Poor PPPoE providers and Ethernet flood

Entry, retreat or just a complaint about the fate of the villain and the provider

I am writing this habrapost in the hope of making life for Moscow subscribers of Akado, who are sitting through routers at expensive tariffs, a little clearer and maybe easier ...
(I’ll make a reservation right away - for the time being, I’m enikeyschik or advanced user, so the post does not pretend to be professional, but it may be accessible, understandable and relevant)
Approximate chronology of events is as follows:
Spring 2012 - purchase of a MikroTik RB751G-2HnD router in order to get full stable Internet speed (50Mbit / s in both directions)
Summer somehow works, but for some reason, Wi-Fi periodically gives out pings 200ms to the router, and the CPU load with usual web surfing is ~ 40%
The beginning of November - the situation is getting worse, the capacity in the evening drops to 20 mbps at best (usually no more than 5), I notice that at night the problem disappears by itself, there are vague suspicions ...
The second half of November - the call of the emergency services, calls to all the bells and the universal Achtung.
November 28 solution to the problem.

Beginning of the End

So, I lived somehow with the Internet Akado until November of this year, enjoyed life, secretly gave myself priority on traffic over my neighbors, when suddenly the Internet became completely bad, so that I was thinking about switching to browsers that have P2P YouTube plug-in, so that you can watch at least 720p on a beautiful FHD screen (for some reason, torrents could still be pumped out at an average of 15Mbit / s) ...
As a result, the opera, under which this plugin was found, categorically refused to download it: it simply produced a network error in the middle of the download. I decided “Enough to endure IT!”, Began to terrorize the support service, and later called the emergency services (well, at least they didn’t impute a false call) - to no purpose, “Directly there is speed” was the answer to me from the very beginning ... I started to sin on the microtic and play with the firmware, and to the call of specialists, I also replaced the router (with the same model) - just in case. In general, none of the acadas could even help me understand “where the pig is buried” ... It is worth saying that before the last appeals to the TP I still noticed that the physical interface of the traffic comes in the evenings a lot more than it goes to the local network through PPPoE connection. In general, I didn’t feel the support from zero support, even moral and that from the provider.

Emergency workers

About these nice guys in overalls and with a netbook on the edge, well, how can I not tell about these?
In general, the application was compiled, it noted separately (as I was assured in the TP) that I should call on my cell phone, that I did not use my home (although it was turned on), but no, we don’t usually look for easy ways!
It wakes me up by a home phone call (and the devil pulled my phone off the hook?) At about 3 o'clock in the afternoon (thanks to Habra, it was delicious at night) - "Is this from Akado, will you be home in an hour?" just yesterday?
Two specialists come (sensei and trainee, common practice, staff turnover, as I understand, there are worse than McDonald's (sensei, by the way, they just called me for a new job offer)), they look, they show that speed is ( they show from my laptop, the netbook did not want to be friends with speedtest) and that, they say, I want from them ... I explain 3 minutes that the reserve in the TP said that I needed to be helped to understand what kind of flood the interface goes even with PPPoE turned off ... it turned out that in the field they work quite adequately for themselves and my “message” reached them, seniors , realizing that I, in general, also do not have an extra chromosome, plaintively asked, “Can you connect to the corbin?”, I reply that I already had the good fortune to sit on the corbin and don’t even want to get involved with them, but I’ll definitely switch to on-line when he Zhulebino gets to, and now be so kind ...
In general, the emergency services telephoned with the administrator, quite so self-explanatoryly explained the situation, politely increased the number of routers I replaced from the 1st to the 5th and in general it is clear that I wanted to help and understood that the request was crooked, that he didn’t need anything here, it's time to leave ... in general, okay, they quarreled with the admin, the administrator noticed some completely inexplicable packet loss for me, started digging ...
In general, the emergency workers left me, and after a couple of hours I lost the link ... well, I think everything, the switch burned, I had a trouble in it, but no: I called the TP, they say that the rest of the house is in touch and that they will send a specialist tomorrow . I don’t mind, everything seems to be right, but the next day (literally half an hour ago, a neighbor (I signed a contract) called), it turned out that we were banned, we were such a bad DHCP server that was raised on the WAN interface ... Then I’ll probably start to resent : what the hell is a dhcp server? Yes, I raised DHCP on the WAN, but it was the Client, so that it was possible to ping the gate from the router during the visit of the emergency services ... as a result, today we had a normal Internet again, only I still have the router with the same DHCP settings. but today, for some reason, we are not banned ... In general, the deeper into the forest, the thicker n ... artists.

