Edge router sending ARP requests out WAN interface - How to stop

RouterOS General
1

So, Should be simple (hahah) - but I need to stop my edge router from sending out ARP requests the WAN interface for a subnet that is local to the router (kinda).

So stuff like this is coming from my WAN interface to my upstream provider:
Routerbo_XX:XX:XX Broadcast ARP 72 Who has XXX.XXX.XXX.77? Tell XXX.XXX.XXX.1

Now this IP (.1) is on my WAN interface, but I have IP’s in this subnet that are assigned to PPPoE Clients that are routed to internal interfaces. A /30 IP routes my .1 to my upstream provider.

At the end of the day - I think that I need to block arp requests going back out the WAN interface looking for other IP’s on my .1 network - but I am not clear on how to do that / or it I really want to.
My upstream provider is complaining that the requests are flooding their interface, so I have to do something. I know that it is somewhat normal for this to happen as IP scanning tools out there are prolly scanning the subnet that the .1 is on.

Basically as this is my edge router - what is the best practice? Move my .1 to the internal interface? Craft a firewall rule that drops arp requests on the WAN interface? Not sure how to combat this as I dont like the options I have laid out.

Open to suggestions!

2

Pull the plug, is another option :laughing:

Serious,
a quick search provides this thread:
http://forum.mikrotik.com/t/arp-block/46409/1

3

Aaa Yes, this may help -

but open to other suggestions too if they are out there.

4

Is the subnet routed to you? Do you have proxy-ARP enabled on any interfaces? An export of the configuration would help.

5

“An export of the configuration would help.”
Working on that - it will be a bit as there is a lot and I dont want to give out public IP info - or too much internal IP info.

The subnets are advertised by us to upstream provider via BGP.
IE we have a BGP session with our upstream provider and advertise our two /24 subnets to them.