Re: [Info] Why is PPP necessary for "dedicated connection"? in Cisco

Re: [Info] Why is PPP necessary for "dedicated connection"? in Cisco http://www.dslreports.com/forum/r8783748 en Mon, 09 Nov 2009 15:36:50 EDT Mon, 09 Nov 2009 15:36:50 EDT Re: DSL customers get both PPP and static IP http://www.dslreports.com/forum/remark,8814996 Covenant :

said by aryoba :
I think I understand your confusion. In the US, there is at least 1 ISP who sells DSL services to customers with features of static IP. In addition the ISP requires the customers to dial-in (via PPP) to the ISP router. Therefore this specific ISP employs PPP authentication for their static IP DSL customers.

Ummm... no! My confusion arose because I could not see the relevance of the way an ISP's network is "routed" so to speak when dealing with a normal home user/business customers. The only people who might be interested in the way the network is setup are the potential resellers that the ISP is touting business for and HUGE corporations. The way the ISP deals with its routing is, to be blunt, none of the customers' concern. As far as the ISP goes, home user/business customers should be interested in their connectivity ONLY. I agree that this mentality sucks but I can see their point.

As regards static routing, its NOT FLEXIBLE and is HARD to manage as the network grows. If we did static routing, trouble would arise once we expand our network. That's why we have routing protocols. ;)

said by aryoba :

The management may think to utilize PPP to all of their DSL customers (both the dynamic and the static customers) to simplify management.

Thanks for the information though! :)

DOH!

Forgot to include the links...

»www.cisco.com/pcgi-bin/Support/b···es&f=988

»www.cisco.com/pcgi-bin/Support/b···all=true]]> http://www.dslreports.com/forum/remark,8814996 Wed, 17 Dec 2003 15:31:31 EDT DSL customers get both PPP and static IP http://www.dslreports.com/forum/remark,8813482 aryoba :

said by Covenant :
I am not quite sure I understand your question regarding static routing.

Covenant,

I think I understand your confusion. In the US, there is at least 1 ISP who sells DSL services to customers with features of static IP. In addition the ISP requires the customers to dial-in (via PPP) to the ISP router. Therefore this specific ISP employs PPP authentication for their static IP DSL customers.

If you wonder why the ISP would do such a thing; the reason may be from the ISP management point of view. The management may think to utilize PPP to all of their DSL customers (both the dynamic and the static customers) to simplify management.]]> http://www.dslreports.com/forum/remark,8813482 Wed, 17 Dec 2003 12:44:19 EDT Re: Unavailable Cisco links & Rolande "static routing" http://www.dslreports.com/forum/remark,8813446 Covenant :

said by rolande :

said by aryoba :

Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? .... :)

What do you need explained further? Static routing is how the Internet started until EGP and then BGP came along. The provider either configures a static route at the head end router pointing to a unique interface that can only be assigned to your circuit or they don't if your connection can't be uniquely isolated on an interface or if management of the static routes is too much of a headache for them.

Yes but in the context of aryoba

's question, that is all irrelevant, as how the ISP handles its network is up to the ISP and nothing to do with the end user. I was talking about routing in the context of the end user, i.e. what is possible and the only thing the customer can do is set up a static route to the next hop router. That is why I did not comprehend where you were coming from, in the context of the customer. As regards the two different types of "dedicated service", its all semantics and to the end user, it does not matter as long as they have their "connection". If they want to get a "dedicated" T1 line or a "dedicated" xdsl line, that is up to them and the network designer/internet connectivity consultant who will assess their needs to see which solution better suits them.

Now aryoba

, have we answered ALL of your questions?

PS. As regards the links, I will have a look for some that do not need CCO access when I get a chance. Did not realise it was needed as I was already logged on, DOH! ]]> http://www.dslreports.com/forum/remark,8813446 Wed, 17 Dec 2003 12:40:21 EDT Re: Unavailable Cisco links & Rolande "static routing" http://www.dslreports.com/forum/remark,8812753 rolande :

said by aryoba :

Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? .... :)

What do you need explained further? Static routing is how the Internet started until EGP and then BGP came along. The provider either configures a static route at the head end router pointing to a unique interface that can only be assigned to your circuit or they don't if your connection can't be uniquely isolated on an interface or if management of the static routes is too much of a headache for them.

