MikroTik

can anyone tell me why this is happening. i am facing this at incoming direction.

What is connected there?

it's normal, probably have windows machines on this interface, try to "took" each other)

Sent from my LG-H502 using Tapatalk

that interface is connected to a city wide lan of my isp and have a /24

Then what can you do? When an ISP deploys that kind of thing you will have to live with the effects.

are you using proxy-arp?

that interface is connected to a city wide lan of my isp and have a /24

i have seen /22 subnets without this behavior something has to be wrong

chechito you'll be surprised to see more than one (and two) ISP setups, obviously they're not L2-isolating customers downlinks.

Cutedrummerboy: I'd try speaking directly to the ISP. If they're limiting you at the router you're losing bandwidth.

Can you describe in detail your setup? (equipment, wiring)

i have seen /22 subnets without this behavior something has to be wrong

The problem could be that the provider offers proxy-arp on their router, and the customers do not bother to set
the default gateway in their router but rely on that proxy-arp. In that case, they will probably run in performance
or memory problems, but maybe they do not notice. You are the victim because you see all that arp traffic too.

However, even without proxy arp this is not a good setup. When some other user is not online and gets a
serious amount of incoming traffic, there will be constant arping for his address (especially with a bad router
that does not have some form of arp rate limiting).
It may be that someone is a victim of a DDOS attack and has decided to shut down his router to sit it out,
and then you are confronted with the arp traffic that results from it.

Again, when an ISP makes deployments like this there is little you can do.
(other than pointing them to the weaknesses of their "simple and elegant" solution to metro networking)

The first thing to do is make a trace using the packet sniffer and find the details of the arp traffic. Who is
(claiming to) sending it, what address are they arping for? Is that inside or outside the subnet?
This info will bring you towards the cause of the problem and maybe a solution.

so ether2 is ur inbound traffic from ur ISP to ur router? but why not using ur ether1 interface?
im curious too what packet is that. based on my experience, its very difficult to trace who sending it and what add they arping it.

so ether2 is ur inbound traffic from ur ISP to ur router? but why not using ur ether1 interface?
im curious too what packet is that. based on my experience, its very difficult to trace who sending it and what add they arping it.

No, that is not difficult at all! Just trace to a file and examine it in wireshark.
The problem is when it is from outside (i.e. triggered by outside traffic coming in through the router).

well my isp use a router called flash router made by http://ipacct.com/en/home/. they give me one ip address and i configured NAT on ether2.
and they run PAT on their router. before that flood my ARP configuration was just enable, after that i make the gateway in ip/arp static and interface arp reply only.

well my isp use a router called flash router made by http://ipacct.com/en/home/. they give me one ip address and i configured NAT on ether2.
and they run PAT on their router. before that flood my ARP configuration was just enable, after that i make the gateway in ip/arp static and interface arp reply only.

I hope you have a default route configured to point to their gateway and others do that as well.
When people configure their_ip/0 on the interface and no route, and they answer proxy-arp, then things
will work but there will be extreme ARP traffic and their router's ARP table will be large.

To find out what is exactly happening you need to trace (packet sniffer) and analyze the situation.