[RP-PPPoE] 回复: QinQ with rp-pppoe
守得云开
axinchan at qq.com
Wed Nov 12 20:19:09 EST 2014
hi
I am using rp-pppoe as a pppoe server, work with freeradius
it sounds like that QinQ is a good way to avoid broadcast, with QinQ, I can limit pppd dail-up to a QinQ per account, It is a common way.
QinQ is something like ppp, layer 2 link is created from the bras to the end user, it's very convenient to disable the virtual link to end user, especially when it's a bad guy, he tries login name and password quickly, for example, it's very easy to high load cpu usage!
QinQ is a kind of vlan, a qinq a virtual interface, it works like i have 1000 NICs and each NIC belong to a end user.
------------------ 原始邮件 ------------------
发件人: "Adrian Ban"<adrian at abtelecom.ro>;
发送时间: 2014年11月11日(星期二) 晚上10:38
收件人: "rp-pppoe"<rp-pppoe at lists.roaringpenguin.com>;
主题: Re: [RP-PPPoE] QinQ with rp-pppoe
Hi,
First at all using QinQ sounds strange for me. Only if you have a lease line which ISP granted to you a MTU more than 1500 to create VLANs under certain VLAN.
From what you said there "create 1000 QinQ VLAN on interface eth0" sound more like: "create dot1q VLAN on interface eth0"
To create QinQ under linux you have to do something like this:
eth0 -> eth0.100 (transport VLAN) with MTU more that 1500
under eth0.100 you will create 1000 of other VLANs, like
eth0.100 -> eth0.100.123
eth0.100 -> eth0.100.124
.. so on.
If you want 1000 VLAN ask first if the system supports too many VLANs and will not overloads the OS. Good NICs can handle hardware VLANs so you will get an offload.
Next you can start for each interface one pppoe-server instance with -I argument. But use always offset argument -o and also -N argument. For example:
root 5642 0.0 0.0 4264 120 ? S 15:58 0:00 /usr/sbin/pppoe-server -k -S ABTelecom -S DMNetwork -L 10.0.0.1 -R 10.0.0.10 -N 256 -o 0 -I eth2
root 5676 0.0 0.0 4264 500 ? S 15:58 0:00 /usr/sbin/pppoe-server -k -S ABTelecom -S DMNetwork -L 10.0.0.1 -R 10.0.0.10 -N 256 -o 256 -I tap1
root 5702 0.0 0.0 4264 504 ? S 15:58 0:00 /usr/sbin/pppoe-server -k -S ABTelecom -S DMNetwork -L 10.0.0.1 -R 10.0.0.10 -N 256 -o 512 -I veth-toInternet
root 5727 0.0 0.0 4264 120 ? S 15:58 0:00 /usr/sbin/pppoe-server -k -S ABTelecom -S DMNetwork -L 10.0.0.1 -R 10.0.0.10 -N 256 -o 768 -I eth0.990
I make a script which is searching for available ethernet interfaces (also with configurable exclude/include interface) and calculate using the maximum number of sessions per process (-N) the next offset.
Regards,
Adrian
On 11/11/2014 10:21 AM, hbreschner wrote:
hi,
without discussing why you are using 1000 vlan networks ...
a single PPPoE Server process is only listing to the devices that you gave it with -I, but you can add several interfaces with several -I parameters.
I am working with several instances each dedicated for a single VLAN.
So, I am not sure what is the max of interfaces that you can add to a single process with the -I parameter.
You may need to look into the code to find any limit.
Please post here what is your finding regarding the max amount of interfaces you could add.
Best,
Christian
On 11/08/2014 05:02 PM, 守得云开 wrote:
I am trying QinQ(802.1adVLAN) on Linux 3.10 with rp-pppoe
if i create 1000 QingQ VLAN on interface eth0, I have to make pppoe-server listen on 1000 interface(with 1000 -I parameters)?
can i listen to just eth0, or any suggestions?
_______________________________________________ RP-PPPoE mailing list RP-PPPoE at lists.roaringpenguin.com http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/rp-pppoe
_______________________________________________ RP-PPPoE mailing list RP-PPPoE at lists.roaringpenguin.com http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/rp-pppoe
--
Adrian Ban
IP/MPLS Engineer
----------------------------------------
mobil: +40788388190 / +32484849697
web: www.abtelecom.ro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roaringpenguin.com/pipermail/rp-pppoe/attachments/20141113/d5bb1f2d/attachment-0001.html>
More information about the RP-PPPoE
mailing list