Page 1 of 1

Doubt about PPPoE Local Address

Posted: Thu Nov 20, 2014 12:37 pm
by ibm
Hi,
I've a PPPoE server on a CCR, the accounting is done by userman.
There are 3 subnet to assing:
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
For each user I put a new entry on userman choosing one address from one of the 3 subnets.
My doubt is what address do I have to put in the field Local Address of PPP Profile?

Re: Doubt about PPPoE Local Address

Posted: Thu Nov 20, 2014 8:27 pm
by ibm
Nobody?

Re: Doubt about PPPoE Local Address

Posted: Fri Nov 21, 2014 3:06 am
by NathanA
Put in whatever you want the PPP server to use for its side of the PPP tunnel. It can be a single address or an IP pool.

-- Nathan

Re: Doubt about PPPoE Local Address

Posted: Fri Nov 21, 2014 9:46 am
by ibm
Why use an IP pool for the local address?
I think that a pool can be inserted in the remote address.
So what is the role of local address and why the address is not mandatory in the same subnet of peer connected?

Re: Doubt about PPPoE Local Address

Posted: Fri Nov 21, 2014 4:13 pm
by NathanA
Why use an IP pool for the local address?
You don't have to; I was just explaining what the software allows for you to put in that field. Unless you are going to use RFC1918 space for the local address, it's probably recommended that you don't use a pool.
So what is the role of local address and why the address is not mandatory in the same subnet of peer connected?
There has to be an IP address assigned to either end of the tunnel in order for each host to know how to send traffic to the other host. Basic IP networking 101. PPP is [P]oint-to-[P]oint [P]rotocol, so there is no such thing as "broadcast" traffic, and thus "subnets" are a non-sequitur with a PPP connection. This isn't like Ethernet. There are no broadcast domains, no hardware IDs, and thus no IP-to-MAC resolution (ARP). That stuff all acts as glue between L2 and L3 in the world of Ethernet, but with PPP, you don't need any of that, because only 2 hosts exist in a PPP session. The L2/L3 glue with PPP is simply IPCP, and during IPCP negotiation, each end of the PPP tunnel tells the other end what IP address it is going to use. When the PPP tunnel comes up on each end, a connected route is added to the local routing table that causes that host to send traffic to the other host's IP via the tunnel. These IP addresses are host addresses -- /32 -- and it doesn't matter if they are "adjacent" (whatever that means) IP addresses or not.

-- Nathan

Re: Doubt about PPPoE Local Address

Posted: Fri Nov 21, 2014 6:04 pm
by ibm
Why use an IP pool for the local address?
You don't have to; I was just explaining what the software allows for you to put in that field. Unless you are going to use RFC1918 space for the local address, it's probably recommended that you don't use a pool.
So what is the role of local address and why the address is not mandatory in the same subnet of peer connected?
There has to be an IP address assigned to either end of the tunnel in order for each host to know how to send traffic to the other host. Basic IP networking 101. PPP is [P]oint-to-[P]oint [P]rotocol, so there is no such thing as "broadcast" traffic, and thus "subnets" are a non-sequitur with a PPP connection. This isn't like Ethernet. There are no broadcast domains, no hardware IDs, and thus no IP-to-MAC resolution (ARP). That stuff all acts as glue between L2 and L3 in the world of Ethernet, but with PPP, you don't need any of that, because only 2 hosts exist in a PPP session. The L2/L3 glue with PPP is simply IPCP, and during IPCP negotiation, each end of the PPP tunnel tells the other end what IP address it is going to use. When the PPP tunnel comes up on each end, a connected route is added to the local routing table that causes that host to send traffic to the other host's IP via the tunnel. These IP addresses are host addresses -- /32 -- and it doesn't matter if they are "adjacent" (whatever that means) IP addresses or not.

-- Nathan
Thanks a lot

Re: Doubt about PPPoE Local Address

Posted: Sun Jun 21, 2020 1:05 am
by marklodge
Unless you are going to use RFC1918 space for the local address, it's probably recommended that you don't use a pool.

1. Could you please give me some reasons or standard/"good" practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening on each router. Is it fine if all of the local ip address of each pppoe server is 10.0.0.1?
Also what misconfigurations are there to look out for when setting this?

2. What is the advantage of using a pool of private IPs as the local ip?

Re: Doubt about PPPoE Local Address

Posted: Sun Jun 21, 2020 2:57 am
by mducharme
1. Could you please give me some reasons or standard/"good" practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening on each router. Is it fine if all of the local ip address of each pppoe server is 10.0.0.1?
Also what misconfigurations are there to look out for when setting this?

2. What is the advantage of using a pool of private IPs as the local ip?
1. The local address should be any IP that the router has bound to it. It doesn't matter which IP it is for PPPoE. It does matter for other protocols like L2TP because in that case if you use the VPN IP as the local IP, you can get a recursive routing problem where it tries to send the L2TP packets themselves over the VPN, causing the VPN link to flap continuously. As a result, if you are running L2TP, you should choose any IP other than the VPN IP as the local IP. This issue will not occur with PPPoE because it works over Layer 2 directly, not Layer 3.
2. I don't see any advantage to using a pool of private IPs as the local IP, honestly - it just wastes IPs unnecessarily.

