Wednesday, December 31, 2008

PPPoE vs. DHCP for Internet Access

Requirements

The requirements for Internet connectivity management are broadly speaking as follows.

• CPE authentication and authorisation.
• Allocation of system parameters (DNS, local gateway addresses; STB/SIP configuration).
• IP address allocation and lease management.
• Session management (VC set-up, integrity, tear-down; QoS and service management).
• Recording of time-connected and bytes-transmitted for billing.

Point-to-Point Protocol over Ethernet (PPPoE)

Coming from an established protocol family, PPPoE makes certain things easy.

• Username/password authentication using PAP/CHAP/EAP.
• Allocation of IP address, e.g. from RADIUS.
• The establishment of a virtual circuit with session-id, providing fine-grained link management.
• Easy to apply lawful intercept.

The disadvantages are:

• Maintenance of substantial per-session state at the BRAS/Broadband Network Gateway (BNG).
• Difficulties of rapid failover (given this state).
• Needs additional and more sophisticated protocols for service management and configuration.

DHCP

DHCP is more lightweight and is a more natural fit to Ethernet access networks. It also provides more sophisticated mechanisms for IP address assignment and device configuration.

Circuit authentication can be implemented via DHCP option 82 where the CPE attached-circuit identifier (at the DSLAM or Ethernet Aggregation Switch - EAS) is sent to the DHCP server. This is better than trusting the MAC. An alternative is to use the combination of CPE VLAN tag + EAS stacked VLAN tag if these also uniquely identify the CPE.

An issue with DHCP is the lack of a convenient session ‘keep-alive’ mechanism. PPP has echo-request/echo-reply protocol units exchanged when data is not being sent. This can swiftly indicate if a circuit has failed, or if the user has disconnected – important information both for service management and billing.

Although not part of the PPP protocol, a BRAS/BNG will typically report to the RADIUS server both time-connected and bytes-transferred at session disconnect. This cannot be achieved purely by DHCP (the IP address lease mechanism is far too coarse-grained). Alternative mechanisms such as the persistent web-page/captive-portal concept of public WiFi networks have to be employed, at least until a suitable mechanism for DHCP is standardised.

Conclusion

PPP excels at session authentication and management, at the expense of costly and cumbersome state management in the BRAS/BNG.

DHCP is considerably lighter-weight and more powerful from a service configuration and management point of view, but requires the integration of additional protocols for authentication and fine-grained session management.