SIP on FTTH systems
Mikael Abrahamsson
swmike at swm.pp.se
Thu Feb 6 12:58:14 UTC 2014
On Thu, 6 Feb 2014, Mark Tinka wrote:
> End user authentication and management typically being done via PPPoE
> because that was the best and most secure way to manage customer
> connections (for some operators, still is).
Why do you need to authenticate the customer? Don't your documentation
system know the port/subscriber mapping? And why is this secure, instead
of being tied to a physical connection the customer can now take the
credentials and move? If the credentials are stolen, someone else can
impersonate that customer.
> By DHCP I mean an alternative to PPPoE-based authentication where Option
> 82 and friends can allow service providers to authenticate customers
> based on AN port, MAC address, VLAN ID, e.t.c., instead of
> username/password a la PPPoE. This gets passed as part of initial DHCP
> transactions.
This worked 10 years ago, it's nothing recent.
> Rethinking your comment (because I thought you meant DHCP as the way to
> go for subscriber management when you debunked PPPoE) I'm guessing you
> refer to simply assigning IP addresses to customer interfaces in FTTH
> scenarios? No?
Yes? Since option 82 and friends gives you what port the DHCP request came
in on, you now log IP/MAC connected to a port, and since you know to what
apartment/house this port is physically connected to, nothing more is
needed.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list