Doubt about PPPoE Local Address

ibm · November 20, 2014, 10:37am

Hi,
I’ve a PPPoE server on a CCR, the accounting is done by userman.
There are 3 subnet to assing:
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
For each user I put a new entry on userman choosing one address from one of the 3 subnets.
My doubt is what address do I have to put in the field Local Address of PPP Profile?

ibm · November 20, 2014, 6:27pm

Nobody?

NathanA · November 21, 2014, 1:06am

Put in whatever you want the PPP server to use for its side of the PPP tunnel. It can be a single address or an IP pool.

– Nathan

ibm · November 21, 2014, 7:46am

Why use an IP pool for the local address?
I think that a pool can be inserted in the remote address.
So what is the role of local address and why the address is not mandatory in the same subnet of peer connected?

NathanA · November 21, 2014, 2:13pm

You don’t have to; I was just explaining what the software allows for you to put in that field. Unless you are going to use RFC1918 space for the local address, it’s probably recommended that you don’t use a pool.

There has to be an IP address assigned to either end of the tunnel in order for each host to know how to send traffic to the other host. Basic IP networking 101. PPP is [P]oint-to-[P]oint [P]rotocol, so there is no such thing as “broadcast” traffic, and thus “subnets” are a non-sequitur with a PPP connection. This isn’t like Ethernet. There are no broadcast domains, no hardware IDs, and thus no IP-to-MAC resolution (ARP). That stuff all acts as glue between L2 and L3 in the world of Ethernet, but with PPP, you don’t need any of that, because only 2 hosts exist in a PPP session. The L2/L3 glue with PPP is simply IPCP, and during IPCP negotiation, each end of the PPP tunnel tells the other end what IP address it is going to use. When the PPP tunnel comes up on each end, a connected route is added to the local routing table that causes that host to send traffic to the other host’s IP via the tunnel. These IP addresses are host addresses – /32 – and it doesn’t matter if they are “adjacent” (whatever that means) IP addresses or not.

– Nathan

ibm · November 21, 2014, 4:04pm

NathanA:

ibm:

Why use an IP pool for the local address?

You don’t have to; I was just explaining what the software allows for you to put in that field. Unless you are going to use RFC1918 space for the local address, it’s probably recommended that you don’t use a pool.

ibm:

So what is the role of local address and why the address is not mandatory in the same subnet of peer connected?

There has to be an IP address assigned to either end of the tunnel in order for each host to know how to send traffic to the other host. Basic IP networking 101. PPP is [P]oint-to-[P]oint [P]rotocol, so there is no such thing as “broadcast” traffic, and thus “subnets” are a non-sequitur with a PPP connection. This isn’t like Ethernet. There are no broadcast domains, no hardware IDs, and thus no IP-to-MAC resolution (ARP). That stuff all acts as glue between L2 and L3 in the world of Ethernet, but with PPP, you don’t need any of that, because only 2 hosts exist in a PPP session. The L2/L3 glue with PPP is simply IPCP, and during IPCP negotiation, each end of the PPP tunnel tells the other end what IP address it is going to use. When the PPP tunnel comes up on each end, a connected route is added to the local routing table that causes that host to send traffic to the other host’s IP via the tunnel. These IP addresses are host addresses – /32 – and it doesn’t matter if they are “adjacent” (whatever that means) IP addresses or not.

– Nathan

Thanks a lot

marklodge · June 20, 2020, 10:05pm

Unless you are going to use RFC1918 space for the local address, it’s probably recommended that you don’t use a pool.

Could you please give me some reasons or standard/“good” practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening on each router. Is it fine if all of the local ip address of each pppoe server is 10.0.0.1?
Also what misconfigurations are there to look out for when setting this?
What is the advantage of using a pool of private IPs as the local ip?

mducharme · June 20, 2020, 11:57pm

The local address should be any IP that the router has bound to it. It doesn’t matter which IP it is for PPPoE. It does matter for other protocols like L2TP because in that case if you use the VPN IP as the local IP, you can get a recursive routing problem where it tries to send the L2TP packets themselves over the VPN, causing the VPN link to flap continuously. As a result, if you are running L2TP, you should choose any IP other than the VPN IP as the local IP. This issue will not occur with PPPoE because it works over Layer 2 directly, not Layer 3.
I don’t see any advantage to using a pool of private IPs as the local IP, honestly - it just wastes IPs unnecessarily.

marklodge · June 23, 2020, 2:19am

Could you please give me some reasons or standard/“good” practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening on each router. Is it fine if all of the local ip address of each pppoe server is 10.0.0.1?
Also what misconfigurations are there to look out for when setting this?

