Migrating from PPP to DHCPo82
Mike
mike-nanog at tiedyenetworks.com
Mon Nov 8 16:50:08 UTC 2010
MKS wrote:
> Hi list
>
> I work for an small ISP, which does traditional xDSL service with PPPoE.
> Currently we are in the process of migrating most of our customers to
> DHCP (some customers are getting new CPEs and some will be sw upgraded
> remotely ). It would be great if someone has the time to share their
> experience (on- or offline) from such a migration. Common pitfals and
> perhaps what whey would do differently "next time".
> I know that every network is different but I believe that there are
> some general concerns, specially around security of DHCP and security
> features for vendors around DHCP and DHCP snooping etc.
>
>
We run PPPoE for the reasons that it's easier to manage and account for
and does not rely on the middle layer for any security (implemented at
the pppoe concentrator). There are also technical features we like, such
as being able to route subnets easilly, and per-user filtering rules if
necessary, as well as a high level of integration with radius that
really makes things sing along.
A downside is rampant poor, non-compliant and downright buggy pppoe
client implementations. It's gotten better over the years with more
linux replacing other embedded development tool sets but still, it's
downright criminal sometimes what that lower end consumer junk does in
the field - and ALWAYS, being resolved by pulling the power and cycling
it... <sigh>
I've recently implemented PPPoE Intermediate agent support as a patch
against the opensource RP-PPPOE server software, along with
documentation on integrating it with freeradius, and this enables you to
ditch completely the username / password and just go with DSLAM port-id
based authentication, reducing the strain on your support staff as end
users forget or lose this otherwise most critical information. For
anyone who cares, the code is on sourceforge -
http://ilc-ppp.sourceforge.net
Mike-
More information about the NANOG
mailing list