From owner-freebsd-net@FreeBSD.ORG Wed Jun 27 12:28:38 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D71F916A400; Wed, 27 Jun 2007 12:28:38 +0000 (UTC) (envelope-from ovi@unixservers.us) Received: from www.unixservers.us (unixware.iasi.rdsnet.ro [86.124.41.195]) by mx1.freebsd.org (Postfix) with ESMTP id F1A8113C46C; Wed, 27 Jun 2007 12:28:37 +0000 (UTC) (envelope-from ovi@unixservers.us) Received: from [10.0.0.14] (unknown [10.0.0.14]) (Authenticated sender: ovi@unixservers.us) by www.unixservers.us (Postfix) with ESMTP id 57D048FC08; Wed, 27 Jun 2007 15:31:53 +0300 (EEST) Message-ID: <46825855.6090908@unixservers.us> Date: Wed, 27 Jun 2007 15:30:13 +0300 From: Ovi User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alexander Motin References: <468135BF.8010407@freebsd.org> <20070626214936.GC79335@zone3000.net> <4681A062.9040009@freebsd.org> <468245F8.1090709@unixservers.us> <46825347.1030206@freebsd.org> In-Reply-To: <46825347.1030206@freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org Subject: Re: Mpd-4.2 released. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 12:28:38 -0000 Dear Alexander Thank yoo for your email, it is very interesting. I am not very familiar with BGP (but I will learn), my question is: did you use multiple pppoe servers with different subnet for every pppoe server, or you have high availability with every serverer giving IPs from the same pool of addresses. I am using Radius, and I would like to have configured the pppoe servers the same way, so if I would need more power, I would add another server, that would offer pppoe connections from the same pool, using the same radius server as everyone. I think if bgp sessions are estabilished between router and pppoe servers, every pppoe server would have his own subnet of addresses to give to users, which is not good, it will be interesting every pppoe server to accept all users. So not have pppoeserve1 for 100 customers, pppoeserv2 for another 100 customers and so on. The second issue I've encountered , on my setup I've connected router to two pppoe servers, and on pppoe servers decond network card of both pppoe servers was connected to our LAN. Because all users from lan already have setup pppoe on their workstations, I wanted to transparently for them make this system work. So, I setup both pppoe servers with the same name (same hostname), and also the service name is *. Still the load is not balanced, most of the users connect to one server, and only few of them to the other. It is a posibility that the fastest pppoe server who answer to establish the connection with user? I've searched a lot for those issues, I did not found much information on the Internet, maybe you know some resources for me to study. Thank you Best regards, Ovidiu Alexander Motin wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Ovi wrote: > > >>Also as you know >>PPPoE is vulnerable to arp poisoning and to DoSs. Having a small network >>with 10-20 computers using mpd is easy, but having 2000 users or more, >>things changes, problems appears. Solving arp poisoning or DoS attack >>(sometimes caused by a burned switch port which mixes RX with TX) I >>thing can be done using a Layer2 managed switch, with ACLs, I will try >>and I'll inform you. >> >> > >Even if pppoe have some DoS weaknesses it also have some protection >mechanisms against it. It's a pity but ng_pppoe originally implements >protocol in a way which does not allow this protection to be effectively >used. > >As I have told 4.2 release contains overload protection which should >also help against DoS attacks. I am not sure it will be able to handle >100Mbit/s flood of PADI requests from broken switch, but should avoid >mpd freeze in such case. > > > >>When having many users, it is useful to have high availability, so it >>would be nice and useful to setup multiple pppoe servers . I've tried >>that, using a router, connected >>to 2 pppoe servers, and at every pppoe connection, a route was added to >>the router and when user disconnected, the route was deleted from >>router. This is still a buggy implementation, we had problems messing >>up routing table. >> >> > >Having several PPPoE servers in one segment is a normal solution >protocol. It is not so efficient now as it could be due to ng_pppoe >implementation problem I have told, but it still should increase >performance and stability. > >What is about routing problems, you just should find good dynamic >routing solution. I have successfully working network with hundred PPPoE >servers and many thousands of users with routing successfully managed by >quagga bgp. > >- -- >Alexander Motin >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.7 (FreeBSD) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQFGglNH0kCgngV3usoRAoANAJ9k2lRBnR8VtWu4pm1BhiQKwrimuQCgkTEE >oY83aUVdgXzPITM/ea4cTK8= >=Sk3P >-----END PGP SIGNATURE----- >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > >