[123449] in North American Network Operators' Group
PPP+RADIUS - routing subnets to end users - Framed-Route vs.
daemon@ATHENA.MIT.EDU (Erik L)
Mon Mar 8 18:11:13 2010
From: Erik L <erik_list@caneris.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 8 Mar 2010 18:10:28 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Scenario: with the help of RADIUS, routing subnets to end users connecting =
via PPP.
Discussion: pros/cons of using Framed-IP-Address+Framed-Route versus Framed=
-IP-Address+Framed-IP-Netmask.
We're talking here in generic terms, so as far as the behaviour of the LNS =
or access concentrator or whatever else is receiving the Access-Accept and =
terminating the ppp session, we're assuming more or less sane behaviour, ro=
ughly as follows. In the first alternative, the IP address on the ppp link =
is outside the subnet indicated by Framed-Route and one or more subnets are=
routed via the link; one such subnet per Framed-Route attrib. In the secon=
d alternative, the one subnet routed is that which contains the Framed-IP-A=
ddress and is as large as the Framed-IP-Netmask indicates.=20
I'm arguing to a colleague that the first alternative is "better", non-/32 =
netmasks on a ppp link make no sense (since netmasks on point-to-point link=
s don't matter anyway), that the second alternative doesn't allow users to =
make use of their allocated space as easily and effectively as the first al=
ternative, and that the second alternative is limited to routing one subnet=
(though you might be able to mix Framed-IP-Netmask and Framed-Route togeth=
er?).=20
Comments? How are others doing it and why?
Erik
