PPPoEBroadcast Control User Authentication Speed Control Accounting

What is PPPoE?

Point to Point Protocol over Ethernet Specification is RFC-2516 From the specification: It (PPPoE) is intended to be used with broadband remote access technologies that provide a bridged Ethernet topology, when access providers wish to maintain the session abstraction associated with PPP. PPP (Point to Point Protocol) is traditionally used on serial links things like modems, T1s, DS3s, etc. PPPoE adapts the PPP protocol to a broadcast medium (Ethernet). Makes available all the tools used for managing dialup users to the broadband provider.

Advantages to using PPPoE

Reduces broadcast traffic on the network. Adds privacy customers can not talk directly to each other only through gateway. Access control customers must authenticate before being allowed online. Accounting easy to track customer use, many options for billing. Speed control set upload/download rates With some creative networking can be used to send late or nonpaying customers to a pay up page more on this later. Scales well - can handle thousands of users.

Who uses PPPoE?

Nearly all DSL service is provisioned as PPPoE (or its close cousin PPPoA) Why?

PPPoE facilitates multiple providers sharing a single physical network. PPPoE works closely with the RADIUS protocol (an Authentication Protocol we will cover shortly). PPPoE allows a user to specify a username, a password, and a service name (for selecting the service provider you wish to use). The service name is used to route the authentication request to the correct providers RADIUS server for authentication.

Disadvantages to PPPoE

Requires a broadcast domain between the client and server. Not supported directly on Windows prior to Windows XP. Requires (buggy) 3rd party software for 95, 98, NT, 2000, ME Some customers dislike the dialup feel of a PPPoE connection. There are a few poor PPPoE client implementations in consumer routers they either fail to connect or retry extremely rapidly. PPPoE uses overhead in the packet of 8 bytes the maximum packet content is reduced from 1500 to 1492 octets. This causes problems for sites with broken PMTUD (discussed shortly) PPPoE is not good on marginal links it takes the server and client some time to figure out a link has failed and to establish a new connection (read this as marginal 900Mhz links that renegotiate).

Broadcast Traffic

Broadcast traffic can be the bane of the wireless ISP. It wastes bandwidth and broadcast storms can bring the network to a halt. PPPoE helps to eliminate the broadcast storms. PPPoE uses a (very large) broadcast packet to locate the PPPoE server. The server and client must be on a broadcast domain it wont work through a router. Possible ways to do this:

Small PPPoE server at each tower. Central PPPoE server, entire network one broadcast domain. Central PPPoE server, VLANS to each tower or AP.

Canopy SMs can be set to only allow PPPoE traffic.

Privacy

PPPoE can lightly encrypt the traffic between the client and the server providing some (very weak) protection against eavesdropping. Blocking everything other than PPPoE at the SM prevents Windows customers from seeing each other in Network Neighborhood. Yes you really can and should click All IPv4, ARP, and All others in the Packet Filter Configuration. This prevents anything other than PPPoE from getting through.

Access Control and Accounting

Authentication can either be done at the PPPoE server or using an external RADIUS server. Local authentication checks the user against a database at the PPPoE server. RADIUS (Remote Authentication Dial In User Service) was developed to authenticate dialup users. RADIUS is in widespread usage and can easily be modified to support additional capabilities. RADIUS can be used to set nearly every aspect of a PPPoE session ie. IP Address, DNS servers, Filters, Rate Limits, Time Limits, Transfer Limits, etc. RADIUS servers can proxy requests to other RADIUS servers this makes roaming possible.

Access Control and Accounting

PPPoE and RADIUS are your hook into many of the tools that have been developed by and for ISPs to allow them to control and bill users. The PPPoE server reports to the RADIUS server the details of a connection at termination (or periodically if configured) including time online, number of packets, etc. Parsing the RADIUS accounting data is a basic function of any of the dedicated ISP billing software packages Billmax, Rodopi, Platypus, Freeside, etc. This allows you to bill based on usage if so desired. Some billing packages can enforce usage limits as well if needed (shut off the user, restrict speeds or take other action).

Fri Jan 12 20:10:37 2007 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port-Id = 5702 NAS-Port-Type = 15 User-Name = "toledohealth-sm" Calling-Station-Id = "00:0F:66:39:D9:3D" Called-Station-Id = "pppoe" Attr-87 = "ether2" Acct-Session-Id = "81700f93" Framed-IP-Address = 64.246.97.246 Acct-Authentic = RADIUS Acct-Session-Time = 86288 Acct-Input-Octets = 5492944 Attr-52 = "\000\000\000" Acct-Input-Packets = 55159 Acct-Output-Octets = 56887685 Attr-53 = "\000\000\000" Acct-Output-Packets = 75482 Acct-Status-Type = Stop Acct-Terminate-Cause = User-Request NAS-Identifier = "MikroTik" NAS-IP-Address = 64.246.96.225 Acct-Delay-Time = 0 Client-IP-Address = 64.246.96.225 Realm = "NULL" Timestamp = 1168650637 Request-Authenticator = Verified

Sample Radius User Entriesmark Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 1.2.3.4,