Covenant
Premium,MVM
join:2003-07-01
England
2 edits | reply to aryoba
Re: DSL customers get both PPP and static IP
said by aryoba  :
I think I understand your confusion. In the US, there is at least 1 ISP who sells DSL services to customers with features of static IP. In addition the ISP requires the customers to dial-in (via PPP) to the ISP router. Therefore this specific ISP employs PPP authentication for their static IP DSL customers.
Ummm... no! My confusion arose because I could not see the relevance of the way an ISP's network is "routed" so to speak when dealing with a normal home user/business customers. The only people who might be interested in the way the network is setup are the potential resellers that the ISP is touting business for and HUGE corporations. The way the ISP deals with its routing is, to be blunt, none of the customers' concern. As far as the ISP goes, home user/business customers should be interested in their connectivity ONLY. I agree that this mentality sucks but I can see their point.
As regards static routing, its NOT FLEXIBLE and is HARD to manage as the network grows. If we did static routing, trouble would arise once we expand our network. That's why we have routing protocols. 
said by aryoba :
The management may think to utilize PPP to all of their DSL customers (both the dynamic and the static customers) to simplify management.
Thanks for the information though! 
DOH!
Forgot to include the links...
»www.cisco.com/pcgi-bin/Support/b···es&f=988
»www.cisco.com/pcgi-bin/Support/b···all=true |
|
aryoba
Premium,MVM
join:2002-08-22
|  reply to Covenant
said by Covenant :
I am not quite sure I understand your question regarding static routing.
Covenant,
I think I understand your confusion. In the US, there is at least 1 ISP who sells DSL services to customers with features of static IP. In addition the ISP requires the customers to dial-in (via PPP) to the ISP router. Therefore this specific ISP employs PPP authentication for their static IP DSL customers.
If you wonder why the ISP would do such a thing; the reason may be from the ISP management point of view. The management may think to utilize PPP to all of their DSL customers (both the dynamic and the static customers) to simplify management. |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to rolande
Re: Unavailable Cisco links & Rolande "static routing"
said by rolande :
said by aryoba :
Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? ....
What do you need explained further? Static routing is how the Internet started until EGP and then BGP came along. The provider either configures a static route at the head end router pointing to a unique interface that can only be assigned to your circuit or they don't if your connection can't be uniquely isolated on an interface or if management of the static routes is too much of a headache for them.
Yes but in the context of aryoba 's question, that is all irrelevant, as how the ISP handles its network is up to the ISP and nothing to do with the end user. I was talking about routing in the context of the end user, i.e. what is possible and the only thing the customer can do is set up a static route to the next hop router. That is why I did not comprehend where you were coming from, in the context of the customer. As regards the two different types of "dedicated service", its all semantics and to the end user, it does not matter as long as they have their "connection". If they want to get a "dedicated" T1 line or a "dedicated" xdsl line, that is up to them and the network designer/internet connectivity consultant who will assess their needs to see which solution better suits them.
Now aryoba , have we answered ALL of your questions?
PS. As regards the links, I will have a look for some that do not need CCO access when I get a chance. Did not realise it was needed as I was already logged on, DOH! |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| reply to aryoba
said by aryoba :
Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? ....
What do you need explained further? Static routing is how the Internet started until EGP and then BGP came along. The provider either configures a static route at the head end router pointing to a unique interface that can only be assigned to your circuit or they don't if your connection can't be uniquely isolated on an interface or if management of the static routes is too much of a headache for them.
You can't compare "dedicated" DSL service to "dedicated" point-to-point services like T-1, T-3 etc. They are apples and oranges for lack of a better analogy. The word dedicated means 2 different things in those configurations. In the DSL configuration, dedicated really means you don't have to dial-up to connect and send or receive data. The difference is that DSL is a physical connection from the DSLAM to your router, but it is a logical connection from the DSLAM to the ISP. There is no physical connection all the way from your router to the ISP's router. DSL is almost always delivered to the ISP's router as packet or cell switched data depending on the layer 2 backhaul protocol. The ISP pays to have a separate backhaul connection (usually ATM) into a DSL provider's network so that they can resell DSL connectivity to their own customers. The ISP doesn't necessarily own the DSLAM or the majority of the path the data flows through except for the link from the DSL provider's network into theirs. So, since the ISP is outsourcing or leasing the DSL services from a 3rd party, they have to control network admission from the DSL provider's network. Otherwise the potential is there that the DSL provider could misconfigure customers to use the wrong ISP and send traffic through their network that isn't being paid for.
OTOH, a T-1 or T-3 circuit is circuit switched or hardwired to a unique physical port or at least a logical port if it is delivered over SONET or muxed in some fashion. So a point-to-point circuit is a separate physical circuit path that is isolated and dedicated to only 1 customer's traffic and spans the full distance from your router to the ISP's router. There is no shared network medium in the middle, in the case of DSL provisioning.
