packets storm in a network

gianluca · November 13, 2005, 12:43am

We probably are a lot using an all bridged network to connect our clients.
we use pppoe to connect clients to our MK OS pppoe concetrator and gateway.

we are having problems with storms that are blocking the functioning of the network.

I suppose that with the correct rules on /interface bridge filter we can limit the broadcast packets, avoid ip storm and/or arp storms etc..

My idea is to allow pppoe and the network of my equipment (192.168.x.x) and to drop all other packets.

0 chain=forward mac-protocol=ip src-address=192.168.5.0/24 action=accept

1 chain=forward mac-protocol=ip dst-address=192.168.5.0/24 action=accept

2 chain=forward mac-protocol=0x8863 action=accept

3 chain=forward mac-protocol=0x8864 action=accept

4 chain=forward action=drop

But this way it dont work correctly, pings on my network sometimes dont work at all and I am not sure that I stop everything. In /ip firewall filter forward I can still see packets that are not pppoe nor 192.168.5.x

anybody else with same situation ?

gianluca · November 14, 2005, 7:41pm

can anybody help me on this ?

HarvSki · November 24, 2005, 3:32pm

You have the answer - ROUTE!

Sorry Gianluca I had to point that one out again…

Did you try using EoIP to bridge your rotuers together over a routed network, this will allow the PPPoE to goto the PPPoE A/C.

gianluca · November 24, 2005, 4:03pm

I suppose that the solution is to have smalls broadcast domains. This can be achived through:

VLAN
Routing
firewallimg the broadcast

n.2 is the most logical one
n.1 is also a good option

can you explain a litle bit more about rounting and EoIP ?
thnkas