Cisco PPPoE Baseline Architecture for the Cisco UAC 6400

Similar documents
isco Cisco PPPoE Baseline Architecture for the Cisco UAC

PPPoA Baseline Architecture

Table of Contents. Cisco RFC1483 Bridging Baseline Architecture

PPPoE on ATM. Finding Feature Information. Prerequisites for PPPoE on ATM. Restrictions for PPPoE on ATM

PPPoE Technology White Paper

Configuring a Cisco 827 Router to Support PPPoE Clients, Terminating on a Cisco 6400 UAC

AN INTRODUCTION TO PPPOE

Configuring the Cisco 827 Router as a PPPoE Client With NAT

BCRAN. Section 9. Cable and DSL Technologies

Cisco DSL Router Configuration and Troubleshooting Guide Cisco DSL Router Acting as a PPPoE Client with a Dynamic IP Address

Configuring a Cisco 827 Router Using PPPoA With CHAP and PAP

Virtual Private Networks.

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

1 IPv6 Drivers in Broadband COPYRIGHTED MATERIAL. Networks

Cisco ISG Design and Deployment Guide: ATM Aggregation

Remote Access MPLS-VPNs

Autosense for ATM PVCs and MUX SNAP Encapsulation

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Fuji 16.7.x

Virtual Private Networks (VPNs)

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Provisioning Broadband Aggregators Topics

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S (ASR 1000)

Finding Feature Information

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Fuji 16.8.x

PPPoE Circuit-Id Tag Processing

PPPoE Service Selection

IPv6 and xdsl. Athanassios Liakopoulos Slovenian IPv6 Training, Ljubljana, May 2010

A Method for Transmitting PPP Over Ethernet (PPPoE)

Configuring PPP over Ethernet with NAT

Configuring PPP over ATM with NAT

xdsl OVERVIEW OF IMPORTANT DIGITAL SUBSCRIBER LINE TECHNOLOGIES xdsl Technology Peter R. Egli peteregli.net peteregli.net 1/18 Rev. 3.

QoS in PPPoE. Quality of Service in the Point-to-Point Protocol over Ethernet. Master s Thesis. Patrik Lahti KTH, Telia Research AB

Configuring the Physical Subscriber Line for RADIUS Access and Accounting

Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS Release 12.2SX

Autosense of MUX/SNAP Encapsulation and PPPoA/PPPoE on ATM PVCs

Point-to-Point Protocol (PPP)

DHCP Overview. Information About DHCP. DHCP Overview

Lecture 1.1: Point to Point Protocol (PPP) An introduction

Preserve 802.1Q Tagging with 802.1P Marking over ATM PVCs for xdsl Uplinks

Monitoring PPPoE Sessions with SNMP

Configuring PPPoE Client on the Cisco 2600 to Connect to a Non Cisco DSL CPE

Configuring PPP over Ethernet with NAT

Broadband Scalability and Performance

802.1P CoS Bit Set for PPP and PPPoE Control Frames

QoS: Per-Session Shaping and Queuing on LNS

RADIUS Tunnel Preference for Load Balancing

Provisioning Flows Topics

Introduction to Broadband Access Center Topics

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Configuring the PPPoE Client

FOUR-PORT ADSL ROUTER. KD319RI ADSL Router User Manual

HP VSR1000 Virtual Services Router

PPPoE Client DDR Idle-Timer

RADIUS Vendor-Specific Attributes (VSA) and RADIUS Disconnect-Cause Attribute Values

PPPoE Service Selection

FOUR-PORT ADSL ROUTER. KD319MUI ADSL Router User Manual

RADIUS Tunnel Attribute Extensions

Configuring Client-Initiated Dial-In VPDN Tunneling

Cisco recommends that you have knowledge of End-to-End Layer 1 connectivity is User Priority (UP).

Content 1 OVERVIEW HARDWARE DESCRIPTION HARDWARE INSTALLATION PC CONFIGURATION GUIDE... 5 WEB-BASED MANAGEMENT GUIDE...

The router sends hello keepalive packets at 60 second intervals.