When a customer's connection to the ISP can be physically separated or isolated from other customer's traffic, there is no need for authentication. At that point the ISP controls whether traffic will route to the customer's netblock or not. It is considered a true network to network connection and can't be hijacked unless someone broke into the customer's premises and used their network to access the circuit. With a point-to-point circuit both parties know where the circuit begins and ends and that no one else has access to utilize services on that circuit except for the customer who purchased the facilities.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." |
|
aryoba
Premium,MVM
join:2002-08-22
2 edits | reply to Covenant
said by Covenant :
Below are some links from cisco.com that cover dsl technology. There is a lot of info. The 2nd link may explain a bit about the client/dslam connection, and other links within the 3rd link will do so as well.
»www.cisco.com/cgi-bin/Support/br···es&f=988
»www.cisco.com/en/US/tech/tk175/t···d2.shtml
»www.cisco.com/cgi-bin/Support/br···all=true
Covenant,
Just to let you know that 1st and 3rd link require special (pay) CCO account, which is not available to everyone. Would you be kind enough to send the link without the requirement? ....
said by Covenant :
I am not quite sure I understand your question regarding static routing.
Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? .... |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to aryoba
Re: Both Static IP and PPP for ISP customers
As an addendum, security (PPP) really came into its own during the growth of dialup. ISPs could allow users to dial in to a premium rate number/national number/local number then it became a free number for a monthly charge (note the evolution of dial up packages in the UK) and authenticate them via PPP. They did not have to spend any money or utilise any additional expertise to "activate" the line so to speak as happens in xdsl. They had a number of modems, and allowed users to dial into them and authenticate from ANY line.
Just a brief history about the nature of authentication in the UK but I do not know how comparable it is to the US.
By the way, I hope YOU will put all this info in a FAQ. |
|
Covenant
Premium,MVM
join:2003-07-01
England
2 edits | reply to aryoba
I am not quite sure I understand your question regarding static routing. At the customer's end, the static routing is limited to only the connection between the client and the next hop router, as the ISP could be doing all nat in their network, it's up to them how they implement their network. The reason dsl is called a dedicated service, is because the link between the dslam and the client is always up, unless the client turns off the modem, or there is a problem with the connection. That means that the services you are paying for are available, on demand, for example, in a ppp setup, your connection to the dslam is up, but you have been idle for 16 hours. To conserve ip addresses, memory and cpu utilization, the provider will release your ip address (if it is dynamically assigned), thus that ip address can be handed to another client. However, your connection is available, but you may need to negotiate another ip address. Normally this is done quite seamlessly. It doesn't matter whether the client has a static ip or not. Usually static addresses are associated with premium rates/pricing. In regards the "modems", the modem connection is only between the dslam and the client modem, and that is the physical connection. If an isp oversubscribes this, then they have a problem! Below are some links from cisco.com that cover dsl technology. There is a lot of info. The 2nd link may explain a bit about the client/dslam connection, and other links within the 3rd link will do so as well.
»www.cisco.com/cgi-bin/Support/br···es&f=988
»www.cisco.com/en/US/tech/tk175/t···d2.shtml
»www.cisco.com/cgi-bin/Support/br···all=true
As regards security, that is not an issue. Otherwise I would be stealing my neighbour's bandwith if they had xdsl. |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| reply to aryoba
It usually means that once you authenticate you will always be assigned the same IP subnet or individual IP address, as the case may be. If it were hard coded with static routes etc., even if you turned off your router there would still be a route in the ISP's network for your address range pointing at your physical interface. If everything is hard coded and the circuit is point-to-point dedicated or nailed up, there is no reason for authentication.
Even though DSL appears to be a dedicated service, it is not. On the backhaul end your connection usually appears as a virtual ATM circuit to the ISP that can come and go as you enable or disable your equipment. It is much easier and more efficient from a management standpoint to allow these routes to be dynamically negotiated with the client than to hard code them onto the equipment.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to Covenant
said by Covenant :
aryoba , I am sure that you are upto speed with xdsl technology but I hope you wont mind if I post some links which might not only shed some light on xdsl for you, but also for our colleagues within this forum:
Sure Covenant, I never mind any additional info. As I mentioned before, I try to generate a new FAQ ....
Also Covenant, you may want to put up those links in FAQ. Just in case someone else need to know them; and for any future reference.
said by Covenant :
Why the interest in authentication and line security????
Why the interest? Currently I'm working with 3 connections. One with only static IP. Two with only PPP (dynamically assigned IP). Three with both static IP and PPP. So basically I need to know how secure of those connections.
Now back to my questions. For ISPs that employ PPP authentication (username and password required) for their static IP customers; does it mean the ISP router use static routing to physical interface AND authentication?
Any comment on that? |
|
dpocoroba
Premium
join:2000-11-14
224.0.0.5
| reply to aryoba
Re: [Info] Why is PPP necessary for "dedicated connection"?
