Migrating from PPP to DHCPo82

Jack Bates jbates at brightok.net
Mon Nov 8 10:36:45 CST 2010


On 11/8/2010 9:40 AM, MKS wrote:
> I work for an small ISP, which does traditional xDSL service with PPPoE.
> Currently we are in the process of migrating most of our customers to
> DHCP (some customers are getting new CPEs and some will be sw upgraded
> remotely ). It would be great if someone has the time to share their
> experience (on- or offline) from such a migration. Common pitfals and
> perhaps what whey would do differently "next time".
> I know that every network is different but I believe that there are
> some general concerns, specially around security of DHCP and security
> features for vendors around DHCP and DHCP snooping etc.
>

While I'm looking at running option-82 (have limited support in a few 
places), I generally run q-in-q providing 100% isolation of customer 
ports. This gives me the same protections and tracking that PPPoE or ATM 
give me. This also allows me to turn off the security of the DSLAM and 
handle all security at the router level.

There are a few deployments we have where q-in-q isn't possible (poor 
dslam implementations), and we have utilized dslam security (dhcp 
snooping, but currently security breaks IPv6 til the DSLAM gets a future 
code update) + option 82 in those cases. A few don't support option-82 
or q-in-q, and those generally are static assignments in a CPE.

The only benefit I've ever seen for PPPoE/A is dslam agnostics and 
uniform support across all vendors. It has the downside of having to 
terminate PPPoE/A on a cpe device. DHCP requires a plan with DLSAM and 
router support.

Cisco simple (ip unnumbered vlan feature w/ q-in-q, 1 subint per 
customer, snmp probe every 5 minutes for the routing table to store 
IP->MAC->subint in a database). The only reason I've considered adding 
option 82 is to reduce the waste caused by probing (ie, an IP won't 
change without the DHCP request, so option 82 lets me get more granular 
and not probe).


Jack




More information about the NANOG mailing list