WAN Technologies CCNA 4

FOUR-PORT ADSL ROUTER. KD319EUI ADSL Router User Manual

RADIUS Attributes. RADIUS IETF Attributes

CCNP 2: Remote Access

QoS: Classification, Policing, and Marking on LAC Configuration Guide, Cisco IOS Release 12.4T

ITU-T. FS-VDSL White Paper. Full-Service VDSL. Focus Group White Paper. FS-VDSL Service Scenarios INTERNATIONAL TELECOMMUNICATION UNION

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

IPv6 on DSL, the best way to develop always-on services. Patrick Cocquet, 6WIND chairman, IPv6 Forum Vice-President, IPv6 Task Force France chairman

Part 5: Link Layer Technologies. CSE 3461: Introduction to Computer Networking Reading: Chapter 5, Kurose and Ross

DHCP Client on WAN Interfaces

thus, the newly created attribute is accepted if the user accepts attribute 26.

PPPoE Session Limit per NAS Port

A device that bridges the wireless link on one side to the wired network on the other.

TECHNICAL REPORT. CPE Architecture Recommendations for Access to Legacy Data Networks. DSL Forum TR-032. May 2000

Service Managed Gateway TM. Configuring Dual ADSL PPP with Worker Standby or Load Share Mode

RADIUS Logical Line ID

Effective with Cisco IOS Release 15.0(1)M, the ssg default-network command is not available in Cisco IOS software.

PPPoE Smart Server Selection

Implementing ADSL and Deploying Dial Access for IPv6

PPPoE Smart Server Selection

TR-187 IPv6 for PPP Broadband Access

Carrier Grade Network Address Translation

Customer Interface Publication: CIP025

Master Course Computer Networks IN2097

L2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application

thus, the newly created attribute is accepted if the user accepts attribute 26.

OV504R6. Quick Start Guide

DSL Forum Technical Report TR-043

HG531 V1 300Mbps Wireless ADSL2+ Router Product Description. Issue _01 HUAWEI TECHNOLOGIES CO., LTD.

Configuring the PPPoE Intermediate Agent

Configuring PPP over ATM with NAT

L2VPN Interworking. Finding Feature Information

F. ADSL Data Access service supports Point to Point Protocol over Ethernet (PPPoE) across MTS Allstream s network.

VPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP)

Configuring the PPPoE Intermediate Agent

QoS in a SOHO Virtual Private Network for IP Telephony

Exam : Title : Implementing Secure Converged Wide. Area Networks Ver :

Vigor2910 Dual-WAN Security Router User s Guide

Transcription:

Cisco PPPoE Baseline Architecture for the Cisco UAC 6400 Document ID: 12915 Contents Introduction Assumption Technology Brief Advantages and Disadvantages of PPPoE Architecture Advantages Disadvantages Implementation Considerations for PPPoE Architecture Key Points of PPPoE Architecture Conclusion References Related Information Introduction This document describes an end to end Asymmetric Digital Subscriber Line (ADSL) architecture that uses Point to Point Protocol over Ethernet (PPPoE). In the current environment of Access technologies, it is desirable to connect multiple hosts at a remote site through the same customer premise access device. It is also essential to provide access control and billing functionality in a manner similar to dialup services that use Point to Point Protocol (PPP). In many Access technologies, the most cost effective method to attach multiple hosts to the customer premise access device is via Ethernet. In addition, it is desirable to keep the cost of this device as low as possible and the configuration requirement less or none. As customers deploy ADSL they must support PPP style authentication and authorization over a large installed base of legacy bridging customer premises equipment (CPE). PPPoE provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator or aggregation concentrator. With this model, each host uses its own PPP stack. Therefore, it presents the user with a familiar user interface. You can access control, billing, and type of service on a per user, rather than a per site, basis. Assumption The baseline architecture assumes that these items are provided: High speed Internet access and corporate access to the end subscriber that uses PPPoE. ATM as the core backbone technology, implemented by the Cisco 6400 Universal Access Concentrator (UAC). This design implementation restriction can limit the use of this architecture on other platforms, but PPPoE constantly evolves. Read the latest release notes for related products in order to take advantage of new and updated features.