Just started to read this thread very good topic and stuff in here guys. A very interesting and useful read Sheds some light on some of those how stuff works things that come across your mind at times
--
"Knowledge is contagious, infect" |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to aryoba
aryoba , I am sure that you are upto speed with xdsl technology but I hope you wont mind if I post some links which might not only shed some light on xdsl for you, but also for our colleagues within this forum:
»www.adslguide.org.uk/howitworks/default.asp
»www.adslguide.org.uk/howitworks/exchange.asp
»www.adslguide.org.uk/howitworks/dslam.asp
»www.adslguide.org.uk/howitworks/atm1.asp
Hope it helps. |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to julez_atf
Re: [Info] Why is PPP necessary for "dedicated con
said by julez_atf :
For DSL w/o PPP, wouldn't the authentication be done via MAC address?
In this case, if the customer changes modems, then he would no longer be able to access the ISP's services until he registers his new MAC with them.
Please correct me if I am wrong.
julez_atf , you are quite correct. Authentication by MAC is normally done by Cable ISPs and not xdsl ISPs. Well in the UK at least! |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to aryoba
Re: Let's say A is down
I will assume this is a typical xdsl environment, so all users connect to a dslam. The dslam contains linecards that have modem ports, not like dialup modems, but modems none-the less. This means that there is a dedicated connection or one-to-one ratio of client's to modems. The linecard usually has LEDs that indicated various status conditions on the ports. If you are doing ppp, they can verify your username and ip address as well at the datalink layer.
Now I have one question for you aryoba :
Why the interest in authentication and line security???? |
|
julez_atf
Bleep Bleep
Premium
join:2001-03-01
Montreal, QC
clubs:
| reply to aryoba
Re: [Info] Why is PPP necessary for "dedicated con
For DSL w/o PPP, wouldn't the authentication be done via MAC address?
In this case, if the customer changes modems, then he would no longer be able to access the ISP's services until he registers his new MAC with them.
Please correct me if I am wrong.
--
I'll be your lover... I'll be forever... I'll be tomorrow... I am anything when I am high... |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to rolande
With both PPP and static routing
said by rolande :
They use static routing to the physical interface. The only way you could reuse user A's configuration is if you were physically connected to the same circuit. The ISP controls what traffic routes to where by the routes they add to their network. As a customer, you do not have control of these routes just by adding another user's configuration to your own network.
In a dynamic config scenario, the user authenticates either via PPP or PPPoE or something similar and all of the settings are passed to the client via a control protocol. The ISP's upstream router then dynamically inserts the new route into its routing tables and announces it to the rest of the ISP network using the local routing protocol. In that case, if you knew user A's username and password you could potentially steal their configuration and reuse it on another physical circuit and interface, since it is dynamically configured as a part of authentication.
Some ISPs give out PPP settings to all their static IP customers. Does it mean the ISP router use static routing to physical interface AND authentication? |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| reply to aryoba
Re: "Hard coded"
They use static routing to the physical interface. The only way you could reuse user A's configuration is if you were physically connected to the same circuit. The ISP controls what traffic routes to where by the routes they add to their network. As a customer, you do not have control of these routes just by adding another user's configuration to your own network.
In a dynamic config scenario, the user authenticates either via PPP or PPPoE or something similar and all of the settings are passed to the client via a control protocol. The ISP's upstream router then dynamically inserts the new route into its routing tables and announces it to the rest of the ISP network using the local routing protocol. In that case, if you knew user A's username and password you could potentially steal their configuration and reuse it on another physical circuit and interface, since it is dynamically configured as a part of authentication.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to rolande
said by rolande :
If there is no authentication occuring then there is no dynamic configuration occuring. All of the user's configuration is hard coded on the ISP's side in this case.
When you said "hard coded"; did it mean that the ISP always check all customer's MAC address before routing their traffic?
Or maybe there is another checking method? |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| reply to aryoba
Re: Let's say A is down
If there is no authentication occuring then there is no dynamic configuration occuring. All of the user's configuration is hard coded on the ISP's side in this case, so it is impossible for user B to steal user A's configuration. The ISP's router will not route user B's traffic because it is not configured for user A's settings on user B's interface.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to Covenant
said by Covenant :
If customer B who "borrows" customer's A settings to connect to the Internet, customer B needs to connect his router to customers A line. So there is no way for customer B to use the same settings as customer A unless customer B connects his router at customer's A site.
What if A is not using his account; and B borrows at this time; would B be able to connect using A's account from B's location?
If yes, how would the ISP find out if B was using A's instead of his own? |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to aryoba
Re: The authentication
In this case a DSL connection works like a dedicated line. If customer B who "borrows" customer's A settings to connect to the Internet, customer B needs to connect his router to customers A line. So there is no way for customer B to use the same settings as customer A unless customer B connects his router at customer's A site. |
|
