Pekka Savola wrote, around 6/10/07 5:32 AM:
On Fri, 5 Oct 2007, Maglione Roberta wrote:
As a Service Provider I can say that architecture considerations done
in DSLF are mainly driven by the evolution of the already deployed
solutions for IP Sessions: infect in order to gradually migrate from
PPP based to IP based Sessions many SP's today already use a naïf
form of identification/authentication based on line ID carried on
DHCP w/option 82. Using DHCP w/option 82 as credential for
authentication lacks in flexibility because line ID is automatically
inserted by the Access Node and restricts the authentication to the
DSL Line so it does not allow performing authentication based on
username and password, ...
One thing has been bugging me for a while. Why exactly is
username/password authentication useful in this context?
In some cases it's probably worthwhile to tie some special
configuration (e.g., if the customer has a fixed IP address [can also
be achieved in DHCP server configs] or an associated static route --
these are mainly for power users, SOHOs and SMEs) to the specific
customer. Line identification is in many cases sufficient here.
However one potential advantage is that with user/pass auth the user
could take his DSL modem, plug it in to some other part of the network
and get his personal configuration with no config changes at the ISP end.
But at least so far (e.g., with ATM based DSL systems) I've seen that
such transparent moving doesn't work as the ISPs need to configure
something (not sure what exactly) on their systems in any case. So,
unless technology has changed so that transparent moving can be
supported without config changes, it's not clear how much user vs line
identification matters.
Because probably 95% or 99% of customers have no special
configuration, i.e., every bulk user is configured the same way I see
little reason why username/password authentication would be useful. It
seems to mostly be a relic of the old "PPP" based thinking.
Am I missing something?
It's a good question and for many SP's the line id mechanisms like
Option 82 marking in DHCP coupled to AAA seem enough, we are seeing two
cases where it is not:
a) Very large existing SP's would like to move to Ethernet from PPPoA
and PPPoE. They have huge customer bases with order entry, billing,
help desks and all the procedure of established telecommunications
geared to delivering service against the username and password. In
currently a minority of cases line ID is used as well, often with
different services against different usernames/passwords to provide
differentiated services to the same physical site.
b) In countries with innovative models between the layer 3 service
provider and the customer, or more ah hoc, chaotic business
relationships, between central telco's and local connectivity providers,
no meaningfully secure knowledge of the access line is possible. We see
this out of predominantly but not exclusively China and India.
Do not knock PPP so readily, it brought us through dial and there are
around 100 million DSL customers using it today. I have been looking at
replacing all the things it does in ethernet networks for four years and
I have grown to respect how much PPP does and does very simply and well
coupled! This great little protocol has been morphed from dial, across
as a muxing solution from multiple links between providers and how we
have learnt to scale it or possibly how it was designed well enough to
scale for 64K subscribers in a single device with the control plane CPU
probably equivalent to next years cell phones. I actually find it a
profound pity it has become the whipping dog of the IETF crowd and view
as old fashioned in SP's today.
- Ric
------------------------------------------------------------------------
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
