Data over ADSL Bridging

Adsl Atm Interface Cisco

• Subscriber Ethernet traffic is bridged over ATM using ATM Adaptation Layer 5 (AAL5).

• All subscribers are in the same broadcast domain (this is bridging).

• Bridged traffic can be routed via the BVI interface at the aggregation router.

• The BVI IP address is the end user's PCs default gateway.

• Bridging does not scale well.

• Subscriber Ethernet traffic is bridged over ATM using ATM Adaptation Layer 5 (AAL5).

• All subscribers are in the same broadcast domain (this is bridging).

• Bridged traffic can be routed via the BVI interface at the aggregation router.

• The BVI IP address is the end user's PCs default gateway.

• Bridging does not scale well.

© 2004 Cisco Systems, Ir

DSL is a high-speed Layer 1 transmission technology that works over copper wires. ATM is used as the data-link layer protocol over DSL.

A DSLAM is basically an ATM switch containing DSL interface cards. The DSL Layer 1 connection from the CPE is terminated at the DSLAM. The DSLAM terminates the ADSL connections, then switches the traffic over an ATM network to an aggregation router. For example, the Cisco 6160 DSLAM has an OC-3 ATM uplink and can terminate up to 256 DSL subscriber lines.

There are three major approaches to encapsulating an IP packet over an ATM/DSL connection: ■ RFC 1483/2684 Bridged PPPoE PPPoA

RFC 1483/2684 describes two methods for carrying the traffic over an ATM network. These methods are routed and bridged protocol data units (PDUs). This topic examines only the bridged method.

Using RFC 1483 Bridging, the ADSL CPE is bridging the Ethernet frame from the PC of the end user to the aggregation router (this process will be similar in PPPoE).

At the aggregation router, integrated routing and bridging (IRB) can be used to provide the ability to route between a bridge group and a routed interface using a concept called Bridge-Group Virtual Interface (BVI). The BVI, a virtual interface within the router, acts like a normal routed interface that does not support bridging, but represents the corresponding bridge group to routed interfaces within the router.

Some of the advantages of bridging are as follows:

Bridging is simple to understand and to implement because there are no complex issues of routing, authentication requirements for users, and so forth.

■ The CPE in bridge mode acts as a dumb device and does not require any routing functionalities.

■ Troubleshooting is minimal because whatever comes in from the Ethernet side passes (bridged) over to the ATM WAN side.

■ Bridging architecture is easy to install because of its simple nature.

■ Bridging is ideal for single-user Internet access, because the CPE acts as a set-top box. There is no complex troubleshooting required for upper-layer protocols and there is no requirement for additional client software installation on the end-user PCs.

Some of the disadvantages of bridging are as follows:

■ Bridging depends heavily on broadcasts to establish connectivity.

■ Bridging broadcasts to thousands of users and is inherently unscalable. It consumes bandwidth across the xDSL loop of users and requires resources at the headend router to replicate packets for the broadcast over a point-to-point (ATM permanent virtual circuit [PVC]) medium.

Bridging is inherently insecure and requires a trusted environment because Address Resolution Protocol (ARP) replies can be spoofed and a network address can be hijacked.

Broadcast attacks can be initiated on the local subnet, which will deny service to all members of the local subnet.

IP address hijacking is possible in a bridge environment.

In a bridged environment, a DHCP server located at the service provider traditionally allocates IP addresses to the end-user PC. The BVI IP address is the end-user PCs default gateway.

Certain Internet service providers (ISPs) have used an approach of providing illegal IP addresses to their subscribers and then performing Network Address Translation (NAT) at the service provider aggregation router. However, this approach does not scale very well as the number of subscribers increases because the large number of address translations tax the processing power and memory requirements of the router.

RFC 1483 Bridging is more suitable for smaller ISPs or corporate access, where scalability does not become an issue. RFC1483 Bridging has become the choice of many smaller ISPs because it is very simple to understand and implement. However, security and scalability issues are causing bridging architecture to lose its popularity.

ISPs are now opting for PPPoA or PPPoE, which are more scalable and much more secure than bridging, but are more complex and not very easy to implement.

Data over ADSL: PPPoE

Pppoe And Bridge Mode Architecture

Either workstation has special PPPoE Client software loaded or the CPE device can be configured to act as the PPPoE Client.

© 2004 Cisco Systems, In

PPPoE is also a bridged solution, similar to RFC 1483/2684 Bridging. As with RFC 1483/2684 Bridging, the CPE is bridging the Ethernet frames from the PC of the end user to an aggregation router over ATM. But in this case, the Ethernet frame is carrying a PPP frame inside it. The PPP session is established between the end-user PC (the PPPoE client) and the aggregation router.

In the PPPoE architecture, the PC of the end user runs the PPPoE client software to connect to the ADSL service. The PPPoE client software first encapsulates the end-user data into a PPP frame, and then the PPP frame is further encapsulated inside an Ethernet frame. The IP address allocation for the PPPoE client is based on the same principle as PPP in dial mode, which is via IP Control Protocol (IPCP) negotiation, with Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) authentication. The aggregation router that authenticates the users can use either a local database on the aggregation router or a RADIUS (authentication, authorization, and accounting [AAA]) server.

