PADI Packet Flood - Bridged Networks

Here's the situation that I am looking for help with.

We have been and WISP for a couple years, using internal LAN IP
addresses in the 192.168.XXX.XXX realm. We've recently had many
requests for businesses wanting public IP addresses. So I set up a
CentOS linux Bridge: one ethernet card in the internal network, the
other on the public network switch. Both network cards do not have an
IP address in them, but the bridge has a public IP so that I can SSH
into the box to monitor any problems.

It had been working great for a while, until we started having a
problem. Seemingly at random, the network performance just drops. When
I run a tcpdump, it is flooded with hundreds of PPPoE PADI requests:

"PPPoE PADI [Service-Name] [Host-Uniq "ATWPPPOE"] [EOL]" Over and over
again.

The only way to get the network up and running again is to "ifconfig
bridge-name down" then "ifconfig bridge-name up". I can't sit and
monitor this all day and want to find a way around it. And if I do
this remotely, it knocks my bridge IP address out and I have to go to
location and reset it.

Any of the following work-around will do:
-filtering these packets so they stop flooding my network (with
iptables or something similar)
-responding to these packets in such a way as to stop them from
attempting to connect over and over
-finding the source of these packets and stopping whatever it is from
connecting
-finding the source of these packets and smacking whomever is
responsible upside the head

Any other advise or suggestion is welcome.

(E-Mail Removed) wrote:
> Here's the situation that I am looking for help with.
>
> We have been and WISP for a couple years, using internal LAN IP
> addresses in the 192.168.XXX.XXX realm. We've recently had many
> requests for businesses wanting public IP addresses. So I set up a
> CentOS linux Bridge: one ethernet card in the internal network, the
> other on the public network switch. Both network cards do not have an
> IP address in them, but the bridge has a public IP so that I can SSH
> into the box to monitor any problems.
>
> It had been working great for a while, until we started having a
> problem. Seemingly at random, the network performance just drops. When
> I run a tcpdump, it is flooded with hundreds of PPPoE PADI requests:
>
> "PPPoE PADI [Service-Name] [Host-Uniq "ATWPPPOE"] [EOL]" Over and over
> again.
>
> The only way to get the network up and running again is to "ifconfig
> bridge-name down" then "ifconfig bridge-name up". I can't sit and
> monitor this all day and want to find a way around it. And if I do
> this remotely, it knocks my bridge IP address out and I have to go to
> location and reset it.
>
> Any of the following work-around will do:
> -filtering these packets so they stop flooding my network (with
> iptables or something similar)
> -responding to these packets in such a way as to stop them from
> attempting to connect over and over
> -finding the source of these packets and stopping whatever it is from
> connecting
> -finding the source of these packets and smacking whomever is
> responsible upside the head
>
> Any other advise or suggestion is welcome.
>

Is it intended that there is PPPoE traffic, or is the link
pure IP-on-Ethernet?

Due to the high risk of collision of private addresses, I'd
avoid the 192.168 block of the RFC 1918 networks.

--

Tauno Voipio
tauno voipio (at) iki fi

Thanks, that's kind of what I'm thinking to tell my bosses. It is
just pure IP traffic on this network. I finally figured out how to
eliminate the issue. I set up ebtables on my bridge from
http://ebtables.sourceforge.net/ and used their "Simple Example" to
get it working. Since then, I've tweaked it to better suit our
needs. Other than that, we actually have decided to use an altogether
different frequency for our business customers (on public IP
addresses), and just charge extra for residential customers want
public IP addresses.