I’m managing a network with over 2000 PPPoE users and I’m looking for the best VLAN design practice to handle this load efficiently. I want to ensure smooth data transfer and avoid performance issues.
My questions are:
How many VLANs should I use to manage more than 2000 PPPoE users?
Should I split users across multiple VLANs? If yes, how many users per VLAN is recommended?
Are there any best practices for scaling PPPoE over VLANs in a large network?
Any advice or shared experience would be greatly appreciated. Thank you!
If you decided to use VLANs, then use one VLAN per PPPoE user. You can use 4094 VLANs.
I wouldn’t configure that many PPPoE servers on a single device though. Max sustainable number depends on particular device type and max rate per user, probably a few hundred users per (powerful) device is reallistic maximum. And that if you have other devices to do routing and firewalling.
[]
I’m managing a network with over 2000 PPPoE users and I’m looking for the best VLAN design practice to handle this load efficiently.
[]
let us go back to basics…
a vlan means a broadcast domain.
a broadcast domain means a subnet.
a subnet means user class. ie. Marketing, sales, support etc. gold silver bronze etc.
a user class means routing, filters and control etc.
[]
I want to ensure smooth data transfer and avoid performance issues.
[]
smooth transfer or user experience means bandwidth available.
bandwidth available means backbone, routers, switch, wired, wireless capacities.
capacities means market.
market means ideal pricing.
ideal pricing means all of the above combined and then put them into oss/bss.
Depends on network topology
I’m a fan of not having separate VLANs at all and instead using port isolation / split horizon if possible. This greatly simplifies the configuration and visual clutter at the PPPoE server, as you can just using a single VLAN/interface to handle all PPPoE customers
If you’re using someone else’s transit network and they hand off to you as individual VLANs per customer, well you don’t have much choice but to create them all in the PPPoE server/router. I would still a single bridge interface for the PPPoE service (or multiple for different VLAN ranges if you have a need for different types of services, i.e. fixed plan speeds and they’re not set by the RADIUS server). And bridge all the VLANs but use horizon=5 to prevent cross talk at layer2
If you’re talking about a network you own and it spans out across i.e. several radio links. Then you definitely don’t want to ‘extend’ a VLAN out from server to customer. As packet loss will result in significant losses. At that point you want a routed network and can either do PPPoE closest to the customer, or use something like VPLS
Too little information and too many assumptions to give you anything other than broad ideas
Since a few RouterOS versions you don’t need to create the individual VLAN interfaces on the router for the PPPoE Server anymore There is the new parameter pppoe-over-vlan-range that allows you to specify multiple ranges of VLAN IDs. Only one PPPoE Server instance and one ethernet interface is needed.
This setting allows a PPPoE server to operate over 802.1Q VLANs. By default, a PPPoE server only accepts untagged packets on its interface. However, in scenarios where clients are on separate VLANs, instead of creating multiple 802.1Q VLAN interfaces and bridging them together or configuring individual PPPoE servers for each VLAN, you can specify the necessary VLANs directly in the PPPoE server settings.
When you specify the VLAN IDs, the PPPoE server will accept 802.1Q tagged packets from clients, and it will reply using the same VLAN. You then have an option to accept or drop untagged PPoE clients on the same interface using the accept-untagged property.
The pppoe-over-vlan-range setting can be applied to both CVLAN and SVLAN interfaces, enabling the QinQ setups as well. See the use-service-tag=yes option on a VLAN interface. But keep in mind that the inner VLAN tag should be 802.1Q.
The setting supports a range of VLAN IDs, as well as individual VLANs specified using comma-separated values. For example: pppoe-over-vlan-range=100-115,120,122,128-130.
2000 users on any router is a lot of users.
Little math here → ( 2000-users x 25-Meg-User-Bandwidth-Peak-Usage-Hours) x 75-Percent-of-active-users )
That’s a heck of a lot of bandwidth for a single router.
I would break it up into multiple routers ( about 4 or 8 or more ) , and use 40-Gig or 100-Gig uplinks to my switches.
fyi :
at my ISP with about 2000 customers ,
I don’t use PPPoE because of the high CPU cost on PPPoE routers
Instead , I use use MAC address authentication to authenticate my customers
I also use about a dozen vlans total , one vlan to a geographical locations where many customers are located.
in wholesale FTTH residential (different countries) nowadays i dont see more than 5mbps average peak bandwidth: 2.000 subscribers will be equal or less than 10gbps total peak bandwidth
anyway, 10gbps of PPPoE is not so simple to provide from a single machine, i think at least fast-track will be mandatory
It would be easy to add more routers and/or CHR instances. The PADO delay parameter can be used to help load balance
In your PPPoE profile, add something like the following to the On Up and On Down script sections
:local srvname "PPPoE_RouterX"
:local srv [/int pppoe-server server find where service-name=$srvname]
:if ([/int pppoe-server server get $srv pado-delay] = 0) do={/int pppoe-server server set $srv pado-delay=500} else={/int pppoe-server server set $srv pado-delay=0};
This way whenever the server accepts or disconnects a PPPoE connection, it will toggle its delay setting which would allow another server to respond to the next request
Poor mans way of load balancing and still having reliability if the others go down. Just send all connections to all PPPoE servers on the same bridge (don’t forget split horizon to prevent cross talk)
