From owner-freebsd-isp  Thu Jul 25 12:10:41 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6293037B401
	for <freebsd-isp@FreeBSD.ORG>; Thu, 25 Jul 2002 12:10:38 -0700 (PDT)
Received: from wow.atlasta.net (wow.atlasta.net [12.129.13.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AA44343E42
	for <freebsd-isp@FreeBSD.ORG>; Thu, 25 Jul 2002 12:10:37 -0700 (PDT)
	(envelope-from drais@wow.atlasta.net)
Received: from wow.atlasta.net (localhost.atlasta.net [127.0.0.1])
	by wow.atlasta.net (8.12.2/8.12.2) with ESMTP id g6PJAbdO064188;
	Thu, 25 Jul 2002 12:10:37 -0700 (PDT)
Received: from localhost (drais@localhost)
	by wow.atlasta.net (8.12.2/8.12.2/Submit) with ESMTP id g6PJAbOh064185;
	Thu, 25 Jul 2002 12:10:37 -0700 (PDT)
Date: Thu, 25 Jul 2002 12:10:37 -0700 (PDT)
From: David Raistrick <drais@wow.atlasta.net>
To: Mark Koskenmaki <bsdlists@nwbombers.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: PPPoE
In-Reply-To: <Pine.BSF.4.21.0207251153360.60869-100000@wow.atlasta.net>
Message-ID: <Pine.BSF.4.21.0207251205200.60869-100000@wow.atlasta.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

On Thu, 25 Jul 2002, David Raistrick wrote:

> On Thu, 25 Jul 2002, Mark Koskenmaki wrote:
> > Or, via a VPN.   I have just never seen a VPN,  but believed they put quite
> > a bit of extra overhead on the network, reducing throughput.
> > 
> > Now, am I shooting in the dark here, or what???

And just to follow up on my own post...

I assume you're an ISP.  In such a situation, as long as you're not
selling your service as "secure" or anything..PPPoE should be fine.  It's
no more or less secure then anything ELSE on the internet, but does let
you run your equipment in an unnumbered subnet to prevent access to your
devices...including gateways.

It CAN be spoofed, and it CAN be listened to....but so can telnet, pop3,
http...If your customer needs/wants a secure connection (either to your CO
or to another company), then sell them a strong encryption VPN
solution.  For everyone else, sell them easily-authenticated service.

Hell, you can even sell by-the-seat to companies if things are configured
right.  (though when I designed a wireless network to do this, we were
using a much less common wireless product....virtual aDSL almost. rfc1483
split horizon issues can be used to ones advantage.:)




---
david raistrick
drais@atlasta.net		http://www.expita.com/nomime.html



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message