arp病毒导致No buffer space available错误

今天在客户现场做IT外包服务时发现ping vpn网关出现一个奇怪问题:

[root@aiobox ~]# ping 10.0.0.1
connect: No buffer space available
[root@aiobox ~]# uptime
10:55:28 up 381 days, 13:15,  1 user,  load average: 35.84, 41.40, 39.83

以前从未出现过, tail -f /var/log/messages 发现

Oct 22 10:55:48 aiobox kernel: printk: 975 messages suppressed.
Oct 22 10:55:48 aiobox kernel: Neighbour table overflow.
Oct 22 10:55:53 aiobox kernel: printk: 1076 messages suppressed.
Oct 22 10:55:53 aiobox kernel: Neighbour table overflow.
[root@aiobox ~]# tcpdump -vvv -n arp
11:02:42.045166 arp who-has 10.3.225.176 tell 10.0.0.93
11:02:42.045935 arp who-has 10.0.215.130 tell 10.0.0.93
11:02:42.045976 arp who-has 10.3.159.42 tell 10.0.0.93
11:02:42.046484 arp who-has 10.0.239.125 tell 10.0.0.93
11:02:42.046523 arp who-has 10.0.255.62 tell 10.0.0.93
11:02:42.047807 arp who-has 10.5.112.146 tell 10.0.0.93
11:02:42.048344 arp who-has 10.1.27.203 tell 10.0.0.93
11:02:42.048570 arp who-has 10.5.9.139 tell 10.0.0.93

发现不断有机器发arp, 看来是93这台机器中毒后导致的不断发arp消息,把服务器的arp表冲爆了。

解决方法是, 服务器不做任何调整,在93这个病毒机器上杀毒。

PS.  网上说的调整gc_thresh123的方法,是治标不治本的办法,适当调大是可以的。

关闭93这台机器后:继续ping  .5->.1

[root@aiobox ~]# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From 10.0.0.5 icmp_seq=3 Destination Host Unreachable
From 10.0.0.5 icmp_seq=4 Destination Host Unreachable
From 10.0.0.5 icmp_seq=5 Destination Host Unreachable
From 10.0.0.5 icmp_seq=6 Destination Host Unreachable
From 10.0.0.5 icmp_seq=7 Destination Host Unreachable
64 bytes from 10.0.0.1: icmp_seq=8 ttl=64 time=0.269 ms
64 bytes from 10.0.0.1: icmp_seq=9 ttl=64 time=0.276 ms
64 bytes from 10.0.0.1: icmp_seq=10 ttl=64 time=0.229 ms
64 bytes from 10.0.0.1: icmp_seq=11 ttl=64 time=0.236 ms
64 bytes from 10.0.0.1: icmp_seq=12 ttl=64 time=0.200 ms
64 bytes from 10.0.0.1: icmp_seq=13 ttl=64 time=0.208 ms
64 bytes from 10.0.0.1: icmp_seq=14 ttl=64 time=0.226 ms

OK,观查一段时间后问题确定解决了!

Social tagging:

Comments are closed.