Summary
This chapter reviewed the access technologies and protocols for DSL, cable, and Ethernet broadband networks. Even though there are major differences in the physical network, at Layers 2 and 3, they are much more similar. There are, in effect, only so many ways to connect a broadband customer, and a solution must offer efficient mechanisms for authentication, accounting, routing, and so on. Bridged access is prevalent on cable and Ethernet. PPP is more common on DSL but is used on the other two access types, because they both have an Ethernet MAC layer.
Bridged access is very simple and cost effective. It takes advantage of the fact that everyone is using Ethernet these days, and the bridged CPE is as cheap as they come. DHCP is a tried and trusted mechanism for managing addresses dynamically, and there are some enhancements in Cisco IOS that let ISPs hand out individual addresses to subscribers as they connect, but announce aggregate routes over their core networks.
PPP is very complete and lets service providers centralize customer configuration in one place. When a subscriber connects using PPP, the aggregation router authenticates using RADIUS and retrieves the subscriber's configuration from the central server. Operationally, this is a huge advantage. PPP offers many different ways to manage addresses, but they can be summarized as either allocating single addresses to individual subscribers, or allocating blocks of addresses to aggregation routers.
Security is always a concern on bridged networks and there are different solutions found on the different types of broadband-access platforms. DSL really cheats a little, and RBE treats bridged subscribers as if they were on routed, point-to-point links. The advantage to doing this is that broadcast domains are not shared across multiple subscribers. Cable has a sophisticated Layer 1, called DOCSIS, as well as enhancements on the cable modem and CMTS that address the same problems. Finally, Ethernet has a lot more security mechanisms than people usually expect, and switches offer protection that helps against spoofing and DoS attacks. PPP security is less of a major issue because there is no concept of a shared broadcast domain that works against you.
Address management and routing are really similar across all the architectures. PPP and bridging use different control protocols to allocate addresses, but once they have done so, the same guideline applies: Summarize routes early.
End-to-end QoS is much easier to achieve using a bridged architecture. Layer 2 to Layer 3 QoS mapping is well understood, and some of the broadband networks have rich native QoS capabilities—DSL because of ATM, and cable with DOCSIS. By and large, aggregation routers also allow service providers to combine this with the full gamut of Layer 3 QoS. The net result is that broadband services can carry multiservice traffic, such as Voice over IP, correctly. QoS support is a weakness of the PPP architecture. Different, even dynamic, QoS profiles are supported on the aggregation router, but end-to-end QoS across the access network is very hard to achieve.
Chapter 3 moves from the access part of the network to the service end and looks at the three major types of VPN technology used with broadband access today: GRE, IPSec, and L2TP.