aryoba
Premium,MVM
join:2002-08-22
|  reply to Covenant
Both Static IP and PPP for ISP customers
said by Covenant  :
aryoba , I am sure that you are upto speed with xdsl technology but I hope you wont mind if I post some links which might not only shed some light on xdsl for you, but also for our colleagues within this forum:
Sure Covenant, I never mind any additional info. As I mentioned before, I try to generate a new FAQ .... 
Also Covenant, you may want to put up those links in FAQ. Just in case someone else need to know them; and for any future reference.
said by Covenant :
Why the interest in authentication and line security????
Why the interest? Currently I'm working with 3 connections. One with only static IP. Two with only PPP (dynamically assigned IP). Three with both static IP and PPP. So basically I need to know how secure of those connections.
Now back to my questions. For ISPs that employ PPP authentication (username and password required) for their static IP customers; does it mean the ISP router use static routing to physical interface AND authentication?
Any comment on that? |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| It usually means that once you authenticate you will always be assigned the same IP subnet or individual IP address, as the case may be. If it were hard coded with static routes etc., even if you turned off your router there would still be a route in the ISP's network for your address range pointing at your physical interface. If everything is hard coded and the circuit is point-to-point dedicated or nailed up, there is no reason for authentication.
Even though DSL appears to be a dedicated service, it is not. On the backhaul end your connection usually appears as a virtual ATM circuit to the ISP that can come and go as you enable or disable your equipment. It is much easier and more efficient from a management standpoint to allow these routes to be dynamically negotiated with the client than to hard code them onto the equipment.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." |
|
Covenant
Premium,MVM
join:2003-07-01
England
2 edits | reply to aryoba
I am not quite sure I understand your question regarding static routing. At the customer's end, the static routing is limited to only the connection between the client and the next hop router, as the ISP could be doing all nat in their network, it's up to them how they implement their network. The reason dsl is called a dedicated service, is because the link between the dslam and the client is always up, unless the client turns off the modem, or there is a problem with the connection. That means that the services you are paying for are available, on demand, for example, in a ppp setup, your connection to the dslam is up, but you have been idle for 16 hours. To conserve ip addresses, memory and cpu utilization, the provider will release your ip address (if it is dynamically assigned), thus that ip address can be handed to another client. However, your connection is available, but you may need to negotiate another ip address. Normally this is done quite seamlessly. It doesn't matter whether the client has a static ip or not. Usually static addresses are associated with premium rates/pricing. In regards the "modems", the modem connection is only between the dslam and the client modem, and that is the physical connection. If an isp oversubscribes this, then they have a problem! Below are some links from cisco.com that cover dsl technology. There is a lot of info. The 2nd link may explain a bit about the client/dslam connection, and other links within the 3rd link will do so as well.
»www.cisco.com/cgi-bin/Support/br···es&f=988
»www.cisco.com/en/US/tech/tk175/t···d2.shtml
»www.cisco.com/cgi-bin/Support/br···all=true
As regards security, that is not an issue. Otherwise I would be stealing my neighbour's bandwith if they had xdsl.  |
|
Covenant
Premium,MVM
join:2003-07-01
England
| reply to aryoba
As an addendum, security (PPP) really came into its own during the growth of dialup. ISPs could allow users to dial in to a premium rate number/national number/local number then it became a free number for a monthly charge (note the evolution of dial up packages in the UK) and authenticate them via PPP. They did not have to spend any money or utilise any additional expertise to "activate" the line so to speak as happens in xdsl. They had a number of modems, and allowed users to dial into them and authenticate from ANY line.
Just a brief history about the nature of authentication in the UK but I do not know how comparable it is to the US.
By the way, I hope YOU will put all this info in a FAQ. |
|
aryoba
Premium,MVM
join:2002-08-22
2 edits | reply to Covenant
Unavailable Cisco links & Rolande "static routing"
said by Covenant :
Below are some links from cisco.com that cover dsl technology. There is a lot of info. The 2nd link may explain a bit about the client/dslam connection, and other links within the 3rd link will do so as well.
»www.cisco.com/cgi-bin/Support/br···es&f=988
»www.cisco.com/en/US/tech/tk175/t···d2.shtml
»www.cisco.com/cgi-bin/Support/br···all=true
Covenant,
Just to let you know that 1st and 3rd link require special (pay) CCO account, which is not available to everyone. Would you be kind enough to send the link without the requirement? ....
said by Covenant :
I am not quite sure I understand your question regarding static routing.
Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? .... |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| said by aryoba :
Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? ....
What do you need explained further? Static routing is how the Internet started until EGP and then BGP came along. The provider either configures a static route at the head end router pointing to a unique interface that can only be assigned to your circuit or they don't if your connection can't be uniquely isolated on an interface or if management of the static routes is too much of a headache for them.
