[c-nsp] ADSL Bridging over Ethernet

Thu Jun 2 03:57:54 EDT 2011

Hi Jurgen,

Many thanks for your informative response.

The firewall cannot terminate the PPP sessions so I will need to confirm
from the client the ISP details in terms of what exactly is supported. 

>From my experience with PPPoA a public address is assigned to the ATM WAN
interface and typically you NAT this one address to share among the LAN.

If the ISP provides a separate address to the ATM interface I will be able
to use the /29 block on the inside (wasting one address on the LAN interface
of the router). IP unnumbered definitely sounds like the go but this is just
a consumer grade router not a Cisco :)

"It also may be your Provider has direct IP over the ATM PVC. Here, the
device with the DSL-Modem acts as a router and has the /29 on it's LAN
side."

I hope this is the case.

Thanks for your help.

Cheers,

-Aaron. 

-----Original Message-----
From: Jurgen Marenda [mailto:jm at ilk.net] 
Sent: Thursday, 2 June 2011 3:39 PM
To: 'Aaron Riemer'
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] ADSL Bridging over Ethernet

Hi Aaron,

> This is not really a cisco specific question. I just need 
> some clarification
> on ADSL bridging.
> 
> I have a situation where an ISP will deliver a /29 address 
> block over an
> ADSL connection. I assume the ADSL connection will be PPPoA / 
> PPPoE based.
> 
> The ADSL router is a simple consumer grade product and a 
> firewall will sit
> behind with a public IP address on an Ethernet interface 
> within this /29
> block.
> 
> My question is if I have this /29 block how can the ADSL 
> router be addressed
> LAN/WAN? I assume the only way to do this is to bridge the 
> ADSL connection
> to the Ethernet network?
> 
> If I bridge the connection does this mean the firewall will 
> need to run the
> PPPoE/PPPoA protocol? 

> I am confused as to where the encapsulation / 
> de-encapsulation occurs with
> this type of design. The ADSL router or the firewall? Can I 
> have the ADSL
> router take care of all the necessary PPP functions such as 
> authentication
> etc with bridging?
> 
> Can someone please shed some light?

If it's PPPoA, the device with the DSL-Modem has the ATM-PVC over which
the PPP session runs.
Clearly, that device is a router having the /29 on it's LAN 

If it's PPPoE, the DSL-Modem may act like as a router as in the PPPoA
Scenario.
(Here, the PPPoE frames are bridged to the ISP thru the ATM PVC.)

But the DSL-Modem may also act as a simple bridge.
In this case, the "firewall" must terminate the PPPoE Session
and may have the /29 on and DMZ Lan 
or use each of the 8 IP-Adresses for terminating (and NATting) Services.

It also may be your Provider has direct IP over the ATM PVC.
Here, the device with the DSL-Modem acts as a router and has the /29 on it's
LAN side.

My (el cheapo) alcatel/ST/thomson classical "adsl" Modem works in all modes
fine;
so even customer grade CPEs may work; 
all those scenarios may be set up with Cisco 876/877 
(iff you get the nessassary information from your ISP).

WAN side does not really need to have an ip-adress (if its
PPP=point-to-point)
but may borrow the LAN's ip adress ( ip unmbered ...)

Hope this helps,

Juergen.