Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am a network admin for a true Wireless Internet Service Provider or WISP. The wireless equipment we use is a level two networking device. So our entire network is basically a huge bridge.
Our main router is running Red Hat 9 and we are using IPTables along with IP Forwarding.
We have multiple mountain tops with our wireless equipment. Each POP or point of presence runs into a building at the base of the tower, where we have at least one computer. Most of the computers are running Red Hat 9 with 5-6 network cards. These cards are bridged together and I have patched the kernel with the bridge-nf package.
Our network is having some problems. Broadcast storms take over the network every now and then. The main problem with that is we are using Spanning Tree. When a storm comes around the STP packets can't get to their destination so the box opens all the ports and that causes an ethernet ring, which makes the storm much much worse.
I really want to create redundancy and reliability on our wireless network while using Linux to connect the multiple wireless links to other mountains.
Here is a simple diagram of our network. Notice we have two or more paths from every location.
I'm not sure I understand the diagram, but isn't STP more designed to prevent duplictate routes and alert the netop rather than to be used as tool to manage a redundant network? I'm not sure you'd get different results with a Cisco (I have a Foundry switch, and STP has caused countless incidents).
I would first try to understand the broadcast storms. Maybe you can divide up your (presumably) /24 network in 4 or 8 smaller networks with 64 or 32 IP's each, routed at your headquarters. Then you can localize broadcasts better.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Right, I would do away with the bridge architecture. If you have all those clients bridged together in the same broadcast domain, that's asking for problems. With all the chatty network protocols out there that like to broadcast (NetBT, and others like it) clients can cause a nightmare without trying, not to mention what malicious clients can do...
Could you provide a few more details, though? For instance, are the wireless links being used simply to connect sites (POPs)? If so, what addresses are being given out from the POP? Are they on the same network (bridged) or different (routed)? If you were using routed networks locally, that would contain broadcast storms to local segments and they wouldn't be amplified across your wireless bridge. That way you could contain troublemakers, or are you doing that already (it's not clear)?
If you're already doing that and still having problems with broadcasts, then I'm really not sure what you can do (you need the wireless stuff to bridge for a mesh topology). Have you identified the cause of broadcast storms? Is it something that you can turn off? Can you disable your end-point boxen from listening on the broadcast address (I know that's possible in *BSD, for example)? Have you thought of simply using netfilter/iptables at the POPs to block the forwarding of broadcast traffic?
There are definitely some things that commercial gear would be better for, but in this case I think it's a network design problem rather than a software/hardware limitation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.