PPPoE provides the ability to connect a network of hosts over a simple bridging CPE to an aggregation router. With this model, a host uses its own PPP stack and the user is presented with a familiar user interface (using the PPPoE client software) similar to establishing a dialup connection. Unlike PPPoA, access control, billing, and type of service can be controlled on a per-user, rather than a per-site, basis.

Note If supporting end-user PPPoE client software is undesirable, then CPE such as the Cisco

827 router can be configured as the PPPoE client. In this case, the Cisco 827 router acts as a router rather than as a simple bridge. It can also act as the DHCP server and use NAT/Port Address Translation (PAT) to allow multiple users behind the router to connect to the service providers using a single ADSL connection and a single PPP username and password.

Note If an external ADSL modem is used, a Cisco 806 router can be used behind the ADSL

modem, and the Cisco 806 router can be configured as the PPPoE client. The Cisco 806 router can also act as the DHCP server and use NAT/PAT to allow multiple users behind the router to connect to the service providers using a single ADSL connection and a single PPP username and password.

Data over ADSL: PPPoE (Cont.)

PPP session is from the end user PC to the aggregation router. Subscriber PC IP address assigned by the aggregation router via IPCP.

ISP.'Col> Ho irier

flggresanw Rflutur

CPE (Budgmgl

PACK

CSL AW

CPE (Budgmgl

CSL AW

PADO

---r

PADR

PADS [Session ID*

1-

LCPJ1PCP

-h

© 2004 Cisco Systems, Inc. All rights re

PPP normally works over a point-to-point connection only. Additional enhancements to PPP were needed to support PPP over an Ethernet multiaccess environment.

As specified in RFC 2516, PPPoE has two distinct stages, a discovery stage and a PPP session stage.

When the discovery stage is complete, both PPPoE peers know the PPPoE session ID and the other Ethernet address of the peer, which together uniquely define the PPPoE session. There are four steps to the discovery stage:

Step 1 The PPPoE client (end-user PC) broadcasts a PPPoE Active Discovery Initiation (PADI) packet.

Step 2 The PPPoE server (aggregation router) sends a PPPoE Active Discovery Offer (PADO) packet.

Step 3 The PPPoE client sends a unicast PPPoE Active Discovery Request (PADR) packet to the PPPoE server.

Step 4 The PPPoE server sends a PPPoE Active Discovery Session-Confirmation (PADS) packet.

PPP then goes through the normal link control protocol (LCP) and Network Control Protocol (NCP)-(IPCP) process.

When a host initiates a PPPoE session, it must first perform discovery to identify which PPPoE server can meet the client request. Then, the host must identify the Ethernet MAC address of the peer and establish a PPPoE session ID. Although PPP defines a peer-to-peer relationship, discovery is inherently a client-server relationship. In the discovery process, a host (the PPPoE client) discovers an aggregation router (the PPPoE server).

There may be more than one PPPoE server that the host (the PPPoE client) can communicate with, based on the network topology. The discovery stage allows the host to discover all PPPoE servers and then select one.

When discovery has been completed successfully, both the host and the selected PPPoE server have the information they will use to build their point-to-point connection over the Ethernet. After the PPPoE session begins, PPP goes through the normal LCP and NCP (IPCP) process.

A PPPoE Active Discovery Terminate (PADT) packet may be sent anytime after a session has been established to indicate that a PPPoE session has been terminated. Either the host or the PPPoE server may send it.

For more information on the PPPoE specification, refer to RFC 2516.

Note As per RFC 2516, the maximum-receive-unit (MRU) option must not be negotiated to a size larger than 1492 bytes, because Ethernet has a maximum payload size of 1500 octets. The PPPoE header is 6 octets and the PPP protocol ID is 2 octets, so the PPP MTU must not be greater than (1500 - 8) 1492 bytes.

Data over ADSL: PPPoA

Çtico-oom iSPiCorp Rduftr iSPiCorp Rduftr

• PPP session is from the CPE to the aggregation router.

• CPE receives an IP address via IPCP like the dial model.

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—4-12

PPPoA is a routed solution, unlike RFC 1483 Bridged and PPPoE, where the CPE is set up as a bridge. With PPPoA, the CPE is routing the packets from the PC of the end user over ATM to an aggregation router. The PPP session is established between the CPE and the aggregation router. Unlike PPPoE, PPPoA does not require a host-based software.

The CPE device must have a PPP username and password configured for authentication to the aggregation router that terminates the PPP session from the CPE. The aggregation router that authenticates the users can either use a local database on the aggregation router or a RADIUS (AAA) Server. The PPPoA session authentication can be based on PAP or CHAP. After the PPP username and password have been authenticated, IPCP negotiation takes place and the IP address is assigned to the CPE. After the IP address has been assigned, a host route is established both on the CPE and the aggregation router. The aggregation router must assign only one IP address to the CPE, and the CPE can be configured as a DHCP server and use NAT/PAT to support multiple hosts connected via Ethernet behind the CPE.

Was this article helpful?

+1 0

Post a comment