Community discussions

 
kozmonov
newbie
Topic Author
Posts: 34
Joined: Mon Dec 19, 2011 1:14 am

Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 8:48 pm

I am considering blocking Broadcast and Multicast traffic through my network. Im just not sure what the ramifications are of doing so...

What services would I be blocking if I drop all broadcast and multicast packets?
(Discovery, NTP, OSPF, ... ?)
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 10:12 pm

You would effectively shut down your network....IPv4 requires Layer2 multicast and broadcast for ARP to work along with a number of other protocols.

Limiting the rate of broadcast/multicast traffic would be a better solution...you accomplish this by turning on the firewall for bridge traffic in bridge settings and writing rules to limit broadcast/multicast appropriately.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
kozmonov
newbie
Topic Author
Posts: 34
Joined: Mon Dec 19, 2011 1:14 am

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 10:27 pm

You would effectively shut down your network....IPv4 requires Layer2 multicast and broadcast for ARP to work along with a number of other protocols.

Limiting the rate of broadcast/multicast traffic would be a better solution...you accomplish this by turning on the firewall for bridge traffic in bridge settings and writing rules to limit broadcast/multicast appropriately.

I see. Is there any way to distinguish the traffic, arp or otherwise? If I was using a static apt table, would blocking multicast/broadcast prevent clients from communicating with the gateway? Would doing so also isolate clients from each other on this network?

Thanks for the response.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 10:30 pm

Is your goal to isolate clients at Layer 2?
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
kozmonov
newbie
Topic Author
Posts: 34
Joined: Mon Dec 19, 2011 1:14 am

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 10:43 pm

Is your goal to isolate clients at Layer 2?

Yes, definitely. I'm also not sure what an acceptable level of broadcast/multicast traffic would be on a medium sized bridged network.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 11:11 pm

Wireless, Wired or Both?
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 11:11 pm

Wireless, Wired or Both?
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
kozmonov
newbie
Topic Author
Posts: 34
Joined: Mon Dec 19, 2011 1:14 am

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 11:27 pm

Wireless, Wired or Both?

It's both. At the head end, I have a tough switch powering various access points, though. Can't do port isolation without implementing VLANs first on those devices..

So while clients can't speak with their next door neighbors (attached to the same rb2011 or cloud router switch), they could communicate with clients connected to other access points.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Block Broadcast and Multicast, Consequences of doing so?

Sun May 18, 2014 11:39 pm

For wireless - check the following setting on the WLAN

ros code

default-forwarding=no
For wired

it varies depending on the switch, but Private VLANs/Port Isolation are the way to go.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com

Who is online

Users browsing this forum: Google [Bot], MSN [Bot] and 77 guests