Otdfbt

Peace Arch without exiting USA

Can’t attend PhD conferences

What is the legal status of travelling with (unprescribed) methadone in your carry-on?

Is adding a new player (or players) a DM decision, or a group decision?

Through the Looking-Glass

Why is C++ initial allocation so much larger than C's?

Alphabet completion rate

What kind of wire should I use to pigtail an outlet?

Require advice on power conservation for backpacking trip

Is there any evidence that the small canisters (10 liters) of 95% oxygen actually help with altitude sickness?

How can I deal with a coworker killed on the job

Are there any vegetarian astronauts?

Policemen catch thieves

Why aren't (poly-)cotton tents more popular?

Catching generic Exception in a toString implementation - bad practice?

Does Marvel have an equivalent of the Green Lantern?

ては's role in this 「追いかけては来ないでしょう」

Could Sauron have read Tom Bombadil's mind if Tom had held the Palantir?

First-year PhD giving a talk among well-established researchers in the field

Plotting with different color for a single curve

Should I tell my insurance company I'm making payments on my new car?

Links to webpages in books

Impossible darts scores

Should I hide continue button until tasks are completed?

Router disappearing from route table (Linux)

Tuning Linux IP routing parameters — secret_interval and tcp_memHow do I delete a route from Linux routing tableSelecting gateway on application level on LinuxLoad balancing network traffic using iptablesarp table entry outside configured networkipsec/strongswan - how to use remote router as local gateway using the route commandunable to route through linux gatewayWhy does Linux answer to ARP on incorrect interfaces?VPN Router does not reply to ARP RequestsHow to do routing between the instances in AWS using Route Table?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

1

I'm running SLES 12 SP3 in a production environment. There are several interfaces configured on two separate networks. Things are working fine for a while(days at a time) and for no apparent reason, 1 or 2 of the gateways will get dropped from the route table. There is no indication as to why in any logs(/var/log/messages). The ARP table still shows entries from the interfaces in question to the router IP addresses.

I know the Linux kernel does route table garbage collection, and there are tunables related to this. But the route table doesn't appear nearly full, there are less then 50 entries in it. Are there other events that cause the Linux kernel to remove a gateway from the route table? Are there other places I should be looking on the system for clues as to why the router was removed?

Thanks in advance.

routing linux-networking gateway linux-kernel sles12

share|improve this question

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do you use any routing daemons or DHCP clients?
  
  – eckes
  Jun 10 at 7:05
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  DHCP is not in play, all IP addresses on the host in question are static. I am not running any routing daemons that I know of.
  
  – jetson23
  Jun 12 at 11:47
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @eckes - Just curious as to if you were inferring anything specific by implicating DHCP (or a routing daemon)? I am trying to determine if DHCP is definitely disabled on my system. I'm also suspicious of wicked and nanny doing things unexpectedly.
  
  – jetson23
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Nö, it’s just that the only reason I can imagine is user mode. And dhcp Clients and routing daemons are the only ones messing with the routing table by default
  
  – eckes
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks @eckes. Can you give some examples of routing daemons that might do this? Are there standard routing daemons that come with SLES that I can look for on my system?
  
  – jetson23
  13 hours ago
  

  
  
  
  

 | 
show 1 more comment

1

1

I'm running SLES 12 SP3 in a production environment. There are several interfaces configured on two separate networks. Things are working fine for a while(days at a time) and for no apparent reason, 1 or 2 of the gateways will get dropped from the route table. There is no indication as to why in any logs(/var/log/messages). The ARP table still shows entries from the interfaces in question to the router IP addresses.

I know the Linux kernel does route table garbage collection, and there are tunables related to this. But the route table doesn't appear nearly full, there are less then 50 entries in it. Are there other events that cause the Linux kernel to remove a gateway from the route table? Are there other places I should be looking on the system for clues as to why the router was removed?

Thanks in advance.

routing linux-networking gateway linux-kernel sles12

share|improve this question

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do you use any routing daemons or DHCP clients?
  
  – eckes
  Jun 10 at 7:05
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  DHCP is not in play, all IP addresses on the host in question are static. I am not running any routing daemons that I know of.
  
  – jetson23
  Jun 12 at 11:47
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @eckes - Just curious as to if you were inferring anything specific by implicating DHCP (or a routing daemon)? I am trying to determine if DHCP is definitely disabled on my system. I'm also suspicious of wicked and nanny doing things unexpectedly.
  
  – jetson23
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Nö, it’s just that the only reason I can imagine is user mode. And dhcp Clients and routing daemons are the only ones messing with the routing table by default
  
  – eckes
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks @eckes. Can you give some examples of routing daemons that might do this? Are there standard routing daemons that come with SLES that I can look for on my system?
  