Re: Doubt about PPPoE Local Address

Posted: Tue Jun 23, 2020 5:19 am
by marklodge
1. Could you please give me some reasons or standard/"good" practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening on each router. Is it fine if all of the local ip address of each pppoe server is 10.0.0.1?
Also what misconfigurations are there to look out for when setting this?

2. What is the advantage of using a pool of private IPs as the local ip?
1. The local address should be any IP that the router has bound to it. It doesn't matter which IP it is for PPPoE. It does matter for other protocols like L2TP because in that case if you use the VPN IP as the local IP, you can get a recursive routing problem where it tries to send the L2TP packets themselves over the VPN, causing the VPN link to flap continuously. As a result, if you are running L2TP, you should choose any IP other than the VPN IP as the local IP. This issue will not occur with PPPoE because it works over Layer 2 directly, not Layer 3.
2. I don't see any advantage to using a pool of private IPs as the local IP, honestly - it just wastes IPs unnecessarily.
Thank you very much for your excellent advice.
Should the IP address chosen be added to an interface on the router?
For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it?

I have noticed some configs doing the above. Any advantage to this?

Re: Doubt about PPPoE Local Address

Posted: Fri Jun 26, 2020 7:49 am
by mducharme
Thank you very much for your excellent advice.
Should the IP address chosen be added to an interface on the router?
For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it?
You should use an IP address that your router has on some interface, but it doesn't matter which interface it is.

Re: Doubt about PPPoE Local Address

Posted: Sun Jun 28, 2020 1:11 am
by CZFan
Thank you very much for your excellent advice.
Should the IP address chosen be added to an interface on the router?
For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it?
You should use an IP address that your router has on some interface, but it doesn't matter which interface it is.

Having a problem at a customer of mine, where say for example one of there links drops, with about 100 PPPoE users behind that, the PPPoE AC drops ALL PPPoE users

So my question is, must the local address be attached to a physical / virtual interface?

The way I have it, is all PPPoE come into bridge, no IP assigned to that bridge, but as soon as the first PPPoE customer comes up, PPPoE AC dynamily assigns the local IP

Re: Doubt about PPPoE Local Address

Posted: Tue Jun 30, 2020 1:12 pm
by CZFan
..
So my question is, must the local address be attached to a physical / virtual interface?
...
Sorry, don't think I was clear in my question, what I meant to ask was:

So my question is, must the local address be "static" configured to a physical / virtual interface?

Re: Doubt about PPPoE Local Address

Posted: Tue Jun 30, 2020 2:32 pm
by Todd2
Thank you very much for your excellent advice.
Should the IP address chosen be added to an interface on the router?
For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it?
You should use an IP address that your router has on some interface, but it doesn't matter which interface it is.
Thanks. Would try this.

Re: Doubt about PPPoE Local Address

Posted: Tue Jun 30, 2020 5:01 pm
by marklodge
..
So my question is, must the local address be attached to a physical / virtual interface?
...
Sorry, don't think I was clear in my question, what I meant to ask was:

So my question is, must the local address be "static" configured to a physical / virtual interface?
This is my question too.

Re: Doubt about PPPoE Local Address

Posted: Wed Jul 01, 2020 1:10 am
by mducharme
So my question is, must the local address be "static" configured to a physical / virtual interface?
I would not use a dynamic IP for it of course (because how are you going to automatically change it in the PPP Profile if it changes?), so yes it should be a static IP that the router has on any interface. The IP could be on either a virtual interface (ex. loopback bridge) or a physical one.

The bridge or interface that is listening for PPPoE generally should not have an IP on it for security reasons, otherwise somebody might give themselves a static IP on that subnet to get online without having to use PPPoE.

Re: Doubt about PPPoE Local Address

Posted: Wed Jul 01, 2020 2:10 am
by mducharme
Having a problem at a customer of mine, where say for example one of there links drops, with about 100 PPPoE users behind that, the PPPoE AC drops ALL PPPoE users
This issue is most likely either caused by the presence of a masquerade rule, or OSPF not set up with a stub area and area range for PPPoE.

Re: Doubt about PPPoE Local Address

Posted: Thu Jul 02, 2020 12:57 am
by CZFan
Thx @mducharme
PPPOE terminates on a central AC, so OSPF is not causing multiple lines going down, so can't be that.
Also only static src/dst NAT rules, no masquerade

The symptoms are CPE sends numerous echo request to PPPoE AC, the AC sends out echo reply 85 seconds after receiving first echo request, but by then the CPE has sent out a termination request
It seems the CCR can't handle disconnects of approx 100 CPE's, this disconnect process takes so long that it can't reply to other echo request in good time, and then each and every CPE gets disconnected
Once they all (950 of them) are disconnected, they connect within seconds again and stay up
So it looks like bad coding or bug in the PPPoE disconnect process that keeps AC very busy, but can't see this in CPU profile, during this time it happens, a CPU might jump to 80% but only for a max of a second! not longer
So I am grabbing at straws at the moment as I don't know where else to look into to resolve