You can't compare "dedicated" DSL service to "dedicated" point-to-point services like T-1, T-3 etc. They are apples and oranges for lack of a better analogy. The word dedicated means 2 different things in those configurations. In the DSL configuration, dedicated really means you don't have to dial-up to connect and send or receive data. The difference is that DSL is a physical connection from the DSLAM to your router, but it is a logical connection from the DSLAM to the ISP. There is no physical connection all the way from your router to the ISP's router. DSL is almost always delivered to the ISP's router as packet or cell switched data depending on the layer 2 backhaul protocol. The ISP pays to have a separate backhaul connection (usually ATM) into a DSL provider's network so that they can resell DSL connectivity to their own customers. The ISP doesn't necessarily own the DSLAM or the majority of the path the data flows through except for the link from the DSL provider's network into theirs. So, since the ISP is outsourcing or leasing the DSL services from a 3rd party, they have to control network admission from the DSL provider's network. Otherwise the potential is there that the DSL provider could misconfigure customers to use the wrong ISP and send traffic through their network that isn't being paid for.

OTOH, a T-1 or T-3 circuit is circuit switched or hardwired to a unique physical port or at least a logical port if it is delivered over SONET or muxed in some fashion. So a point-to-point circuit is a separate physical circuit path that is isolated and dedicated to only 1 customer's traffic and spans the full distance from your router to the ISP's router. There is no shared network medium in the middle, in the case of DSL provisioning.

When a customer's connection to the ISP can be physically separated or isolated from other customer's traffic, there is no need for authentication. At that point the ISP controls whether traffic will route to the customer's netblock or not. It is considered a true network to network connection and can't be hijacked unless someone broke into the customer's premises and used their network to access the circuit. With a point-to-point circuit both parties know where the circuit begins and ends and that no one else has access to utilize services on that circuit except for the customer who purchased the facilities.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't."]]> http://www.dslreports.com/forum/remark,8812753 Wed, 17 Dec 2003 11:23:10 EDT Unavailable Cisco links & Rolande "static routing" http://www.dslreports.com/forum/remark,8811706 aryoba :

said by Covenant :
Below are some links from cisco.com that cover dsl technology. There is a lot of info. The 2nd link may explain a bit about the client/dslam connection, and other links within the 3rd link will do so as well.

»www.cisco.com/cgi-bin/Support/br···es&f=988

»www.cisco.com/en/US/tech/tk175/t···d2.shtml

»www.cisco.com/cgi-bin/Support/br···all=true

Covenant,

Just to let you know that 1st and 3rd link require special (pay) CCO account, which is not available to everyone. Would you be kind enough to send the link without the requirement? .... :)

said by Covenant :

I am not quite sure I understand your question regarding static routing.

Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? .... :)]]> http://www.dslreports.com/forum/remark,8811706 Wed, 17 Dec 2003 09:03:28 EDT Re: Both Static IP and PPP for ISP customers http://www.dslreports.com/forum/remark,8805864 Covenant : As an addendum, security (PPP) really came into its own during the growth of dialup. ISPs could allow users to dial in to a premium rate number/national number/local number then it became a free number for a monthly charge (note the evolution of dial up packages in the UK) and authenticate them via PPP. They did not have to spend any money or utilise any additional expertise to "activate" the line so to speak as happens in xdsl. They had a number of modems, and allowed users to dial into them and authenticate from ANY line.

Just a brief history about the nature of authentication in the UK but I do not know how comparable it is to the US.

By the way, I hope YOU ;) will put all this info in a FAQ. :)]]> http://www.dslreports.com/forum/remark,8805864 Tue, 16 Dec 2003 17:53:59 EDT Re: Both Static IP and PPP for ISP customers http://www.dslreports.com/forum/remark,8803374 Covenant : I am not quite sure I understand your question regarding static routing. At the customer's end, the static routing is limited to only the connection between the client and the next hop router, as the ISP could be doing all nat in their network, it's up to them how they implement their network. The reason dsl is called a dedicated service, is because the link between the dslam and the client is always up, unless the client turns off the modem, or there is a problem with the connection. That means that the services you are paying for are available, on demand, for example, in a ppp setup, your connection to the dslam is up, but you have been idle for 16 hours. To conserve ip addresses, memory and cpu utilization, the provider will release your ip address (if it is dynamically assigned), thus that ip address can be handed to another client. However, your connection is available, but you may need to negotiate another ip address. Normally this is done quite seamlessly. It doesn't matter whether the client has a static ip or not. Usually static addresses are associated with premium rates/pricing. In regards the "modems", the modem connection is only between the dslam and the client modem, and that is the physical connection. If an isp oversubscribes this, then they have a problem! Below are some links from cisco.com that cover dsl technology. There is a lot of info. The 2nd link may explain a bit about the client/dslam connection, and other links within the 3rd link will do so as well.

»www.cisco.com/cgi-bin/Support/br···es&f=988

»www.cisco.com/en/US/tech/tk175/t···d2.shtml

»www.cisco.com/cgi-bin/Support/br···all=true

As regards security, that is not an issue. Otherwise I would be stealing my neighbour's bandwith if they had xdsl. ;)]]> http://www.dslreports.com/forum/remark,8803374 Tue, 16 Dec 2003 13:27:09 EDT Re: Both Static IP and PPP for ISP customers http://www.dslreports.com/forum/remark,8802140 rolande : It usually means that once you authenticate you will always be assigned the same IP subnet or individual IP address, as the case may be. If it were hard coded with static routes etc., even if you turned off your router there would still be a route in the ISP's network for your address range pointing at your physical interface. If everything is hard coded and the circuit is point-to-point dedicated or nailed up, there is no reason for authentication.

Even though DSL appears to be a dedicated service, it is not. On the backhaul end your connection usually appears as a virtual ATM circuit to the ISP that can come and go as you enable or disable your equipment. It is much easier and more efficient from a management standpoint to allow these routes to be dynamically negotiated with the client than to hard code them onto the equipment.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't."]]> http://www.dslreports.com/forum/remark,8802140 Tue, 16 Dec 2003 10:48:36 EDT Both Static IP and PPP for ISP customers http://www.dslreports.com/forum/remark,8801612 aryoba :

said by Covenant :
aryoba , I am sure that you are upto speed with xdsl technology but I hope you wont mind if I post some links which might not only shed some light on xdsl for you, but also for our colleagues within this forum:

Sure Covenant, I never mind any additional info. As I mentioned before, I try to generate a new FAQ .... :)

Also Covenant, you may want to put up those links in FAQ. Just in case someone else need to know them; and for any future reference.

said by Covenant :
Why the interest in authentication and line security????

Why the interest? Currently I'm working with 3 connections. One with only static IP. Two with only PPP (dynamically assigned IP). Three with both static IP and PPP. So basically I need to know how secure of those connections.

Now back to my questions. For ISPs that employ PPP authentication (username and password required) for their static IP customers; does it mean the ISP router use static routing to physical interface AND authentication?

Any comment on that?]]> http://www.dslreports.com/forum/remark,8801612 Tue, 16 Dec 2003 09:40:53 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8799486 dpocoroba : Just started to read this thread very good topic and stuff in here guys. A very interesting and useful read :) Sheds some light on some of those how stuff works things that come across your mind at times ;)
--
"Knowledge is contagious, infect"]]> http://www.dslreports.com/forum/remark,8799486 Tue, 16 Dec 2003 00:16:55 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8794874 Covenant : aryoba

, I am sure that you are upto speed with xdsl technology but I hope you wont mind if I post some links which might not only shed some light on xdsl for you, but also for our colleagues within this forum:

»www.adslguide.org.uk/howitworks/default.asp

»www.adslguide.org.uk/howitworks/exchange.asp

»www.adslguide.org.uk/howitworks/dslam.asp

»www.adslguide.org.uk/howitworks/atm1.asp

Hope it helps. :)]]> http://www.dslreports.com/forum/remark,8794874 Mon, 15 Dec 2003 16:50:32 EDT Re: [Info] Why is PPP necessary for "dedicated con http://www.dslreports.com/forum/remark,8794825 Covenant :

said by julez_atf :
For DSL w/o PPP, wouldn't the authentication be done via MAC address?

In this case, if the customer changes modems, then he would no longer be able to access the ISP's services until he registers his new MAC with them.

Please correct me if I am wrong.

julez_atf

, you are quite correct. Authentication by MAC is normally done by Cable ISPs and not xdsl ISPs. Well in the UK at least!]]> http://www.dslreports.com/forum/remark,8794825 Mon, 15 Dec 2003 16:45:35 EDT Re: Let's say A is down http://www.dslreports.com/forum/remark,8794796 Covenant : I will assume this is a typical xdsl environment, so all users connect to a dslam. The dslam contains linecards that have modem ports, not like dialup modems, but modems none-the less. This means that there is a dedicated connection or one-to-one ratio of client's to modems. The linecard usually has LEDs that indicated various status conditions on the ports. If you are doing ppp, they can verify your username and ip address as well at the datalink layer.

Now I have one question for you aryoba

:

Why the interest in authentication and line security????]]> http://www.dslreports.com/forum/remark,8794796 Mon, 15 Dec 2003 16:42:14 EDT Re: [Info] Why is PPP necessary for "dedicated con http://www.dslreports.com/forum/remark,8793224 julez_atf : For DSL w/o PPP, wouldn't the authentication be done via MAC address?

In this case, if the customer changes modems, then he would no longer be able to access the ISP's services until he registers his new MAC with them.

Please correct me if I am wrong.
--
I'll be your lover... I'll be forever... I'll be tomorrow... I am anything when I am high...]]> http://www.dslreports.com/forum/remark,8793224 Mon, 15 Dec 2003 13:59:48 EDT With both PPP and static routing http://www.dslreports.com/forum/remark,8792353 aryoba :

said by rolande :
They use static routing to the physical interface. The only way you could reuse user A's configuration is if you were physically connected to the same circuit. The ISP controls what traffic routes to where by the routes they add to their network. As a customer, you do not have control of these routes just by adding another user's configuration to your own network.

In a dynamic config scenario, the user authenticates either via PPP or PPPoE or something similar and all of the settings are passed to the client via a control protocol. The ISP's upstream router then dynamically inserts the new route into its routing tables and announces it to the rest of the ISP network using the local routing protocol. In that case, if you knew user A's username and password you could potentially steal their configuration and reuse it on another physical circuit and interface, since it is dynamically configured as a part of authentication.

Some ISPs give out PPP settings to all their static IP customers. Does it mean the ISP router use static routing to physical interface AND authentication?]]> http://www.dslreports.com/forum/remark,8792353 Mon, 15 Dec 2003 12:20:17 EDT Re: "Hard coded" http://www.dslreports.com/forum/remark,8791794 rolande : They use static routing to the physical interface. The only way you could reuse user A's configuration is if you were physically connected to the same circuit. The ISP controls what traffic routes to where by the routes they add to their network. As a customer, you do not have control of these routes just by adding another user's configuration to your own network.

