Bill, Thank you for your response. Sorry about the latency of mine.
> It's just a matter of resource management and managing state on the > BRAS/BNG. > > With PPPoE you have the following steps: > Authentication > Resource assignment (Address, QoS, filters) > > With PANA you have the following: 1.> Temp resource assignment (Address, QoS, filters) 2.> Authentication 3.> Removal of temp resources (Address, QoS, filters) 4.> Service resource assignment (Address, QoS, filters) Regarding step 1: As other folks have said, some preconfigured QoS and filters can be applied to the PANA exchange. And the same needs to be done even if you were using EAP/DHCP. The DHCP packets need to be exposed to some QoS and filter rules prior to successful authentication. Regarding step 3: If we apply preconfigured rules to pre-auth traffic (e.g., allow only PANA with QoS ....), not sure if you need to remove anything. > The Addresses, Qos and filters will not be the same for temp resource > assignment and Service resource assignment. Right. > Every login is four step process vs. a two step process and you have to > manage some type of token or identifier between the authentication and > service resource assignment. If you are talking about what identifier can tie PANA authentication to DHCP configuration, that can be either the MAC address or the IP address. Alper > > Best regards, > Bill Welch > > > > -----Original Message----- > From: Alper Yegin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 23, 2007 9:08 PM > To: [EMAIL PROTECTED]; Bill Welch > Cc: 'Internet Area' > Subject: RE: [Int-area] DCHP-based authentication for DSL? > > > I think we need to understand this a bit better, as now we are talking > about > implementation optimizations. > > > The fact that the BRAS/IP Edge equipment in this case do not have > > to "distribute" a full subscriber IP state in the BRAS until the > > subscriber is okay, is a big advantage to the subscriber bring up > rate. > > How is the situation different if you were using PANA? > > > Having a solution that assigns a temporary address or uses a link > local > > address complicates the implementation and does not mirror the > existing > > PPPoE solution. > > Can you please expand on the complication part? Please note that the IP > address configured prior to subscriber authentication is not the > "service IP > address". > > Also, even with DHCPv6, the client is already configured with a > link-local > IPv6 address prior to sending the very first DHCPv6 message. > > Alper > > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
