PADI Packet Flood - Bridged Networks - Networking

This is a discussion on PADI Packet Flood - Bridged Networks - Networking ; Here's the situation that I am looking for help with. We have been and WISP for a couple years, using internal LAN IP addresses in the 192.168.XXX.XXX realm. We've recently had many requests for businesses wanting public IP addresses. So ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: PADI Packet Flood - Bridged Networks

  1. PADI Packet Flood - Bridged Networks

    Here's the situation that I am looking for help with.

    We have been and WISP for a couple years, using internal LAN IP
    addresses in the 192.168.XXX.XXX realm. We've recently had many
    requests for businesses wanting public IP addresses. So I set up a
    CentOS linux Bridge: one ethernet card in the internal network, the
    other on the public network switch. Both network cards do not have an
    IP address in them, but the bridge has a public IP so that I can SSH
    into the box to monitor any problems.

    It had been working great for a while, until we started having a
    problem. Seemingly at random, the network performance just drops. When
    I run a tcpdump, it is flooded with hundreds of PPPoE PADI requests:

    "PPPoE PADI [Service-Name] [Host-Uniq "ATWPPPOE"] [EOL]" Over and over
    again.

    The only way to get the network up and running again is to "ifconfig
    bridge-name down" then "ifconfig bridge-name up". I can't sit and
    monitor this all day and want to find a way around it. And if I do
    this remotely, it knocks my bridge IP address out and I have to go to
    location and reset it.

    Any of the following work-around will do:
    -filtering these packets so they stop flooding my network (with
    iptables or something similar)
    -responding to these packets in such a way as to stop them from
    attempting to connect over and over
    -finding the source of these packets and stopping whatever it is from
    connecting
    -finding the source of these packets and smacking whomever is
    responsible upside the head

    Any other advise or suggestion is welcome.


  2. Re: PADI Packet Flood - Bridged Networks

    support@isotech-inc.com wrote:
    > Here's the situation that I am looking for help with.
    >
    > We have been and WISP for a couple years, using internal LAN IP
    > addresses in the 192.168.XXX.XXX realm. We've recently had many
    > requests for businesses wanting public IP addresses. So I set up a
    > CentOS linux Bridge: one ethernet card in the internal network, the
    > other on the public network switch. Both network cards do not have an
    > IP address in them, but the bridge has a public IP so that I can SSH
    > into the box to monitor any problems.
    >
    > It had been working great for a while, until we started having a
    > problem. Seemingly at random, the network performance just drops. When
    > I run a tcpdump, it is flooded with hundreds of PPPoE PADI requests:
    >
    > "PPPoE PADI [Service-Name] [Host-Uniq "ATWPPPOE"] [EOL]" Over and over
    > again.
    >
    > The only way to get the network up and running again is to "ifconfig
    > bridge-name down" then "ifconfig bridge-name up". I can't sit and
    > monitor this all day and want to find a way around it. And if I do
    > this remotely, it knocks my bridge IP address out and I have to go to
    > location and reset it.
    >
    > Any of the following work-around will do:
    > -filtering these packets so they stop flooding my network (with
    > iptables or something similar)
    > -responding to these packets in such a way as to stop them from
    > attempting to connect over and over
    > -finding the source of these packets and stopping whatever it is from
    > connecting
    > -finding the source of these packets and smacking whomever is
    > responsible upside the head
    >
    > Any other advise or suggestion is welcome.
    >


    Is it intended that there is PPPoE traffic, or is the link
    pure IP-on-Ethernet?

    Due to the high risk of collision of private addresses, I'd
    avoid the 192.168 block of the RFC 1918 networks.

    --

    Tauno Voipio
    tauno voipio (at) iki fi

  3. Re: PADI Packet Flood - Bridged Networks

    Thanks, that's kind of what I'm thinking to tell my bosses. It is
    just pure IP traffic on this network. I finally figured out how to
    eliminate the issue. I set up ebtables on my bridge from
    http://ebtables.sourceforge.net/ and used their "Simple Example" to
    get it working. Since then, I've tweaked it to better suit our
    needs. Other than that, we actually have decided to use an altogether
    different frequency for our business customers (on public IP
    addresses), and just charge extra for residential customers want
    public IP addresses.


+ Reply to Thread