This paper is based on current deployments as well as inhouse tests that use the Cisco 6400 UAC. This paper is a continuation of the PPPoA Baseline Architecture paper and refers to it often. It is assumed that you have read the PPPoA Baseline Architecture white paper and understand the fundamentals of PPP, and that you have read release notes for the latest software release. Technology Brief As specified in RFC 2516, PPPoE has two distinct stages: a discovery stage and a PPP session stage. When a host initiates a PPPoE session, it must first perform discovery in order to identify which server can meet the request of the client. Secondly, it needs to identify the Ethernet MAC address of the peer and establish a PPPoE session id. While PPP defines a peer to peer relationship, discovery is inherently a client server relationship. In the discovery process, a host (the client) discovers one or more access concentrators (the servers) and selects one. When discovery completes successfully, both the host and the selected access concentrator have the information in order to build their point to point connection over Ethernet. After a PPP session is established, both the host and the access concentrator must allocate the resources for a PPP virtual interface (this is probably not the case for all implementations). For more details on the PPPoE specification, refer to RFC 2516. Advantages and Disadvantages of PPPoE Architecture PPPoE architecture inherits most of the advantages of PPP used in the dialup model and in PPPoA architecture. These sections list some key advantages and disadvantages of PPPoE and how they differ from PPPoA. Advantages These are some key advantages of PPPoE and how they differ from PPPoA: Per session authentication based on Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). This is the greatest advantage of PPPoE as authentication overcomes the security hole in a bridging architecture. Per session accounting is possible, which allows the service provider to charge the subscriber based on session time for various services offered. The service provider can also require a minimal access charge. You can use PPPoE on current CPE installations that cannot be upgraded to PPP or that do not have the ability to run PPPoA, that extends the PPP session over the bridged Ethernet LAN to the PC. PPPoE preserves the point to point session used by Internet Service Providers (ISPs) in the current dialup model. PPPoE is the only protocol capable to run point to point over Ethernet without the requirement of an intermediate IP stack. The Network Access Provider (NAP) or Network Service Provider (NSP) can provide secure access to a corporate gateway without the management of end to end permanent virtual circuits (PVCs) and without the use of Layer 3 routing and/or Layer 2 Tunneling Protocol (L2TP) tunnels. This makes the business model of the sale of wholesale services and virtual private networks (VPNs) scalable. PPPoE can provide a host (PC) access to multiple destinations at a given time. You can have multiple PPPoE sessions per PVC. The NSP can oversubscribe by the deployment of idle and session time outs with the help of an industry standard Remote Authentication Dial In User Service (RADIUS) server for each subscriber. You can use PPP with the service selection gateway (SSG) feature.

Disadvantages These are some key disadvantages of PPPoE and how they differ from PPPoA: You must install PPPoE client software on all hosts (PCs) that connect to the Ethernet segment. This means that the access provider must maintain the CPE and the client software on the PC. Since PPPoE implementation uses RFC 1483 bridging, it is susceptible to broadcast storms and possible denial of service attacks. Implementation Considerations for PPPoE Architecture These are some key points to consider before you implement this type of architecture. The number of subscribers that is supported. The number of PPPoE servers required depends on the number of sessions. Whether the PPP sessions are terminated at the aggregation router of the service provider or forwarded to other corporate gateways or ISPs. Whether the service provider or the final service destination provides the IP address. In the case of more than one user, whether all users need to reach the same final destination or service, or do they all have different service destinations. Do the end subscribers require simultaneous access to multiple destinations? The PPPoE client software that the access provider uses and whether the software has been tested, the operating system that the host uses, and whether that operating system can make an intelligent routing decision. How the service provider bills subscribers based on a flat rate, per session usage, or services used. Deployment and the provision of CPEs, DSLAMs and aggregation points of presence (POPs). The business model for the NAP. Does the model also include the sale of wholesale services like secure corporate access and value added services like voice and video? Are NAPs and NSPs the same entity? The business model of the company. Is it comparable to an independent local exchange carrier (ILEC), a competitive local exchange carrier (CLEC) or an ISP? The types of applications the NSP offers to the end subscriber. The anticipated upstream and downstream volume of data flow. Consider NRP throughput, traffic engineering, and any QoS issues. This document discusses how the PPPoE architecture fits and scales to different business models for service providers and how the providers can benefit with the help of this architecture. Network Architecture

