[rbak-nsp] PPPoE tunnel and Firewall

David Freedman david.freedman at uk.clara.net
Fri Jul 25 02:13:38 EDT 2008


There are devices on the market which allow you to manipulate traffic inside PPPoE but these are generally
limited to applications such as traffic rate control (i.e P2P shaping)

Traditionally, protecting subscribers from eachother is done where the PPP terminates, in your case, if your requirement is simple enough , you can implement this protection as an ACL on the subscriber interface of the BRAS.

Hope this helps, 

------------------------------------------------
David Freedman
Group Network Engineering 
Claranet Limited
http://www.clara.net



-----Original Message-----
From: redback-nsp-bounces at puck.nether.net on behalf of Masood Ahmad Shah
Sent: Thu 7/24/2008 21:32
To: redback-nsp at puck.nether.net
Subject: [rbak-nsp] PPPoE tunnel and Firewall
 
I'm really getting confused while adding firewall for DSL subscribers. I
want to protect my PPPoE subscriber from malicious traffic. Adding a
firewall between DSLAMs and BRAS is kinda confused for me. The final
topology is going to be like 

 

 

CPEß------>DSLAMß-------àFirewallß------BRAS------->Ineternet

 

>From CPE to BRAS is PPPoE tunnel. The question " Can firewall protect PPPoE
customers from malicious traffic while sitting in transparent mode in front
of BRAS". I wonder , firewall will skip the PPPoE tunnels traffic. 

 

If yes, than how do you guys protect BRAS internal traffic from one
subscriber to another. 

 

 

  



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20080725/fb8be06b/attachment.html>


More information about the redback-nsp mailing list