Kind people

My luck with me is simply wonderful, in all respects, my father, and, to put it mildly, “in the subject line” (so much so that I have optics before an apartment in Izhevsk, but I learned about any restrictions on traffic and tariffs exactly because I was always interested in what my dad was doing at work ...), so I quickly responded to my pleas for help and got into the situation right away: he said that it was normal for PPPoE to break the sausage and it was necessary to drive the provider either to give a local network service? OK. And why do I then have PPPoE requests from the entire segment for the incoming interface, and then let's do the opposite with the local network, but without this garbage? ”(Of course, it was easier said that this provider is just very lazy and greedy, but I really right now, emotions are over the edge, so I’m asking you to “Understand and forgive”), well, or set up access lists on the router and not let the router suffer from any garbage.
In general, that evening, after the departure of the emergency services and the inclusion of a 3g router on the phone (well, at least a mobile phone is decent and anlim is not expensive (oh, I would have gotten to grandmas without anlim, 1.5 GB for the night with my neighbors dragged I'm at war with the provider does not mean that the neighbors must suffer))), I sat down to look for where I could twist something in the router (it’s difficult to call an optimist, I didn’t have a particular faith provider) and here begins the witch and the payload of this post.
')

Bubnim and shaman

Immediately, I’ll make a reservation that even the microtic has a terminal mode and a terminal in the configuration utility, but, as I wrote, in this regard, I’m only an advanced user, in a word, it was more convenient for me to press buttons.
As it turned out, even finding references to ACL and access sheets in the manual to RouterOS is problematic, and I really don’t know, but “this is it so called” or something else, in general, to cut off extra traffic in Mac before processing by the main processor in the section Switch >> Rule:

the options window of the rule being created looks like this, the required fields are switches (from the list, in our case, the switch is only 1) and ports (physical interfaces of the switch):

and the action window looks like this, it is worth noting that there is no such action as Drop, but you can simply not transfer the packet to the CPU processing:

Separately, it should be noted that the switch rules do not have a sequence - they are all executed, so the sequence of creating rules does not matter.
Now we need to know, and from which poppy we need to process packets? To do this, we have a wonderful tool in the configurator itself (in the web admin area too) PPP >> PPPoE Scan:

- from here we take the Src MAC Address, the presence of the Dst address in my rule is rather overkill, it can be viewed in the window of the expected input interface, but this is not necessarily Interfaces >> Interface >> Port of interest:

Next, we simply create an “empty” rule without the redirect option and copying to the CPU (the mac protocol, in this case, is just overkill):

Everything, now it will work, but we can only feel it - the WAN will still show excess traffic (well, the switch received it).

Curtain, titles, postscript

There will only be further developments with the provider (if the events will be), you will not find anything technically curious here (although I initially warned that the article would be rather curious to Akado users, who are imbued with Akado's attitude to the client and realize that there prevails in the general mess ).
Actually, everything: I’m sitting with my megabits, and Akado is going to thoughtfully study my claim for 2 months about the fact that it’s extremely difficult to even extract critical data for setting up, and it’s ugly for the client ... By the way, they cannot even now place my instructions for resolving a problem on the site in the question and answer section (at least) and the problems themselves for many of their users for a long time are likely to remain inexplicable bugs with which they don’t by Can neither technical support nor the incoming driver. Approximately from such considerations I wrote this post and a link to it (if he ever sees the light of an open article) will appear on the microtic forum, where they could not help me at once, and on the forum of my favorite provider, where I haven’t seen in 3 days one answer.

Small PS: people (including Habra), be kinder and easier and do not, please spoil my karma even more ...