:49 AM Subject: Re: [LARTC] Neighbour table overflow> Hi > > I''m not really sure, but "Neighbour table overflow" message is displayedwhen> the arp addresses table of neighbour hosts is full and reseted. It''scommon in> proxies and routers > > Quoting Alex <alex@hostingcenter.ro>: > > > What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > > > Neighbour table overflow. > > NET: 282 messages suppressed. > > Neighbour table overflow. > > > > > > Alex Iruc > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > > Santiago J. Ruano Rincón > > Avatar Ltda. > ParqueSoft Popayán > +57-2 8221214 > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I had a problem, just like it. I was trying to do maskerading on two interfaces, along with policy routing. I also got neighbour table overflow. What I did, was to change one interface from maskerading to snat. (Meaning, all clients passing out of the second interface, was snat''ed to the interface address.) That solved my problem. I hope this might give some kind of help. Best regards Søren Kent Jensen ----- Original Message ----- From: "Alex" <alex@hostingcenter.ro> To: "Lartc" <lartc@mailman.ds9a.nl> Sent: Sunday, February 22, 2004 4:22 AM Subject: [LARTC] Neighbour table overflow> What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > Neighbour table overflow. > NET: 282 messages suppressed. > Neighbour table overflow. > > > Alex Iruc > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > Neighbour table overflow. > NET: 282 messages suppressed. > Neighbour table overflow.You must tune /proc/sys/net/ipv4/conf/gc_thresh.... ... something like: echo "1024" > /proc/sys/net/ipv4/neigh/default/gc_thresh1 echo "4096" > /proc/sys/net/ipv4/neigh/default/gc_thresh2 echo "8192" > /proc/sys/net/ipv4/neigh/default/gc_thresh3 Arkadiusz Binder _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > Neighbour table overflow. > NET: 282 messages suppressed. > Neighbour table overflow.ARP table overflow, do you have an interface on your router with a too wide netmask? /16 (255.255.0.0) maybe? Do you have a lot of "(incomplete)" entries in "arp -n"? Check that interface with "tcpdump -i eth? -n arp". Probably some virus or port sniffer tries to scan your network. -- Damjan Georgievski jabberID: damjan@bagra.net.mk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I''m doing NAT for 200 workstations and 2 gre tunels with 4 users each. I also have in mangle table in PRETOURING chain, DROP rules for ports commonly used by blaster, welchia and other worms. I have never seen this problem until now and I did not get the chance to verify it under kernel 2.4.X. I use one class C private with private ips + another 2 class C for tunels. Maybe this message is because my users frequently scan the network with WS_PING to see what users are online (this produces arp-requests for each ip in that ip class)? Alex Iruc ----- Original Message ----- From: "Damjan" <gdamjan@mail.net.mk> To: <lartc@mailman.ds9a.nl> Cc: "Alex" <alex@hostingcenter.ro> Sent: Tuesday, February 24, 2004 11:12 PM Subject: Re: [LARTC] Neighbour table overflow> > What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > > > Neighbour table overflow. > > NET: 282 messages suppressed. > > Neighbour table overflow. > > ARP table overflow, > do you have an interface on your router with a too wide netmask? > /16 (255.255.0.0) maybe? > Do you have a lot of "(incomplete)" entries in "arp -n"? > > Check that interface with "tcpdump -i eth? -n arp". > > Probably some virus or port sniffer tries to scan your network. > > -- > Damjan Georgievski > jabberID: damjan@bagra.net.mk > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
At 10:12 25/02/2004, Damjan wrote:> > What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > > > Neighbour table overflow. > > NET: 282 messages suppressed. > > Neighbour table overflow. > >ARP table overflow, >do you have an interface on your router with a too wide netmask? >/16 (255.255.0.0) maybe? >Do you have a lot of "(incomplete)" entries in "arp -n"? > >Check that interface with "tcpdump -i eth? -n arp". > >Probably some virus or port sniffer tries to scan your network.I''ve seen neighbour table overflow messages on wireless routers where the wireless interface is not working properly, or is not connected to an access point. It just takes a couple of seconds of trying to ping another machine on a wireless network when you''re not connected to the access point successfully and neighbour table overflow will start comming up.... I never did get to the bottom of what the message means or whether its something to worry about though. (Never see it when the connection is working, so I didn''t worry about it) Regards, Simon _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/