I am a network admin for a true Wireless Internet Service Provider or WISP. The wireless equipment we use is a level two networking device. So our entire network is basically a huge bridge.

Our main router is running Red Hat 9 and we are using IPTables along with IP Forwarding.

We have multiple mountain tops with our wireless equipment. Each POP or point of presence runs into a building at the base of the tower, where we have at least one computer. Most of the computers are running Red Hat 9 with 5-6 network cards. These cards are bridged together and I have patched the kernel with the bridge-nf package.

Our network is having some problems. Broadcast storms take over the network every now and then. The main problem with that is we are using Spanning Tree. When a storm comes around the STP packets can't get to their destination so the box opens all the ports and that causes an ethernet ring, which makes the storm much much worse.

I really want to create redundancy and reliability on our wireless network while using Linux to connect the multiple wireless links to other mountains.

Here is a simple diagram of our network. Notice we have two or more paths from every location.

Mtn\ /---- Mtn
| \ / / |
| |----------------- NOC---------------------/ / |
| / |
| /------------------------- Provider------------/ |
| / \ |
Mtn/ \--------------- Mtn

Can this be done with Linux or do I need to just go ahead and use Cisco.

Sorry the diagram came out so terrible. Looks like all the spaces disappeared.

I'm sorry I don't know enough about iptables / ipchains to help, but I know that using ....'s is a workaround for the diagram

I'm not sure I understand the diagram, but isn't STP more designed to prevent duplictate routes and alert the netop rather than to be used as tool to manage a redundant network? I'm not sure you'd get different results with a Cisco (I have a Foundry switch, and STP has caused countless incidents).

I would first try to understand the broadcast storms. Maybe you can divide up your (presumably) /24 network in 4 or 8 smaller networks with 64 or 32 IP's each, routed at your headquarters. Then you can localize broadcasts better.

I'm afraid I have no more ideas. Good luck.

mlp

Right, I would do away with the bridge architecture. If you have all those clients bridged together in the same broadcast domain, that's asking for problems. With all the chatty network protocols out there that like to broadcast (NetBT, and others like it) clients can cause a nightmare without trying, not to mention what malicious clients can do...

Could you provide a few more details, though? For instance, are the wireless links being used simply to connect sites (POPs)? If so, what addresses are being given out from the POP? Are they on the same network (bridged) or different (routed)? If you were using routed networks locally, that would contain broadcast storms to local segments and they wouldn't be amplified across your wireless bridge. That way you could contain troublemakers, or are you doing that already (it's not clear)?

If you're already doing that and still having problems with broadcasts, then I'm really not sure what you can do (you need the wireless stuff to bridge for a mesh topology). Have you identified the cause of broadcast storms? Is it something that you can turn off? Can you disable your end-point boxen from listening on the broadcast address (I know that's possible in *BSD, for example)? Have you thought of simply using netfilter/iptables at the POPs to block the forwarding of broadcast traffic?

There are definitely some things that commercial gear would be better for, but in this case I think it's a network design problem rather than a software/hardware limitation.