Alper, We are starting to get into specific QoS and filter implementations.
But BRAS/BNG has limits on the amount and type of QOS and filter resources available. We strive to support the same number of subscribers with DHCP as we do with PPP. It will be difficult to reach this goal if the authentication models are different between PPP and DHCP. Pre configured or dynamic the QOS and filter resources will get used. And yes your observation is correct, the DHCP auth solution with EAP has the same issues. Best regards, Bill Welch -----Original Message----- From: Alper Yegin [mailto:[EMAIL PROTECTED] Sent: Sunday, October 28, 2007 6:45 PM To: Bill Welch; [EMAIL PROTECTED] Cc: 'Internet Area' Subject: RE: [Int-area] DCHP-based authentication for DSL? Bill, Thank you for your response. Sorry about the latency of mine. > It's just a matter of resource management and managing state on the > BRAS/BNG. > > With PPPoE you have the following steps: > Authentication > Resource assignment (Address, QoS, filters) > > With PANA you have the following: 1.> Temp resource assignment (Address, QoS, filters) 2.> Authentication 3.> Removal of temp resources (Address, QoS, filters) 4.> Service resource assignment (Address, QoS, filters) Regarding step 1: As other folks have said, some preconfigured QoS and filters can be applied to the PANA exchange. And the same needs to be done even if you were using EAP/DHCP. The DHCP packets need to be exposed to some QoS and filter rules prior to successful authentication. Regarding step 3: If we apply preconfigured rules to pre-auth traffic (e.g., allow only PANA with QoS ....), not sure if you need to remove anything. > The Addresses, Qos and filters will not be the same for temp resource > assignment and Service resource assignment. Right. > Every login is four step process vs. a two step process and you have to > manage some type of token or identifier between the authentication and > service resource assignment. If you are talking about what identifier can tie PANA authentication to DHCP configuration, that can be either the MAC address or the IP address. Alper > > Best regards, > Bill Welch > > > > -----Original Message----- > From: Alper Yegin [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 23, 2007 9:08 PM > To: [EMAIL PROTECTED]; Bill Welch > Cc: 'Internet Area' > Subject: RE: [Int-area] DCHP-based authentication for DSL? > > > I think we need to understand this a bit better, as now we are talking > about > implementation optimizations. > > > The fact that the BRAS/IP Edge equipment in this case do not have > > to "distribute" a full subscriber IP state in the BRAS until the > > subscriber is okay, is a big advantage to the subscriber bring up > rate. > > How is the situation different if you were using PANA? > > > Having a solution that assigns a temporary address or uses a link > local > > address complicates the implementation and does not mirror the > existing > > PPPoE solution. > > Can you please expand on the complication part? Please note that the IP > address configured prior to subscriber authentication is not the > "service IP > address". > > Also, even with DHCPv6, the client is already configured with a > link-local > IPv6 address prior to sending the very first DHCPv6 message. > > Alper > > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
