Tangled in the Threads

Jon Udell, October 27, 1999

Learning about PPPoE

Understanding the pros and cons of PPP over Ethernet

In the networking newsgroup, Randy Switt asked about the pros and cons of PPPoE:

A hot topic on my ADSL providers' (Bellsouth.net) support newsgroup right now is the possibility of switching from the straight DHCP setup we currently use to PPPoE using winPoET or something similar. I'm not sure I've really got a full grasp on what the pros and cons of PPPoE are and was wondering what the consensus was here. I'll keep my opinions to myself at first, so I don't contaminate the discussion, but I'd appreciate if comments would seperate supplier pros/cons from client pros/cons.

PPPoE? I had to admit that was the first I'd heard of it. One of the downsides to my otherwise idyllic smalltown New Hampshire lifestyle is that I'm still waiting for my DSL hookup. It's coming in November, my local ISP swears. But until then, I'm a spectator on the sidelines of the broadband game. Fortunately, I've got the BYTE newsgroups to help keep me up to speed on new developments like this one. Paul Dickins jumped in and explained:

First off, go to rfc2516.txt (I used ftp://ftp.isi.edu/in-notes/rfc2516.txt) and it was put forward by Redback Networks Inc., RouterWare Inc, and UUNET Technologies.

Redback and NTS have lots of info. NTS is interesting if one reads between the lines: http://www.nts.com/library/tlpppoe.html has a lot of information.

It's a differentiating mechanism allowing ISPs to support multiple users over xDSL lines. It has considerable overhead, is rather like Win2K in that it is in constant flux, and is proprietary at this time. The basic problem is the point to point relationship used that requires validation, unlike basic multipoint Ethernet. It removes the single point of access that was touted for xDSL and the bandwidth this promised. The Enternet Access Manager can be set to automatically connect at boot up. There is no automatic connection in the way DHCP works with the basic networking tools available to any modern operating system. PPPoE is a tool to enable the Telcos to sublease their lines to other ISPs who are then also required to use PPPoE. It's valid in that with more users the costs can fall and more people will join. Unfortunately, there are so many bugs that it has produced much dissatisfaction. If Bell Nexxia had had a real test area, they would have realised its shortcomings. Unfortunately, they tested a small area with Win98 and forgot what a lot of other users prefer to use.

Gotta love that instant knowledge transfer! Since I've got no relevant firsthand experience, I'm turning this week's column over to the newsgroup gang, who have contributed really thoughtful postings about PPPoE. Here's what emerged in the discussion:

Paul Dickins

If Bellsouth.net wishes to become another pariah it will continue with the deployment of PPPoE. In Ontario, Bell Nexxia, of BCE, has Sympatico HSE on Nortel IMegModem boxes. And has deployed PPPoE throughout Québec and nearly all of Toronto. You should hear the screams.

Prior to the Nortel use they had 2.2Mbit fixed IP access. Users still having that equipment keep it and dare not move house for fear of losing the speed of access. About CA$65/month.

Then, early '99 they brought in the Nortel which maxes out at 960Kbps. This was on DHCP, and was problematic when lease times sometimes dropped to hours, not days or half days. It was OK when one used sympatico.highspeed and found users with some experience to fork out info re proxies, etc. Gamers were happy with this service, but I used it for OS patches, and similar downloads and soccer news searching. Some people came over from cable (Rogers'@Home) because of block sync problems. But then. . .

. . . came the announcement that they would be implementing PPPoE with their Access Manager (a proprietary version of NTS Enternet, see below). They originally stated it was for our own benefit, as users would have easier and more reliable access. Today, anyone who can have cable is moving there or moving back. Even if cable is imperfect it has higher bandwidth. Users obtain much more than 30KBps which is the limit where Sympatico support says that one might have a problem. That is, 30K x 8 = 240Kbps, approx. This concerns their advertised 960Kbps related blurb that they mailed to everyone in Ontario. I have kept the leaflet to remind me never to trust an advertisement.

For information on HSE try http://SympaticoUsers.org/ for many users' experiences and ongoing trials, tribulations and software patches. Started by a responsible person who still has his 2.2 box.

Note the problems and fixes for users relying on Linux, NT4 (especially with multiple CPUs), Win3.1, Mac and Win98 with and without SE. Note also that Sygate, Wingate and other proxy software worked with DHCP but immediately gave problems with many people's systems when AM came in. I had no problem with Wingate, except for the cost. Why should I have to change proxies at my cost purely to use a system implemented for purely commercial reasons?

Bell is now subleasing its lines to companies. They will have to use NTS Enternet, putting their own name to it, to allow rental of Internet access. For an example go to http://www10.magma.ca/services/residential/highspeed/.

For information on the Redback SMS servers go to http://www.redback.com/products/sms_1000.html For Network TeleSystems go to http://www.nts.com/products/enternet_overvw.html

I eventually had to buy a USB hub, because of slot use in my Win98 system, so that I could regain HSE access. I had had xDSL access in Vancouver at 2.2Mbps on an NT4 Server. When I moved to Ottawa I put HSE with DHCP on the same system. After AM deployment, before the bugs were fixed wrt NTSPPP errors in the registry, I had to move to the Win98 box.

I had had Sygate working well. When AM came in Sygate promptly crashed NT or Win98 with lockups and BSDs ad nauseam. Wingate worked for me, not for others. WinPoET works sometimes. What is clear is that with the myriad machines out there, there is no consistency and one cannot depend on NTS to provide an adequately debugged software package. Linux users have had many problems, especially with regard to sharing over a LAN. Naturally, Sympatico does not support anything but a standalone box.

With the Rogers people offering free install it was a no-brainer for me to install it for my network. Now my NT Servers gain access through the original NT box and the Win98 sits on the LAN but feels slighted!! At least when one service fails the other one is normally up. And, it is very interesting comparing downloads. Neither is consistent and both have mail server snafus.

