Hello all,
I'm have some issues setting up a bridge. We recently co-located a
router in a data canter. The machine is a a soekris 5501 running
openbsd4.4.
The interfaces use the vr drivers.
A machine belonging to someone in our cabinet is sending out about
100000 packets/second of udp traffic on port 42. When I try to put my
primary interface into bridge mode my machine locks up. I'm assuming
this is because it can't handle the amount of packets flowing past the
interface. Could anyone indicate whether or not this could indeed be
the problem or if I'm completely off base here. The admin at the data
center seems to think my box should be able to handle that amount of
traffic just fine.
The problem is not as pronounced when PF is disabled. The machine
still crawls to a virtual standstill but I can at least do a ctrl-c on
a tcpdump to stop it. The only way to get back at the command line
when PF is enabled is to unplug the ethernet cable.
When I DO a tcpdump I get millions of the following:
23:25:10.082217 00:0b:db:93:fb:70 01:00:5e:00:01:18 0800 60:
74.255.56.30.42 > 224.0.1.24.42: udp 16
Cancelling the dump it reports for instance 200000 packets received by filter
198000
packets dropped by kernel
I can provide more details on the box if needed but I would just like
some advice on what I can do about this.
Is there a way to ignore all packets coming from a certain MAC address
on layer 2?
Is there anyway possible that this is 'legitimate' traffic?
Is there any other way to create a filtering bridge without putting
interfaces into promiscuous mode?
Thanks for any advice, would really appreciate it.
Steve