  – jetson23
  13 hours ago
  

  
  
  
  

 | 
show 1 more comment

I'm running SLES 12 SP3 in a production environment. There are several interfaces configured on two separate networks. Things are working fine for a while(days at a time) and for no apparent reason, 1 or 2 of the gateways will get dropped from the route table. There is no indication as to why in any logs(/var/log/messages). The ARP table still shows entries from the interfaces in question to the router IP addresses.

I know the Linux kernel does route table garbage collection, and there are tunables related to this. But the route table doesn't appear nearly full, there are less then 50 entries in it. Are there other events that cause the Linux kernel to remove a gateway from the route table? Are there other places I should be looking on the system for clues as to why the router was removed?

Thanks in advance.

routing linux-networking gateway linux-kernel sles12

share|improve this question

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

share|improve this question

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

share|improve this question

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

asked Jun 7 at 19:19

jetson23jetson23

2122 bronze badges

1 Answer
1

active

oldest

votes

1

Linux dropped routing cache for IPv4 (only) in kernel 3.6. That's described there for example: David Miller: routing cache is dead, now what ?. It relies now only on LPC-trie for performance. So as far as I understand there's no route garbage collection done for IPv4 on SLES12 which should be at least kernel 3.12 if not higher.

You could keep the command ip -ts monitor running and log its output for later analysis to find what's going on, especially around when the route disappeared. For example maybe some address also disappeared and reappeared, while leaving the route lost?

share|improve this answer

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  But if several interfaces are using the same IP LAN on the same ethernet LAN expect trouble anyway: ARP flux etc unless you configure the system for this. Though this shouldn't make routes disappear in the routing table.
  
  – A.B
  Jun 7 at 21:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for your response @A.B. I've been playing with "ip -ts monitor" and that may help me figure out what exactly is going on at the time, since there's no real indication of if/when this is going to happen. Could you explain more about your second comment? The ARP table looks ok after the fact. Both routers have an entry in the ARP cache for their appropriate interfaces. I was trying to paste the ARP table but the response is too long. I guess I'm wondering what the issues might be? Thanks.
  
  – jetson23
  Jun 8 at 20:20
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  About "ARP flux" (that you could also search on internet):you have to check on the peer systems (including routers) that each (of you system) interface's IP has its own ARP entry with its MAC. Usually a single card's MAC is present for all IPs, thus forcing all incoming traffic through a single card. Sometimes you even have to disable rp_filter because of this.That's not a problem unless you rely on bandwidth or redondancy. Of course there are settings to make it behave as intended but it's not trivial (and there are questions on SF or UL SE about it, and two categories of answers for the fix)
  
  – A.B
  Jun 9 at 11:00
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks @A.B. I did some reading on ARP flux, and as it turns out, according to the sources I read, we had already set up our sysctl parameters to prevent this issue(arp_announce = 2 and arp_ignore = 1). So I don't think that's what's getting us. Going back to "ip -ts monitor", from the output I see that routes on our system become "STALE", and then are "PROBE"d and set to "REACHABLE", which I'm assuming means they responded to the probe. Would a route be removed if the router didn't respond? What happens if there's heavy traffic and the response packet happens to get dropped?
  
  – jetson23
  Jun 10 at 19:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  run instead: ip -ts monitor link , ip -ts monitor address , ip -ts monitor route. stale reachable etc is about ARP (with ip neighbour) and thus not about routes.
  
  – A.B
  Jun 10 at 21:11
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970606%2frouter-disappearing-from-route-table-linux%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

Linux dropped routing cache for IPv4 (only) in kernel 3.6. That's described there for example: David Miller: routing cache is dead, now what ?. It relies now only on LPC-trie for performance. So as far as I understand there's no route garbage collection done for IPv4 on SLES12 which should be at least kernel 3.12 if not higher.

You could keep the command ip -ts monitor running and log its output for later analysis to find what's going on, especially around when the route disappeared. For example maybe some address also disappeared and reappeared, while leaving the route lost?

share|improve this answer

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  But if several interfaces are using the same IP LAN on the same ethernet LAN expect trouble anyway: ARP flux etc unless you configure the system for this. Though this shouldn't make routes disappear in the routing table.
  
  – A.B
  Jun 7 at 21:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for your response @A.B. I've been playing with "ip -ts monitor" and that may help me figure out what exactly is going on at the time, since there's no real indication of if/when this is going to happen. Could you explain more about your second comment? The ARP table looks ok after the fact. Both routers have an entry in the ARP cache for their appropriate interfaces. I was trying to paste the ARP table but the response is too long. I guess I'm wondering what the issues might be? Thanks.
  