Sorry to be so verbose, but maybe this will help people to decide which service they should use. I would prefer xDSL if the service was DHCP and, with IPv6 on the horizon, maybe that's what will work. xDSL will not work with optical lines anywhere on the Telco, however.

Randy Switt

PPPoE stands for PPP over Ethernet. It allows authenticated sessions over a standard ethernet line. Logging on uses the same interface as dial-up uses, but obviously does not take as long to connect. Sessions are setup by third party software, most commonly WinPoet. Paul has already posted the source for the RFC. Currently Bellsouth is using ATM to the house, which is converted through a Alcatel 1000 modem/bridge to standard Ethernet. Connections are made via DHCP, and Bellsouth only delivers packets to NIC's with registered MAC numbers. These are Bellsouth's stated reasons for going to PPPoE:

On the user side:

  1. Preserves the PPP dial up "look and feel".
  2. Eliminates some broadcast network traffic.
  3. Eliminates sharing of LAN traffic (ie. appletalk, netbios broadcasts) between local users.
  4. Increases security through the authenticated connection to the Telco.
  5. Setup can be done by the customer.

    On the telco side:

    1. Allows use of existing Radius servers for authentication.
    2. Personnel already know how to manage the technology.
    3. Multiple services can be offered over PPPoE.
    4. Service can be metered and restricted to various performance points. So, the telco could set up separate cost points for:
      • limited connect time
      • 9-5 business service
      • high speed and lower speed connections on the same line using the same hardware
    5. Problems and abuses are easily tracked by authenticated session and username.

      I personally see a lot of holes in these arguments, but I was hoping someone w/ more experience could help me clarify some things.

Alan Shutko

> 1. Preserves the PPP dial up "look and feel". 

Why is this a good thing?

> 2. Eliminates some broadcast network traffic.  

Good point.

> 3. Eliminates sharing of LAN traffic (ie. appletalk, netbios broadcasts)
> between local users.  

Must make the telcos happy, since they'll take any chance they get to reduce customers ability to use what they provide.

> 4. Increases security through the authenticated connection to the
> Telco.  

Translate: Prevent unauthorized access for cheap, because they could still limit unauthorized access in other ways. I know, we did it on a university ethernet five years ago.

> 5. Setup can be done by the customer.  

Why would it be any easier than straight ethernet? You still have the hassle of hooking up your ethernet card, and once that's taken care of I don't know how anything could be easier than DHCP "Plug and go". (Gotta love DHCP... we need more of it. Really makes laptop use easy.)

> C. Multiple services can be offered over PPPoE. 

Right... and multiple services can't be offered over straight ethernet? It's such a shame that we've been so limited by the internet. Help, help, I feel repressed.

> E. Problems and abuses are easily tracked by authenticated session and
> username.

And now we get to the REAL reasons, which override any others, especially any reasons the customers would have. You know, I just don't trust phone companies anymore. They spend so much time making sure you're paying more while using their service less. Look at the disappearance of unlimited local calling, and the obscene prices around here for actually working phone service. (Sure, dial-tone is only $16 a month before taxes and tariffs, giving you the telco dream of a line you're paying for but can't use without paying MORE.)

I don't see any of these as compelling technically. We were tracking abuses and limiting unauthorized access for years without PPPoE. But as usual, the telcos are seeing their obscene profit margins start to narrow and need to find ways to do less and charge more.

Aside: when we were looking at mutual funds, we saw one composed 90% of telcos... highest growth and profits we saw.

Randy Switt

Actually, I don't mind the idea [of blocking shared LAN traffic], it eliminates some of the attempted hacking that can go on in a shared environment. BUT, you can still get hacked off the internet (unless BellSouth implements some kind of useful firewall, which is not likely, as right now they can't even get the cache servers to work correctly all the time), AND if you setup your LAN proxy correctly no extraneous traffice should be hitting the connection anyway. This is not simple, but then neither is setting up a LAN for connection sharing.

I'm not sure anybody knows what the potential for unauthorized access is on DSL right now since it is so new, and not very widespread. You are right, there are other ways of limiting access, and our university does some of them. I have yet to see a really elegant solution. I still like just registering MAC addresses, it seems the simplest, there's no bandwidth overhead, and no user intervention required. I don't know how easy it is to spoof a MAC address, though, and it does limit you to using one particular network card for the connection.

E doesn't bother me too much, and is the reason the BellSouth consultant probably favors PPPoE. D scares me though. I just want a data pipe to the house. Let me decide how I want to meter it, and use it internally. They already meter connection bandwidth externally with IFITL. (IFITL is integrated fiber in the loop. It is a similar service where copper lines are not available all the way to the CO, which ADSL requires. IFITL is basically 10base-FX, single mode, to your house then translated to 10baseT ethernet and throttled back to 1.2 Mbps to meet FCC tariffs. They are testing it in several areas of Atlanta and Miami. Several customers have reported 6-7 Mbps service until BS realized they had forgotten to throttle the connection back. Oh, to be in that situation!)

Keep us posted, Randy. And thanks, everyone, for the whirlwind tour! My own setup, when it comes, is going to be DHCP, so even then I probably won't confront the PPPoE choice anytime soon. It's great to know what's on the horizon, though. And it's so interesting to listen to users compare notes about the different varieties of broadband that are rolling out.

Jon Udell (http://udell.roninhouse.com/) was BYTE Magazine's executive editor for new media, the architect of the original www.byte.com, and author of BYTE's Web Project column. He's now an independent Web/Internet consultant, and is the author of Practical Internet Groupware, from from O'Reilly and Associates.

Creative Commons License
This work is licensed under a Creative Commons License.