PPPoE vs. Bridged ADSL

[sean at donelan.com (Sean Donelan)]

On Thu, 29 Oct 2009, Frank Bulk - iName.com wrote:
> Others commented on things I already had in mind only the username/password
> thing of PPPoE.  We use the same username/pw on the modem as the customer
> users for their e-mail, so a password change necessitates a truck roll (I
> know, I know, TR-069).  We started with PPPoE for our FTTH, because we were
> familiar with it, but we moved over to a "VLAN per service" model which ends
> up something like RBE in function.  We can track customers based on the
> Option 82 info, so we're good to go in terms of tracking them.

You can have a "network username/password" for the customer different
from the mail and other application-layer username/password.   Some ISPs 
did that in the dial-up days, and also with PPPOx.  The network account 
information is configured in the dialer or router/modem; and most users 
never need to know the network-layer stuff.  The user can change their 
mail/application password (and use it for off-network access) without 
affecting their network-layer pasword.

The same network account may have multiple mail/application accounts 
associated with it. It also helps in the debate whether you store 
unreversable passwords or cleartext passwords for things like CHAP/PAP; 
need to split accounts because people change households; network 
re-architecture moves circuits around or users move and re-associating 
the connections with the correct accounts.  Yep, I sometimes found two 
households with swapped VPI/VCI, VLAN or PORT identifiers because 
someone/something made a data entry or circuit termination mistake.

I like a combination of 802.1x and Option 82 as way of cross-checking, 
and layer 2/3 anti-spoof protection.  I also like handling network things 
mostly at the network/hardware level, separate from the application layer 
identity so the user changes aren't affected.

But there are almost always multiple ways to solve a problem.