[168889] in North American Network Operators' Group
Re: SIP on FTTH systems
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Thu Feb 6 08:00:52 2014
Date: Thu, 6 Feb 2014 13:58:14 +0100 (CET)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Mark Tinka <mark.tinka@seacom.mu>
In-Reply-To: <201402061442.43036.mark.tinka@seacom.mu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, 6 Feb 2014, Mark Tinka wrote:
> End user authentication and management typically being done via PPPoE
> because that was the best and most secure way to manage customer
> connections (for some operators, still is).
Why do you need to authenticate the customer? Don't your documentation
system know the port/subscriber mapping? And why is this secure, instead
of being tied to a physical connection the customer can now take the
credentials and move? If the credentials are stolen, someone else can
impersonate that customer.
> By DHCP I mean an alternative to PPPoE-based authentication where Option
> 82 and friends can allow service providers to authenticate customers
> based on AN port, MAC address, VLAN ID, e.t.c., instead of
> username/password a la PPPoE. This gets passed as part of initial DHCP
> transactions.
This worked 10 years ago, it's nothing recent.
> Rethinking your comment (because I thought you meant DHCP as the way to
> go for subscriber management when you debunked PPPoE) I'm guessing you
> refer to simply assigning IP addresses to customer interfaces in FTTH
> scenarios? No?
Yes? Since option 82 and friends gives you what port the DHCP request came
in on, you now log IP/MAC connected to a port, and since you know to what
apartment/house this port is physically connected to, nothing more is
needed.
--
Mikael Abrahamsson email: swmike@swm.pp.se
