Re: Migrating from PPP to DHCPo82

[Mike <mike-nanog () tiedyenetworks com>]

MKS wrote:
> Hi list
>
> I work for an small ISP, which does traditional xDSL service with PPPoE.
> Currently we are in the process of migrating most of our customers to
> DHCP (some customers are getting new CPEs and some will be sw upgraded
> remotely ). It would be great if someone has the time to share their
> experience (on- or offline) from such a migration. Common pitfals and
> perhaps what whey would do differently "next time".
> I know that every network is different but I believe that there are
> some general concerns, specially around security of DHCP and security
> features for vendors around DHCP and DHCP snooping etc.
>
>   

We run PPPoE for the reasons that it's easier to manage and account for 
and does not rely on the middle layer for any security (implemented at 
the pppoe concentrator). There are also technical features we like, such 
as being able to route subnets easilly, and per-user filtering rules if 
necessary, as well as a high level of integration with radius that 
really makes things sing along.

A downside is rampant poor, non-compliant and downright buggy pppoe 
client implementations. It's gotten better over the years with more 
linux replacing other embedded development tool sets but still, it's 
downright criminal sometimes what that lower end consumer junk does in 
the field - and ALWAYS, being resolved by pulling the power and cycling 
it... <sigh>

I've recently implemented PPPoE Intermediate agent support as a patch 
against the opensource RP-PPPOE server software, along with 
documentation on integrating it with freeradius, and this enables you to 
ditch completely the username / password and just go with DSLAM port-id 
based authentication, reducing the strain on your support staff as end 
users forget or lose this otherwise most critical information. For 
anyone who cares, the code is on sourceforge -

http://ilc-ppp.sourceforge.net


Mike-