28 Apr
2017
28 Apr
'17
3:17 p.m.
That is the Mirkotik discovery protocol indeed. I
struggled with this too at first until I found that you can enable/disable it on select
interfaces. By default it sends and listens on all interfaces. I'll post a small
tutorial on where to find and disable it per interface when I arrive at work (unless
someone beats me to it)
I also firewalled in&outbound that on all but my internal interfaces just to be extra
certain. I would recomend everyone doing so too unless you need it for some reason on an
external interface.
Like with Cisco's CDP or Juniper's LLDP, you normally don't need it on
external interfaces.
Well, actually it would not be so bad to run this, and implement a receiver program on
amprgw and other gateways.
It provides useful info about what is at the other end of the tunnel, including the IP
address of the router,
software version, identity, etc.
When everyone would be running this, you would have an immediate overview about which
tunnels are alive, etc.
A bit problematic could be that the router likely sends all packets at the same time and
thus some 400 packets
are queued for output at once, clogging up the internet interface.
Rob