problem with packet storm

RouterOS General
1

I have a bridging network 10.10.0.0/16.
last 48h i have problem with packet storm wich is blocking my complete network on 60 sec, and that is happening every 10-15 minutes.
does anyone know what is the problem.

2

Hi,

you have to send us more information about your network. There may be more reasons for packet storm in a bridged network.
In your case it looks like a station sent a broadcast packet and some bug in your topology (or in a device) causes the packet is resend many times. From my experience it may occurs when:

  • there is an unblocked bridge loop in your network. It means a packet which goes out from a bridge will return back through different interface of the same bridge. You should prevent such loops. Loops itself is not a bad think - if you are using Spanning Tree (or RSTP) to detect and block the loops (a line is held in inactive state until another line stops working). If your topology is full bridged (i.e clients are not behind router (really bad thing) the problem can occurs if 2 clients create a link between their homes)
  • there is a device in network which doesn’t work properly. For example we had problems with Proxim BSU (related to some older firmware version on client station in router mode) which caused the BSU started to transmit thousands of packets per second to our network (good to have smart switches which disable the port if amount of packet reaches some configured level)
  • you can have storms in the case of improper router configuration - one router A sends the packet to router B but router B thing the target IP should go to router A. Fortunately TTL will cause the packets will not ping-pong between routers for long time. But if these packets occurs frequently you can have big troubles.
  • and of course that the station which sent the broadcast packet may be is sending all the amount of packets too (buggy application, attack etc)

Regards
D. Toman

3

in my case, I have full bridge network, most of units is mikrotik (about 40) and there is 2-3 D-LINK dwl-g700 and it happends that from those d-links packet storm is starting. I have blocked trafic to and from those d-links by UDP protocol, and for now everything looks normal.