I am calling them excessive, because they fill up the firewall log file in 1 minute. This router was provided to me by my ISP, and I cannot control the firewall rules that allow or block communications, I can only open or close network ports.
I have GPON. The setup that my ISP provided me was a Router and a ONT. I noticed that the ONT and Router always had Ethernet activity between them (I firstly noticed this a couple of years ago), even when no devices where connected to the Router. I have also been noticing an increase in CPU usage from my router (The one provided by the ISP). The load average for the CPU would normally be 1.00. The firewall log kept filling up with block connections coming from 10.x.x.x IP's to the multicast VRRP IP 214.0.0.18.
I plugged a computer to the ONT Ethernet port and ran a wireshark capture. Behind the Wan port are 3 VLANS, one for Data (internet access), another for voice, and another for IPTV. I didn't do any configurations regarding vlans, I just connected my computer to the ethernet port in the ONT without configuring anything.
I could see lots of VRRP broadcasts. They come from 2 different routers (on the ISP infrastructure) that are doing VRRP broadcast, the broadcasts are done every 1 second. One of the routers in the Voice Wan, and the other one in the IPTV Wan.
208 559.061863 10.240.143.252 224.0.0.18 VRRP 90 Announcement (v2)
212 559.258679 10.93.255.252 224.0.0.18 VRRP 64 Announcement (v2)
VRRP 9000 entries in wireshark: https://i.imgur.com/pN1a5rd.jpg
I suppose these connections are harmless, but should they be received and blocked by my router? It seems to swamp the cpu, it's usually at 100%, and I suspect this is why. The firewall log lists something like this:
Blocked - Default policy | PT 112 10.240.143.252->224.0.0.18 on stb_wan Blocked - Default policy | PT 112 10.93.255.252->224.0.0.18 on voice_wan
Usually the firewall log is full after 1 minute, and next entries are discarded.
I am believing the high cpu load is due to the constant firewall blocking. Broadcasts repeat every second, there's 2 routers on different vlans broadcasting, 2 blocks per second all the time. Thinking like this, it doesn't seem like a lot, it's only 2 connections.
I would like to know more about VRRP, are VRRP broadcast supposed to make it to the my home router (CPE)? Is this normal to be seen in GPON. Shouldn't these packets be blocked by a upstream switch? Is something possibly miss configured in my ISP? Is VRRP how the router gets it's IP address for the VOIP calls? I could be wrong, but I think these packets are harmless, and a nonsense that adds to the cpu load.