Service provider experience has proven this to be true with Security issues and Distributed DOS attacks.
Best regards, Bill Welch -----Original Message----- From: Hannes Tschofenig [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 5:13 PM To: Bill Welch Cc: Alper Yegin; [EMAIL PROTECTED]; Internet Area Subject: Re: [Int-area] DCHP-based authentication for DSL? Nobody says that you have to apply QoS treatment and filters to the temporarily assigned address. Bill Welch wrote: > Alper, > > It's just a matter of resource management and managing state on the > BRAS/BNG. > > With PPPoE you have the following steps: > Authentication > Resource assignment (Address, QoS, filters) > > With PANA you have the following: > Temp resource assignment (Address, QoS, filters) > Authentication > Removal of temp resources (Address, QoS, filters) > Service resource assignment (Address, QoS, filters) > > > The Addresses, Qos and filters will not be the same for temp resource > assignment and Service resource assignment. > > Every login is four step process vs. a two step process and you have to > manage some type of token or identifier between the authentication and > service resource assignment. > > Best regards, > Bill Welch > > > > -----Original Message----- > From: Alper Yegin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 23, 2007 9:08 PM > To: [EMAIL PROTECTED]; Bill Welch > Cc: 'Internet Area' > Subject: RE: [Int-area] DCHP-based authentication for DSL? > > > I think we need to understand this a bit better, as now we are talking > about > implementation optimizations. > > >> The fact that the BRAS/IP Edge equipment in this case do not have >> to "distribute" a full subscriber IP state in the BRAS until the >> subscriber is okay, is a big advantage to the subscriber bring up >> > rate. > > How is the situation different if you were using PANA? > > >> Having a solution that assigns a temporary address or uses a link >> > local > >> address complicates the implementation and does not mirror the >> > existing > >> PPPoE solution. >> > > Can you please expand on the complication part? Please note that the IP > address configured prior to subscriber authentication is not the > "service IP > address". > > Also, even with DHCPv6, the client is already configured with a > link-local > IPv6 address prior to sending the very first DHCPv6 message. > > Alper > > > > > > _______________________________________________ > Int-area mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/int-area > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
