>On FreeBSD 3.0-RELEASE, when you physically break an ethernet (eg, unplug
>the cable) the host still thinks the interface is up and can still
>ping it. Is there any way to avoid that scenario - ie, when you break
>an interface, have it be really broken, down, unpingable?
`ping` to a local interface in many BSD-related systems goes nowhere near
the driver, and so does not care if the cable is disconnected.
>The reason I ask is that a physically down ethernet network interface
>does not appear to be visible FreeBSD (or to gated) which means that
>OSPF really doesn't work properly.
>For example, two machines, three networks:
> +------+ +------+
>----net1----| box1 |----net2----| box2 |----net3----
> +------+ +------+
>If box1 is announcing net1 to box2 via OSPF, and I physically take
>down the net1 interface on box1, box1's gated never knows it, keeps
>announcing the route to box2. box2 can still reach the net1 interface on
>box1, even though net1 should really be unreachable via box1.
>Any work-around for this?
You really do not want to work-around that, as described. Just because
net1 is broken is no reason to think that any part of box1 cannot talk to
sockets that are bound to the net1 address of box1. Any packets that
somewhow reach box1 and are addressed to the net1 interface of box1 should
be handled just as if net1 were healthy. Imagine that the net1 interface
on box1 carries the IP address of the main name of box1. You would not
want to stop being able to reach box1 from box2 just because a distant
network is broken. The right thing (in my view) when net1 breaks is for
box2 to have a /32 or host route to the net1 interface of box1, but not
have a network route to addresses actually on net1.
Quote:>[FYI, this is not really a FreeBSD-specific problem - Linux and Solaris
>also appear to fail this test.]
What are you using for OSPF on box1? Does it do the right things to detect
broken network hardware, which I think include watching for errors on send
requestse, comparing output packets with output errors, and comparing
input packets with input errors, and ceasing to advertise network routes
when any of those suggest a network is sick.
I think `routed` does all of that, but it only does RIPv1, RIPv2, and the
gateway discovery protocol.
By the way, why does FreeBSD 3.0 have such an old version of `routed`?
The NetBSD guys and others have been sending me fixes and picking up
improved versions, but not FreeBSD? There are some significant (in my
view) bugs in the FreeBSD version.