In a dynamic config scenario, the user authenticates either via PPP or PPPoE or something similar and all of the settings are passed to the client via a control protocol. The ISP's upstream router then dynamically inserts the new route into its routing tables and announces it to the rest of the ISP network using the local routing protocol. In that case, if you knew user A's username and password you could potentially steal their configuration and reuse it on another physical circuit and interface, since it is dynamically configured as a part of authentication.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't."]]> http://www.dslreports.com/forum/remark,8791794 Mon, 15 Dec 2003 10:54:03 EDT "Hard coded" http://www.dslreports.com/forum/remark,8790751 aryoba :

said by rolande :
If there is no authentication occuring then there is no dynamic configuration occuring. All of the user's configuration is hard coded on the ISP's side in this case.

When you said "hard coded"; did it mean that the ISP always check all customer's MAC address before routing their traffic?

Or maybe there is another checking method?]]> http://www.dslreports.com/forum/remark,8790751 Mon, 15 Dec 2003 07:49:53 EDT Re: Let's say A is down http://www.dslreports.com/forum/remark,8787883 rolande : If there is no authentication occuring then there is no dynamic configuration occuring. All of the user's configuration is hard coded on the ISP's side in this case, so it is impossible for user B to steal user A's configuration. The ISP's router will not route user B's traffic because it is not configured for user A's settings on user B's interface.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't."]]> http://www.dslreports.com/forum/remark,8787883 Sun, 14 Dec 2003 21:09:59 EDT Let's say A is down http://www.dslreports.com/forum/remark,8786525 aryoba :

said by Covenant :
If customer B who "borrows" customer's A settings to connect to the Internet, customer B needs to connect his router to customers A line. So there is no way for customer B to use the same settings as customer A unless customer B connects his router at customer's A site.

What if A is not using his account; and B borrows at this time; would B be able to connect using A's account from B's location?

If yes, how would the ISP find out if B was using A's instead of his own?]]> http://www.dslreports.com/forum/remark,8786525 Sun, 14 Dec 2003 18:27:21 EDT Re: The authentication http://www.dslreports.com/forum/remark,8785047 Covenant : In this case a DSL connection works like a dedicated line. If customer B who "borrows" customer's A settings to connect to the Internet, customer B needs to connect his router to customers A line. So there is no way for customer B to use the same settings as customer A unless customer B connects his router at customer's A site.]]> http://www.dslreports.com/forum/remark,8785047 Sun, 14 Dec 2003 15:30:25 EDT The authentication http://www.dslreports.com/forum/remark,8784070 aryoba :

said by Covenant :
Well if you understood PPP or any of the other data link protocols, you would know the advantages and disadvantages of each protocol and know when to apply it or not as the case maybe. You would also have been able to answer at least 2 of the questions you originally posted.

Maybe my questions weren't clear enough to open up the issues I'm sending. Let me see if I can rephrase the questions. OK, here it goes.

Let's say that there is an ISP that doesn't employ PPP to their DSL connection service. They only give their customers static IP address, gateway, subnet, and DNS. Using these settings, customer A successfully connects to Internet.

Let's say there is a customer B "borrow" the customer A settings to connect to the Internet. Without PPP employment (the authentication), how can the ISP find out that customer B is using customer A's settings instead of his own?]]> http://www.dslreports.com/forum/remark,8784070 Sun, 14 Dec 2003 13:28:35 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8783943 Covenant : Thanks for the compliment gleirvik

, your posting is excellent as it adds another level onto my comments.

Lets hope aryoba

is satisfied with the posts. :)]]> http://www.dslreports.com/forum/remark,8783943 Sun, 14 Dec 2003 13:14:11 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8783836 gleirvik : Very good response, Covenant, looks like we were writing in parallell.

Hope my posting can add to your excellent overview.

Geir]]> http://www.dslreports.com/forum/remark,8783836 Sun, 14 Dec 2003 13:03:24 EDT Re: For clarification http://www.dslreports.com/forum/remark,8783770 gleirvik :

said by rolande :

Even though DSL is a dedicated connection it uses a shared head-end infrastructure which needs to be controlled with authentication.

So for the best (e.g. more secure) service, PPP is needed in DSL connection?

ISPs that do not employ PPP for DSL or T1 connections offer less security to the customer than ISPs that do employ?