You can't compare "dedicated" DSL service to "dedicated" point-to-point services like T-1, T-3 etc. They are apples and oranges for lack of a better analogy. The word dedicated means 2 different things in those configurations. In the DSL configuration, dedicated really means you don't have to dial-up to connect and send or receive data. The difference is that DSL is a physical connection from the DSLAM to your router, but it is a logical connection from the DSLAM to the ISP. There is no physical connection all the way from your router to the ISP's router. DSL is almost always delivered to the ISP's router as packet or cell switched data depending on the layer 2 backhaul protocol. The ISP pays to have a separate backhaul connection (usually ATM) into a DSL provider's network so that they can resell DSL connectivity to their own customers. The ISP doesn't necessarily own the DSLAM or the majority of the path the data flows through except for the link from the DSL provider's network into theirs. So, since the ISP is outsourcing or leasing the DSL services from a 3rd party, they have to control network admission from the DSL provider's network. Otherwise the potential is there that the DSL provider could misconfigure customers to use the wrong ISP and send traffic through their network that isn't being paid for.
OTOH, a T-1 or T-3 circuit is circuit switched or hardwired to a unique physical port or at least a logical port if it is delivered over SONET or muxed in some fashion. So a point-to-point circuit is a separate physical circuit path that is isolated and dedicated to only 1 customer's traffic and spans the full distance from your router to the ISP's router. There is no shared network medium in the middle, in the case of DSL provisioning.
When a customer's connection to the ISP can be physically separated or isolated from other customer's traffic, there is no need for authentication. At that point the ISP controls whether traffic will route to the customer's netblock or not. It is considered a true network to network connection and can't be hijacked unless someone broke into the customer's premises and used their network to access the circuit. With a point-to-point circuit both parties know where the circuit begins and ends and that no one else has access to utilize services on that circuit except for the customer who purchased the facilities.
--
Remember what they say: "There are 10 types of people in the world.. those who understand binary, and those who don't." |
|
Covenant
Premium,MVM
join:2003-07-01
England
| said by rolande :
said by aryoba :
Since Rolande was the one who originally sent info about "the static routing", perhaps Rolande would be kind enough to explain further? ....
What do you need explained further? Static routing is how the Internet started until EGP and then BGP came along. The provider either configures a static route at the head end router pointing to a unique interface that can only be assigned to your circuit or they don't if your connection can't be uniquely isolated on an interface or if management of the static routes is too much of a headache for them.
Yes but in the context of aryoba 's question, that is all irrelevant, as how the ISP handles its network is up to the ISP and nothing to do with the end user. I was talking about routing in the context of the end user, i.e. what is possible and the only thing the customer can do is set up a static route to the next hop router. That is why I did not comprehend where you were coming from, in the context of the customer. As regards the two different types of "dedicated service", its all semantics and to the end user, it does not matter as long as they have their "connection". If they want to get a "dedicated" T1 line or a "dedicated" xdsl line, that is up to them and the network designer/internet connectivity consultant who will assess their needs to see which solution better suits them.
Now aryoba , have we answered ALL of your questions?
PS. As regards the links, I will have a look for some that do not need CCO access when I get a chance. Did not realise it was needed as I was already logged on, DOH! |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to Covenant
DSL customers get both PPP and static IP
said by Covenant :
I am not quite sure I understand your question regarding static routing.
Covenant,
I think I understand your confusion. In the US, there is at least 1 ISP who sells DSL services to customers with features of static IP. In addition the ISP requires the customers to dial-in (via PPP) to the ISP router. Therefore this specific ISP employs PPP authentication for their static IP DSL customers.
If you wonder why the ISP would do such a thing; the reason may be from the ISP management point of view. The management may think to utilize PPP to all of their DSL customers (both the dynamic and the static customers) to simplify management. |
|
Covenant
Premium,MVM
join:2003-07-01
England
2 edits | said by aryoba :
I think I understand your confusion. In the US, there is at least 1 ISP who sells DSL services to customers with features of static IP. In addition the ISP requires the customers to dial-in (via PPP) to the ISP router. Therefore this specific ISP employs PPP authentication for their static IP DSL customers.
Ummm... no! My confusion arose because I could not see the relevance of the way an ISP's network is "routed" so to speak when dealing with a normal home user/business customers. The only people who might be interested in the way the network is setup are the potential resellers that the ISP is touting business for and HUGE corporations. The way the ISP deals with its routing is, to be blunt, none of the customers' concern. As far as the ISP goes, home user/business customers should be interested in their connectivity ONLY. I agree that this mentality sucks but I can see their point.
As regards static routing, its NOT FLEXIBLE and is HARD to manage as the network grows. If we did static routing, trouble would arise once we expand our network. That's why we have routing protocols.
said by aryoba :
The management may think to utilize PPP to all of their DSL customers (both the dynamic and the static customers) to simplify management.
Thanks for the information though!
DOH!
Forgot to include the links...
»www.cisco.com/pcgi-bin/Support/b···es&f=988
»www.cisco.com/pcgi-bin/Support/b···all=true |
|
