SUMMARY: netstat -rn entries

From: jem@electriciti.com
Date: Mon Jun 03 1996 - 14:50:10 CDT


Hello,

I received seven (7) responses to my original query. For some, I did
not give enough information. But a couple responses had the correct
answer (AFAIK).

I have included the original query below. Also, I am listing some
additional information that was not included to help out anyone that
needs it.

JohnM

----- Begin Included Message -----

I need some help in understanding why I have so many entries
under netstat -rn. In my previous locations, I have usually
only had entries for the defaultrouter, localhost, and local
network (only one ethernet interface).

Now, I am faced with sun sparc 2s, not running gated or routed,
coming up with (in some cases) thousands of routes. I cleared
our the routes and now those with their routes flushed have
approximately 28 routes, after a couple of hours after flushing.

How are these routes being discovered and put in the routing
tables? Why have I never seen these before? Do I want this?

Thanks for any assistance you can give me.

JohnM

## John Mendenhall
## jem@electriciti.com
## Senior Network/Systems Administrator

----- End Included Message -----

Here is some additional information:

Running SunOS 4.1.4
_not_ running routed/gated (double checked!)
/etc/defaultrouter set up properly on all machines
no machine has multiple interfaces
multiple routers on the local network
no /etc/gateways file
no in.rdisc (not SunOS 5.x)

I would like to thank all of those who responded:

From: mrs@cadem.mc.xerox.com ("Michael Salehi x22725")
From: Leif Hedstrom <leif@netscape.com>
From: barmar@bbnplanet.com
From: "Daniel J Blander - Sr. Systems Engineer for ACS" <Daniel.Blander@ACSacs.com>
From: anderson@neon.mitre.org (Mark S. Anderson)
From: Chris Cox W0/G4JEC <chrisc@Chris.Org>
From: Scott Turvey <scottt@nacm.com>

The answers I liked the best, and that best fits our current environment
and changes that have occurred recently were from barmar@bbnplanet.com
and chrisc@Chris.Org.

Here is some sample entries from netstat -rn that illustrate some of
what they were talking about:

198.5.213.71 cs7 UGHD 0 3 le0
204.124.0.0 cs7 UGD 0 174 le0
default router UG 3 93645 le0
198.5.212.0 arc U 53 16099361 le0

The majority of entries were similar to the top (198.5.213.71), and point
to a router of ours (cs7) with frame relay lines hanging off of it.

Here are their responses:

-------
From: barmar@bbnplanet.com

They are probably due to ICMP Redirect messages being received from the
default router. If you have multiple routers on your network, whenever you
use the default router and it determines that one of the other routers is a
better route to the destination, it sends you a redirect. That causes you
to put an entry for that destination in the routing table.

For instance, if you have a router that connects to the Internet, and a
router that connects to other internal networks, you might set your default
router to the internal router. Then whenever you try to reach a site on
the Internet it will send a redirect telling you to use the Internet router
for that destination, and that will result in a routing table entry. Over
time, as you access more and more Internet sites, you'll get more routing
table entries.

One solution is to configure the hosts with static routes for all the
internal networks pointing to the internal router, and then set the default
router to the Internet router. But this could be an administrative
headache, as you would have to update every host if you added a new
internal network. Another solution is to run routed on the hosts and
configure the routers to send RIP advertisements.

-- 
Barry Margolin
BBN PlaNET, Cambridge, MA
barmar@bbnplanet.com
Phone (800) 632-7638 - Fax (617) 873-6351

------- From: Chris Cox W0/G4JEC <chrisc@Chris.Org>

Given that you say you're running no routing daemon, i would guess that they are being created by icmp redirect messages. This commonly happens when you have more than one router on a network, and your default router is notifying your workstation that there is a more direct route to the target than itself.

If you look at the roting table entry, you will probably see a D under the flags column for each of those routes. -- 73 Chris Cox W0/G4JEC

chrisc@smudge.g4jec.ampr.org chrisc@Chris.Org NIC Handle: CC345 Eleventh Hour Contest Group - North American Chapter; Minneapolis, MN Twin Cities Metro Area Network node (smudge.g4jec.ampr.org)

-----------------

Thanks again for all of the great replies. I appreciate the help!

JohnM

## John Mendenhall ## jem@electriciti.com ## Senior Network/Systems Administrator



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:00 CDT