There are various implementations of DSL networks. Depending on how the network is architected you will or will not need further authentication.

In some cases the SP will have a dedicated end to end PVC (rare if at all seen for consumer services). It also depends how the SP handles IP addressing. For the benefit of the forum I will try to keep this short, while providing a quick review if the options and motivations for doing them and some issues.

RFC1483/2684 Multi Protocol over ATM - routed encapsulation

Used typically for business class services providing static IP addressing by direct configuration of routers (most often) Minimal overhead, still requires a lot of hands on to set up and provision. Requires a router/router functionality as CPE.

RFC1483/2684 Multiprotocol over ATM - bridged encapsulation

The first deployments of DSL where often solved in this way by simply creating a huge flat network with DHCP assigned addressing. As most other attempts to create big flat networks it failed and needed re-design. Since these networks always, at least initially, used modems that could do bridging and that alone. A patch for this has been to provide routers with Routing with Bridged Encapsulation (RBE) or Integrated Routing and Bridging (IRB). This has solved the multiuser issue but has not solved the basic architectural issues.

PPPoE Point to Point Protocol over Ethernet

This is the patch as provided by a some aggregation platform vendors most significantly Redback. By avoiding to replace the DSL modems already purchased and deployed this allowed to re-use the RFC1483/2684 infrastructure by adding an overhead layer. Authentication is one benefit, but also the ability to handle users leveraging the existing dial-infrastructure as the ISP can re-use the complete concept from the dial-in modem era. Also the PPPoE client on the PC also meant that the links would not be up at all times and could be centrally managed in such a way that the ISPs could save IP address space and the Access Service could also hand off to equal access ISPs using PPP mechanisms like L2TP allowing them to deal with addressing in an effective manner. This is the protocol with the most overhead and requires management of MTU sizes or mechanisms of handling the TCP streams to avoid attempts to overfill an ethernet frame payload with a maximum size PPP frame.

Routers typically do that job better than the PC as PC clients are nightmarish especially as the load could prevent certain business applications to work right.
Also routers with embedded modems can leverage a larger MTU possible on the ADSL/ATM network to avoid the overhead of fragmenting the data further. Authentication is generally always used between the PPPoE client (on PC or in router) to ensure some control over users and address management.

In Germany the Telco, Deutsche Telekom (yes, that is the correct spelling), even yanks the connection every few hours to conserve addresses.

PPPoA Point to Point Protocol over ATM

A more direct approach, enables linking QoS from IP more directly to ATM CoS and QoS. Used mostly for professional services for businesses has same benefits as PPPoE, but does not allow for simple modems, does however provide less overhead and no issues with MTU sizes and fragmentation. This approach also requires redesign from the initial RFC 1483 designs but provide a more "correct" and scaleable approach IMHO. Still the operations overhead is just as small as with PPPoE still support wise it is better with respect to not having to deal with PC client support and MTU issues. (with a PC PPPoE client MTU is usually no issue but that has other issues). This approach also allows for running multilink PPP between multiple DSL connection/interfaces. Also allows for L2TP handoff as with PPPoE.

For T1/E1/FR connection you will almost always have a point to point architecture delivering a fixed PVC end-to-end or as with T1 and E1 and non-switched path from end-to-end.

You can run PPP encapsulation over all these connections and it has benefits particularly with address negotiation, parameter exchange as well as authentication.

Authentication can be enabled also for these connection for two way authentication of the end-points and certainly has anti eves-dropping benefits. These connections are however much more expensive and most likely fewer than DSL connections as well as they have been deployed over more years. As such they did not have the same requirements on link security and trimmed operational expense as broadband connections. For added security signatures and encrypted tunnels can be enabled over all these links to optimize the security.

Rgds
Geir]]> http://www.dslreports.com/forum/remark,8783770 Sun, 14 Dec 2003 12:53:55 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8783748 Covenant : The only significant difference between HDLC and PPP encapsulation is the HDLC in the Cisco router is Cisco proprietary, while PPP was included to be multi-vendor friendly. Cisco HDLC reserves some frames for proprietary data, which may or may not be ignored by another router. So, Cisco to Cisco, HDLC is fine, Cisco to non-Cisco, run PPP.

