I've been curious how many of the 435 registered gateways were reachable, so I collected ICMP unreachable messages during a recent RIP transmission (which of course sends to every gateway) and got the following: 33 gateways aren't reachable or are rejecting inbound IPIP packets
I think it would be a good idea to somehow keep track of this information and remove or at least mark inactive those gateways for which this condition persists for some amount of time. Especially when protocol 4 is rejected. Host unreachable could be because the internet is down or the power is out, but an explicit protocol 4 rejected indicates nonexistent configuration, that could temporarily exist because e.g. new system has just been installed that has not been configured yet, but should not persist for longer than say 2 weeks. The operator can alwayes re-enable or re-add the gateway when he has found the opportunity to re-install it.
Rob
Unfortunately, there's no simple way to automate this; it's a rather complex manual process now, mostly involving gathering tcpdump output and editing and sorting it. Not easy to script because of the varying messages that come back.
I found this interesting: it seems that some tcp/ip implementations don't deal with protocol 4 very well; they're returning port unreachable errors for a protocol that doesn't have any ports. - Brian
On Thu, May 11, 2017 at 07:04:11PM +0200, Rob Janssen wrote:
I think it would be a good idea to somehow keep track of this information and remove or at least mark inactive those gateways for which this condition persists for some amount of time. Especially when protocol 4 is rejected. Host unreachable could be because the internet is down or the power is out, but an explicit protocol 4 rejected indicates nonexistent configuration, that could temporarily exist because e.g. new system has just been installed that has not been configured yet, but should not persist for longer than say 2 weeks. The operator can alwayes re-enable or re-add the gateway when he has found the opportunity to re-install it. Rob
Long ago on ampr.org was a daemon that TELNETTing to it on a certain port (dont remember the exact port) returned a list of all the gateways and Ping statistics
maybe we can use this mechanism
Ronen - 4Z4ZQ
________________________________
Unfortunately, there's no simple way to automate this;
I turned that feature off years ago for three main reasons: 1. a LOT of gateway operators have disabled ping on their gateways. 2. it revealed all the gateway addresses. 3. the code got old and I didn't feel like updating it. Sorry. - Brian
On Thu, May 11, 2017 at 06:05:16PM +0000, R P wrote:
Long ago on ampr.org was a daemon that TELNETTing to it on a certain port (dont remember the exact port) returned a list of all the gateways and Ping statistics maybe we can use this mechanism Ronen - 4Z4ZQ
-
Brian Kantor -
R P -
Rob Janssen