PPPoE and termination

Hi All,

I’m looking into the best ways to assign an end user a static IP or even a block of static IPs that still allows us some control over their settings. Just giving them an IP to use on a /24 isn’t much of an option. I like using PPP and radius and I think PPPoE would be the best way to achieve some control over the user’s config and connection from a centralized network. All of our user and admin traffic is back hauled to our core facility and routed there so I’m looking to come up with our own termination hardware for those few we do PPPoE with. The rest are bridged DHCP users with the SM doing NAT. It wouldn’t be more than a handful but, as with all ISPs, it could grow and I want to try to take that into account. As always, money is something that we need to try not to spend too much of so I’d love to know if anyone else has come up with a cheap or homebrew method for terminating these connections. On the users side, I’m toying with using a buffalo router/wireless gateway that will do pppoe with the SM as a bridge.

What are some of the ISPs out there doing? What solutions and implementations have you come up with?

PPPoE is wonderful fun. I don’t think I can speak directly to what you’re trying to accomplish, but on the ‘growth’ side I can say that the magic is in planning and switching. Get used to having a lot of VLANs - the best way to make PPPoE work is to plan out Layer 2 isolation between everything. For us this means port-based VLANs on CMMs, CPE isolation in APs, separate PPPoE VLANs per tower. With our SMs in bridge mode we allow our customers to connect directly to the network and get a /32 when they sign in with their username. Even in the loosest configuration, our subscribers can talk only to the PPPoE router at the head end. One of the radios we use in our network goes so far as allowing us to apply filters at the ethernet ingress to only allow PPPoE frames. So you can see the obvious immediate security and stability benefits.

If you’re just starting to play around, though, a lot of people are running MikroTik as PPPoE routers. This software is available for the x86 platform so you could toss it on a spare server. I’m not sure if it supports RADIUS attributes for an assigned subnet or not. I am pretty confident, though, that no PPPoE client implementations support being passed a routed subnet for an internal interface, so you’d need to send out routers instead of letting folks connect directly. Anything that can have NAT disabled should do the trick. I think those Buffalo units support DD-WRT… big thumbs up on DD-WRT.