Hi Ewan, > On 13/09/2017, at 3:53 PM, Ewen McNeill <nz...@ewen.mcneill.gen.nz> wrote: > > A client had a (business) customer switch over to UFB and needed assistance > reconfiguring the (Mikrotik) router being attached to the ONT -- it turned > out whoever first set up the Mikrotik (sensibly) assumed it'd be seeing IP > packets over VLAN 10, but actually the ISP required IP packets over PPPoE > over VLAN 10 in order for it to work. > > Looking around it appears this client's customer's ISP isn't the only one > that is requiring PPPoE over VLAN tagging over Ethernet for their UFB > connections. Is there a reason other than "let's make everything look like > 1990s dialup so it works with our legacy equipment" for the bit/CPE CPU > overhead of PPPoE on UFB, including imposing the lowered usable MTU and PMTU > discovery headaches on the end user? > > The only one that really comes to mind is "user/password authentication" > (rather than needing to collect CPE MAC addresses which seems to happen with, > eg, Vodafone cable/FibreX). But it's not clear to me why, eg, 802.1X isn't > used for the user/password authentication in that case; or DHCP with some > extension to pass a "secret" identifier. 20-bytes-per-packet-forever seems a > large overhead to pay for user/password authentication at CPE power on.... > (Maybe in the beginning there's "lack of CPE support" -- but we're a few > years into the UFB rollout, and lots of ISPs seem to be supplying their own > ISP-badged CPEs anyway, which could presumably implement whatever was needed.)
That’s not how it works in either PPPoE or IPoE for either UFB or EUBA products. In both EUBA and UFB, Chorus or the LFC inserts a headers in to the DHCP or PPPoE messages that convey the Circuit ID and Remote ID. Remote ID is the most commonly used for authentication and corresponds to a provider reference number (ASID in Chorus world, for example). Almost no providers use the PPPoE username/password authentication stuff. No providers I’m aware of use MAC address authentication. PPPoE’s benefit is LCP keepalives for fast failover. Without them, you need a BNG system that either: a) has low DHCP timers, or; b) has BFD /similar and you have CPE that support it, or; c) has state syncing with another box ..or you forego fast failover times. Even with low DHCP timers you’re going to get 5 mins or so failover times if you lose a BNG. I prefer to use IPoE and deal with the above issues, as I agree, it’s better. Not everyone makes the same value judgement though, and that’s fine. -- Nathan Ward. _______________________________________________ NZNOG mailing list NZNOG@list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog
