SIP on FTTH systems

Mikael Abrahamsson swmike at swm.pp.se
Thu Feb 6 12:58:14 UTC 2014


On Thu, 6 Feb 2014, Mark Tinka wrote:

> End user authentication and management typically being done via PPPoE 
> because that was the best and most secure way to manage customer 
> connections (for some operators, still is).

Why do you need to authenticate the customer? Don't your documentation 
system know the port/subscriber mapping? And why is this secure, instead 
of being tied to a physical connection the customer can now take the 
credentials and move? If the credentials are stolen, someone else can 
impersonate that customer.

> By DHCP I mean an alternative to PPPoE-based authentication where Option 
> 82 and friends can allow service providers to authenticate customers 
> based on AN port, MAC address, VLAN ID, e.t.c., instead of 
> username/password a la PPPoE. This gets passed as part of initial DHCP 
> transactions.

This worked 10 years ago, it's nothing recent.

> Rethinking your comment (because I thought you meant DHCP as the way to 
> go for subscriber management when you debunked PPPoE) I'm guessing you 
> refer to simply assigning IP addresses to customer interfaces in FTTH 
> scenarios? No?

Yes? Since option 82 and friends gives you what port the DHCP request came 
in on, you now log IP/MAC connected to a port, and since you know to what 
apartment/house this port is physically connected to, nothing more is 
needed.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se



More information about the NANOG mailing list