Some background:

High-Level Data Link Control

HDLC (High-level Data Link Control) is a CISCO Encapsulation. Default setting for CISCO routers in serial interfaces. It is simple but reliable. It is used whenever you are going to connect a serial circuit with CISCO routers across the entire network. It allows you to work with all routing protocols and simple features (pings, telnet, loopback, among others).

If both ends of a leased-line connection are routers or access servers running Cisco IOS software, HDLC encapsulation is typically used. HDLC is a bit-oriented, data link layer protocol derived from the Synchronous Data Link Control (SDLC) encapsulation protocol. HDLC provides an encapsulation method for synchronous serial links with a 32-bit checksum.

The serial interface on the access server does not require special configuration because HDLC encapsulation is configured as the default.

Point-to-Point Protocol

PPP (Point to Point Protocol) is a standard encapsulation. It is a little more complex than HDLC.

The really important point is that with this encapsulation you can configure more features. I.E. Authentication, Multilink, compression, callback.

PPP encapsulation provides Cisco IOS software to devices that are not running Cisco IOS software connectivity over leased WAN lines. PPP uses a more complex model than HDLC to ensure interoperability between networking vendors. This interoperability involves several additional protocols, including Link Control Protocol for negotiating basic line interoperability and a family of network control protocols for negotiating individual Layer 3 protocols and their options (such as IPCP for IP and options such as compression).

When the PPP link is negotiated, a link control protocol is negotiated to establish the link and then additional network control protocols are negotiated.

If IP, AppleTalk, or IPX, are configured on the serial line, IP control protocol (IPCP), AppleTalk control protocol (ATCP), or IPX control protocol (IPXCP), respectively, is negotiated to conform to the protocols requirements.

said by aryoba :
I notice some ISPs employ PPP to their dedicated connection (e.g. DSL and T1) customer; and other ISPs don't (just static IP without enter username and password). I wonder,

(1) Why the differences?

HDLC is the default encapsulation of a serial interface, if the router is connected to another Cisco device, then we don't need to change the encapsulation.

said by aryoba :

(2) How is the PPP necessity to dedicated connection service?

You can use PPP or HDLC, it depends on the standards of each ISP.

said by aryoba :

(3) Are services without PPP employment less secure than ones with? Does PPP employment increase security of some sense?

PPP has the option to add authentication to the link. It means that before the T1 line comes up both routers will negotiate some parameters including authentication, both routers exchange username and passwords before the line can be used. PPP allows security at the link layer only (OSI L2).

said by aryoba :

(4) In services without PPP; how do ISPs know that people using their service connect with valid account?

In connections without ppp the authentication is relayed to higher layer protocols.

said by aryoba :

ISPs that do not employ PPP for DSL or T1 connections offer less security to the customer than ISPs that do employ?

In some way connections not using ppp are less secure because the routers don't exchange username and passwords before the link comes up.

Here is a good link about ppp that you may find helpful.

Understanding debug ppp negotiation output:

»www.cisco.com/en/US/tech/tk713/t···45.shtml

said by aryoba :

But the issue is not whether I don't understand PPP or not.

Well if you understood PPP or any of the other data link protocols, you would know the advantages and disadvantages of each protocol and know when to apply it or not as the case maybe. You would also have been able to answer at least 2 of the questions you originally posted.

Its not a problem though, that is what we are here for. :)]]> http://www.dslreports.com/forum/remark,8783748 Sun, 14 Dec 2003 12:51:32 EDT For clarification http://www.dslreports.com/forum/remark,8782658 aryoba :

said by Covenant :
Not to sound facetious, but as you pointed out *several* times to various problem posters that the best info to find as regards technologies or a Cisco product is the cisco website, please allow me to nudge you in the same way that you nudged them.

