[89401] in North American Network Operators' Group
Re: Security problem in PPPoE connection
daemon@ATHENA.MIT.EDU (Matt Buford)
Mon Mar 13 17:48:22 2006
From: "Matt Buford" <matt@overloaded.net>
To: <nanog@merit.edu>, "Martin Hannigan" <hannigan@renesys.com>
Date: Mon, 13 Mar 2006 17:29:14 -0500
Errors-To: owner-nanog@merit.edu
From: "Martin Hannigan" <hannigan@renesys.com>
> As well, pvlans are prone to fail if not a forethought of architecture
> instead of
> an after effect. Trying to put legacy networks into a pvlan architecture
> is like
> putting square pegs in round holes.
>
> My experience has been pvlans cause more trouble than they are worth.
Could you elaborate on this a bit? My situation is different, as I am a
server hosting provider dealing with thousands of customer servers instead
of thousands of customer residential WAN links (and thus, no PPPoE), but so
far I've had good results with pvlans and local-proxy-arp. I've found it to
be almost a drop-in replacement for large VLANs, solving 95% of the standard
huge-l2-network issues with near-zero additional hassle.
Perhaps my different situation avoids whatever issues you ran into. I'm
just curious what sort of trouble you had just to make sure I avoid them
myself. I've already migrated thousands of customer servers to this over
the past few years, but I still have thousands to go. :)
