how-to block ads
|
aryoba
Premium,MVM
join:2002-08-22
|  reply to Covenant
For clarification
said by Covenant  :
Not to sound facetious, but as you pointed out *several* times to various problem posters that the best info to find as regards technologies or a Cisco product is the cisco website, please allow me to nudge you in the same way that you nudged them.
Covenant,
No need to apologize. You can nudge me anytime you like! .... 
Yes, I do like to be nudged by anybody. Sometimes I need a big slap behind my head for silly mistakes! ...
But the issue is not whether I don't understand PPP or not. The issue is that there are some ISPs employ PPP to dedicated connection services and some others are not; and I'd like to know why the differences. Moreover, I try to generate a new FAQ concerning this.
Now rolande had sent the closest response so far.
said by rolande :
Even though DSL is a dedicated connection it uses a shared head-end infrastructure which needs to be controlled with authentication.
So for the best (e.g. more secure) service, PPP is needed in DSL connection?
ISPs that do not employ PPP for DSL or T1 connections offer less security to the customer than ISPs that do employ? | |
gleirvik
join:2002-06-28
Norway
| said by rolande :
Even though DSL is a dedicated connection it uses a shared head-end infrastructure which needs to be controlled with authentication.
So for the best (e.g. more secure) service, PPP is needed in DSL connection?
ISPs that do not employ PPP for DSL or T1 connections offer less security to the customer than ISPs that do employ?
There are various implementations of DSL networks. Depending on how the network is architected you will or will not need further authentication.
In some cases the SP will have a dedicated end to end PVC (rare if at all seen for consumer services). It also depends how the SP handles IP addressing. For the benefit of the forum I will try to keep this short, while providing a quick review if the options and motivations for doing them and some issues.
RFC1483/2684 Multi Protocol over ATM - routed encapsulation
Used typically for business class services providing static IP addressing by direct configuration of routers (most often) Minimal overhead, still requires a lot of hands on to set up and provision. Requires a router/router functionality as CPE.
RFC1483/2684 Multiprotocol over ATM - bridged encapsulation
The first deployments of DSL where often solved in this way by simply creating a huge flat network with DHCP assigned addressing. As most other attempts to create big flat networks it failed and needed re-design. Since these networks always, at least initially, used modems that could do bridging and that alone. A patch for this has been to provide routers with Routing with Bridged Encapsulation (RBE) or Integrated Routing and Bridging (IRB). This has solved the multiuser issue but has not solved the basic architectural issues.
PPPoE Point to Point Protocol over Ethernet
This is the patch as provided by a some aggregation platform vendors most significantly Redback. By avoiding to replace the DSL modems already purchased and deployed this allowed to re-use the RFC1483/2684 infrastructure by adding an overhead layer. Authentication is one benefit, but also the ability to handle users leveraging the existing dial-infrastructure as the ISP can re-use the complete concept from the dial-in modem era. Also the PPPoE client on the PC also meant that the links would not be up at all times and could be centrally managed in such a way that the ISPs could save IP address space and the Access Service could also hand off to equal access ISPs using PPP mechanisms like L2TP allowing them to deal with addressing in an effective manner. This is the protocol with the most overhead and requires management of MTU sizes or mechanisms of handling the TCP streams to avoid attempts to overfill an ethernet frame payload with a maximum size PPP frame.
Routers typically do that job better than the PC as PC clients are nightmarish especially as the load could prevent certain business applications to work right.
Also routers with embedded modems can leverage a larger MTU possible on the ADSL/ATM network to avoid the overhead of fragmenting the data further. Authentication is generally always used between the PPPoE client (on PC or in router) to ensure some control over users and address management.
In Germany the Telco, Deutsche Telekom (yes, that is the correct spelling), even yanks the connection every few hours to conserve addresses.
PPPoA Point to Point Protocol over ATM
A more direct approach, enables linking QoS from IP more directly to ATM CoS and QoS. Used mostly for professional services for businesses has same benefits as PPPoE, but does not allow for simple modems, does however provide less overhead and no issues with MTU sizes and fragmentation. This approach also requires redesign from the initial RFC 1483 designs but provide a more "correct" and scaleable approach IMHO. Still the operations overhead is just as small as with PPPoE still support wise it is better with respect to not having to deal with PC client support and MTU issues. (with a PC PPPoE client MTU is usually no issue but that has other issues). This approach also allows for running multilink PPP between multiple DSL connection/interfaces. Also allows for L2TP handoff as with PPPoE.
For T1/E1/FR connection you will almost always have a point to point architecture delivering a fixed PVC end-to-end or as with T1 and E1 and non-switched path from end-to-end.
You can run PPP encapsulation over all these connections and it has benefits particularly with address negotiation, parameter exchange as well as authentication.
Authentication can be enabled also for these connection for two way authentication of the end-points and certainly has anti eves-dropping benefits. These connections are however much more expensive and most likely fewer than DSL connections as well as they have been deployed over more years. As such they did not have the same requirements on link security and trimmed operational expense as broadband connections. For added security signatures and encrypted tunnels can be enabled over all these links to optimize the security.
Rgds
Geir | |
|