What is the advantage of using a pool of private IPs as the local ip?

The local address should be any IP that the router has bound to it. It doesn’t matter which IP it is for PPPoE. It does matter for other protocols like L2TP because in that case if you use the VPN IP as the local IP, you can get a recursive routing problem where it tries to send the L2TP packets themselves over the VPN, causing the VPN link to flap continuously. As a result, if you are running L2TP, you should choose any IP other than the VPN IP as the local IP. This issue will not occur with PPPoE because it works over Layer 2 directly, not Layer 3.

I don’t see any advantage to using a pool of private IPs as the local IP, honestly - it just wastes IPs unnecessarily.

Thank you very much for your excellent advice.
Should the IP address chosen be added to an interface on the router?
For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it?

I have noticed some configs doing the above. Any advantage to this?

mducharme · June 26, 2020, 4:49am

You should use an IP address that your router has on some interface, but it doesn’t matter which interface it is.

CZFan · June 27, 2020, 10:11pm

Having a problem at a customer of mine, where say for example one of there links drops, with about 100 PPPoE users behind that, the PPPoE AC drops ALL PPPoE users

So my question is, must the local address be attached to a physical / virtual interface?

The way I have it, is all PPPoE come into bridge, no IP assigned to that bridge, but as soon as the first PPPoE customer comes up, PPPoE AC dynamily assigns the local IP

CZFan · June 30, 2020, 10:12am

Sorry, don’t think I was clear in my question, what I meant to ask was:

So my question is, must the local address be “static” configured to a physical / virtual interface?

Todd2 · June 30, 2020, 11:32am

Thanks. Would try this.

marklodge · June 30, 2020, 2:01pm

This is my question too.

mducharme · June 30, 2020, 10:10pm

I would not use a dynamic IP for it of course (because how are you going to automatically change it in the PPP Profile if it changes?), so yes it should be a static IP that the router has on any interface. The IP could be on either a virtual interface (ex. loopback bridge) or a physical one.

The bridge or interface that is listening for PPPoE generally should not have an IP on it for security reasons, otherwise somebody might give themselves a static IP on that subnet to get online without having to use PPPoE.

mducharme · June 30, 2020, 11:10pm

This issue is most likely either caused by the presence of a masquerade rule, or OSPF not set up with a stub area and area range for PPPoE.

CZFan · July 1, 2020, 9:57pm

Thx @mducharme
PPPOE terminates on a central AC, so OSPF is not causing multiple lines going down, so can’t be that.
Also only static src/dst NAT rules, no masquerade

The symptoms are CPE sends numerous echo request to PPPoE AC, the AC sends out echo reply 85 seconds after receiving first echo request, but by then the CPE has sent out a termination request
It seems the CCR can’t handle disconnects of approx 100 CPE’s, this disconnect process takes so long that it can’t reply to other echo request in good time, and then each and every CPE gets disconnected
Once they all (950 of them) are disconnected, they connect within seconds again and stay up
So it looks like bad coding or bug in the PPPoE disconnect process that keeps AC very busy, but can’t see this in CPU profile, during this time it happens, a CPU might jump to 80% but only for a max of a second! not longer
So I am grabbing at straws at the moment as I don’t know where else to look into to resolve

akshark · April 19, 2023, 2:22pm

I am sorry to revive a old post, but i had a question related to local and remote addresses.

If we have the below subnets given to us

Customer IPv4: 192.168.110.42/30 
Customer IPv4: 192.168.210.42/30

When setting up the PPP secret for L2TP using ipsec, i see that we have two fields for addresses Local Address and Remote Address. I have currently set

Local address: 192.168.110.109
Remote address: 192.168.110.100

When the VPN connection is established. I see that my client machine gets IP address “192.168.110.100”. Although this is not from the range if IPs we have based on the above subnet information. What does Local an Remote address mean here, what are the valid values we can use here? and if the IP addresses are not in range of subnets why is the VPN connection working.