  – jetson23
  Jun 8 at 20:20
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  About "ARP flux" (that you could also search on internet):you have to check on the peer systems (including routers) that each (of you system) interface's IP has its own ARP entry with its MAC. Usually a single card's MAC is present for all IPs, thus forcing all incoming traffic through a single card. Sometimes you even have to disable rp_filter because of this.That's not a problem unless you rely on bandwidth or redondancy. Of course there are settings to make it behave as intended but it's not trivial (and there are questions on SF or UL SE about it, and two categories of answers for the fix)
  
  – A.B
  Jun 9 at 11:00
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks @A.B. I did some reading on ARP flux, and as it turns out, according to the sources I read, we had already set up our sysctl parameters to prevent this issue(arp_announce = 2 and arp_ignore = 1). So I don't think that's what's getting us. Going back to "ip -ts monitor", from the output I see that routes on our system become "STALE", and then are "PROBE"d and set to "REACHABLE", which I'm assuming means they responded to the probe. Would a route be removed if the router didn't respond? What happens if there's heavy traffic and the response packet happens to get dropped?
  
  – jetson23
  Jun 10 at 19:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  run instead: ip -ts monitor link , ip -ts monitor address , ip -ts monitor route. stale reachable etc is about ARP (with ip neighbour) and thus not about routes.
  
  – A.B
  Jun 10 at 21:11
  

  
  
  
  

add a comment | 

1

Linux dropped routing cache for IPv4 (only) in kernel 3.6. That's described there for example: David Miller: routing cache is dead, now what ?. It relies now only on LPC-trie for performance. So as far as I understand there's no route garbage collection done for IPv4 on SLES12 which should be at least kernel 3.12 if not higher.

You could keep the command ip -ts monitor running and log its output for later analysis to find what's going on, especially around when the route disappeared. For example maybe some address also disappeared and reappeared, while leaving the route lost?

share|improve this answer

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  But if several interfaces are using the same IP LAN on the same ethernet LAN expect trouble anyway: ARP flux etc unless you configure the system for this. Though this shouldn't make routes disappear in the routing table.
  
  – A.B
  Jun 7 at 21:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks for your response @A.B. I've been playing with "ip -ts monitor" and that may help me figure out what exactly is going on at the time, since there's no real indication of if/when this is going to happen. Could you explain more about your second comment? The ARP table looks ok after the fact. Both routers have an entry in the ARP cache for their appropriate interfaces. I was trying to paste the ARP table but the response is too long. I guess I'm wondering what the issues might be? Thanks.
  
  – jetson23
  Jun 8 at 20:20
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  About "ARP flux" (that you could also search on internet):you have to check on the peer systems (including routers) that each (of you system) interface's IP has its own ARP entry with its MAC. Usually a single card's MAC is present for all IPs, thus forcing all incoming traffic through a single card. Sometimes you even have to disable rp_filter because of this.That's not a problem unless you rely on bandwidth or redondancy. Of course there are settings to make it behave as intended but it's not trivial (and there are questions on SF or UL SE about it, and two categories of answers for the fix)
  
  – A.B
  Jun 9 at 11:00
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks @A.B. I did some reading on ARP flux, and as it turns out, according to the sources I read, we had already set up our sysctl parameters to prevent this issue(arp_announce = 2 and arp_ignore = 1). So I don't think that's what's getting us. Going back to "ip -ts monitor", from the output I see that routes on our system become "STALE", and then are "PROBE"d and set to "REACHABLE", which I'm assuming means they responded to the probe. Would a route be removed if the router didn't respond? What happens if there's heavy traffic and the response packet happens to get dropped?
  
  – jetson23
  Jun 10 at 19:48
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  run instead: ip -ts monitor link , ip -ts monitor address , ip -ts monitor route. stale reachable etc is about ARP (with ip neighbour) and thus not about routes.
  
  – A.B
  Jun 10 at 21:11
  

  
  
  
  

add a comment | 

Linux dropped routing cache for IPv4 (only) in kernel 3.6. That's described there for example: David Miller: routing cache is dead, now what ?. It relies now only on LPC-trie for performance. So as far as I understand there's no route garbage collection done for IPv4 on SLES12 which should be at least kernel 3.12 if not higher.

You could keep the command ip -ts monitor running and log its output for later analysis to find what's going on, especially around when the route disappeared. For example maybe some address also disappeared and reappeared, while leaving the route lost?

share|improve this answer

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges

share|improve this answer

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges

answered Jun 7 at 21:45

A.BA.B

2,20922 gold badges88 silver badges1717 bronze badges