He might be having problems with route table not getting enough nh entries
because of small neigh tables.
obviously FW1 is doing something weird:
Yann, try to increment the sizes of the arp tables, example:
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
Or use higher values if you want
On Tue, 17 Jul 2001, Andi Kleen wrote:
> On Mon, Jul 16, 2001 at 01:59:56PM +0200, Yann Dupont wrote:
> > Hello. We have a firewall here (Checkpoint FW 1), installed on a RH 6.2
> > Every week or so, the FW logs this error : dst cache overflow
> > and the routing stops.
> > Is changing the value of /proc/sys/net/ipv4/route (actually set to 4096)
> > a way to prevent this ? OR is this a kernel bug with this 2.2.16 realease ?
> > I CAN'T change the kernel, nor the distro, as the whole is under
> > contract ... and validated for this exact combination :(
> You can increase the /proc/sys/net/ipv4/route/gc_thresh sysctl trying to
> work around it, but likely it's a bug in the FW-1 kernel module.
> I would talk to Checkpoint.