Covenant,

No need to apologize. You can nudge me anytime you like! .... :)

Yes, I do like to be nudged by anybody. Sometimes I need a big slap behind my head for silly mistakes! ... :)

But the issue is not whether I don't understand PPP or not. The issue is that there are some ISPs employ PPP to dedicated connection services and some others are not; and I'd like to know why the differences. Moreover, I try to generate a new FAQ concerning this.

Now rolande had sent the closest response so far.

said by rolande :

Even though DSL is a dedicated connection it uses a shared head-end infrastructure which needs to be controlled with authentication.

So for the best (e.g. more secure) service, PPP is needed in DSL connection?

ISPs that do not employ PPP for DSL or T1 connections offer less security to the customer than ISPs that do employ?]]> http://www.dslreports.com/forum/remark,8782658 Sun, 14 Dec 2003 10:18:25 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8777230 rolande : PPP is not necessary for a dedicated connection. But some kind of layer 2 protocol is. Are you referring to PPPoE or just plain old PPP? OF course, every ISP builds their networks differently. But, typically, you can't compare DSL service with T-1 service. They are each terminated in a different fashion to the ISP's router and use different layer 2 protocols because of that. PPP itself is not a secure protocol, but it provides access to authentication methods which are like CHAP.

On a point to point T-1 circuit you have to run either PPP, HDLC, Frame-Relay, X.25 or some other kind of layer 2 encapsulation to get your data to and from the other end. You usally have dedicated ports on either end to support these circuits as well. Authentication is mutually exclusive of these protocols but can be facilitated by the protocol, in the case of PPP. When you have dedicated hardware to support the circuit at each end, there is no need for authentication. However, you can still use PPP as your layer 2 protocol, just configured to not force the authentication.

DSL is usually backhauled to the ISP's router over an ATM circuit coming out of the telco DSLAM. This comes into a shared interface on the ISP's router that all or a portion of the ISP's DSL connections will terminate on. If you don't control access to this interface with some kind of authentication, then you have no way of accounting for who is connected to which virtual circuit and/or assigning the correct static routes for those customers with blocks of static IP addresses. So even though DSL is a dedicated connection it uses a shared head-end infrastructure which needs to be controlled with authentication.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't."]]> http://www.dslreports.com/forum/remark,8777230 Sat, 13 Dec 2003 18:30:59 EDT Re: [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8776883 Covenant : Not to sound facetious, but as you pointed out *several* times to various problem posters that the best info to find as regards technologies or a Cisco product is the cisco website, please allow me to nudge you in the same way that you nudged them:

Have a look at this link:

»www.cisco.com/en/US/tech/tk713/t···ies.html

I believe this is more information than you normally give out.

Read up on PPP and HDLC initially. I would also read up on the PPP protocols which are needed regardless of the layer 3 protocol sent across the link such as LCP and ones that are specific to a layer 3 protocol (IP/IPX) such as IPCP.

I would pay particular attention to the PPP LCP features such as error detection and authentication to name a couple.

I do apologise if I am not handing out the answers to you on a plate but like yourself, I am firm believer in helping someone to help themselves. I may waive the rules for Cisco noobs but for a Cisco veteran such as yourself, I would have expected better.]]> http://www.dslreports.com/forum/remark,8776883 Sat, 13 Dec 2003 17:39:46 EDT [Info] Why is PPP necessary for "dedicated connection"? http://www.dslreports.com/forum/remark,8772881 aryoba : I notice some ISPs employ PPP to their dedicated connection (e.g. DSL and T1) customer; and other ISPs don't (just static IP without enter username and password). I wonder,

(1) Why the differences?

(2) How is the PPP necessity to dedicated connection service?

(3) Are services without PPP employment less secure than ones with? Does PPP employment increase security of some sense?

(4) In services without PPP; how do ISPs know that people using their service connect with valid account?

Thanks for any comments! ... :)]]> http://www.dslreports.com/forum/remark,8772881 Sat, 13 Dec 2003 07:59:55 EDT