Design Considerations for PPPoE Architecture This section covers issues that apply specifically to PPPoE Architecture. Before the deployment of any architecture, it is essential to understand the business model of the service provider and what services the provider offers. You need to know the client software that is used on the PC. The most common software is from Routerware. Since the client software is installed on a PC, the service provider technician needs to have a good knowledge of that PC and its operating system. As specified in RFC 2516, the maximum receive unit (MRU) option must not negotiate to a size larger than 1492. Ethernet has a maximum payload size of 1500 octets. The PPPoE header is 6 octets and the PPP protocol ID is 2 octets, so the PPP maximum transmission unit (MTU) must not be greater than 1492. This is achieved with the configuration of IP MTU 1492 for PPPoE virtual template interfaces. By default, no virtual access interface is precloned when a PPPoE VPDN group is configured. Users can change the maximum number of precloned virtual access interfaces by issuing the virtual template <number> pre clone <number> global command. In order to protect the router against denial of service attacks, PPPoE (by default) allows only one session to be sourced from a MAC address over a VC. Users can issue the pppoe session limit per mac and pppoe session limit per vc commands in order to change the defaults. The accounting, authorization, and authentication process is the same as that of PPPoA. The only difference is that currently, the VPI/VCI based authentication, which is available for PPPoA and not available for PPPoE, can use the L2TP and SSG architectures for wholesale services. Key Points of PPPoE Architecture

CPE The CPE is configured for pure RFC 1483 bridging. Each CPE consumes only one VPI/VCI pair and all PPPoE sessions initiated by hosts behind this CPE is carried over in this single VC. IP Management The IP address allocation for the individual host that runs the PPPoE client is based on the same principle of PPP in dial mode IPCP negotiation. The IP address origin depends on the type of service the subscriber purchases and where the PPP sessions terminate. PPPoE makes use of the dialup networking feature of Microsoft Windows, and the IP address assigned is reflected in the PPP adapter. The IP address assignment can come from the access concentrator that terminates the PPPoE sessions or in the case of L2TP, from the home gateways. The IP address is assigned for each PPPoE session. The CPE cannot do Network Address Translation/ Dynamic Host Configuration Protocol (NAT/DHCP) because it is bridged and there is no IP address allocated to it. How the Service Destination is Reached These are the ways to reach the service destination: The termination of PPP sessions at the service provider L2TP tunneling With the use of SSG Detailed explanations of these architectures are covered in separate papers. Operational Description of PPPoE This release of PPPoE client software supports the discovery and session stages described in RFC 2516. There are four steps to the discovery stage. When it completes, both peers know the PPPoE session id and the Ethernet address of the peer, which together uniquely define the PPPoE session. These are the steps:

1. The host broadcasts an initiation packet. The host sends the PPPoE active discovery initiation (PADI) packet with the destination_addr set to the broadcast address. The PADI consists of one tag that indicates what service type it requests. 2. One or more access concentrators send offer packets. When the access concentrator or the router receives a PADI that it can serve, it sends a PPPoE active discovery offer (PADO) packet. The destination_addr is the unicast address of the host that sent the PADI. If the access concentrator cannot serve the PADI, it must not respond with a PADO. Since the PADI was broadcast, the host can receive more than one PADO. 3. The host sends a unicast session request packet. The host looks through the PADO packets it receives and chooses one. The choice is based on the services offered by each access concentrator. The host then sends one PADR packet to the access concentrator it chooses. The destination_addr field is set to the unicast Ethernet address of the access concentrator or the router that sends the PADO. 4. The selected access concentrator sends a confirmation packet. When the access concentrator receives a PADR packet, it prepares to begin a PPP session. It generates a unique session id for the PPPoE session and replies to the host with a PPPoE active discovery session confirmation (PADS) packet. The destination_addr field is the unicast Ethernet address of the host that sends the PADR. Once the PPPoE session begins, PPP data is sent as in any other PPP encapsulation. All Ethernet packets are unicast. A PPPoE active discovery terminate (PADT) packet can be sent by either the host or the access concentrator any time after a session is established in order to indicate that a PPPoE session has been terminated. For a more detailed explanation, refer to RFC 2516.

Conclusion For ADSL, PPPoE gains popularity, and is second only to PPPoA. References RFC 2516 A method to transmit PPP over Ethernet (PPPoE) RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 2364 Point to Point over AAL5 Related Information PPPoA Baseline Architecture DSL Technical Support Technical Support Cisco Systems Contacts & Feedback Help Site Map 2014 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Jun 01, 2005 Document ID: 12915

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback