Let’s look at the differences in infrastructure setup on both options.
Layer 3 option setup
If you are thinking of going with a layer 3 option, infrastructure setup will be fairly straightforward. The upstream provider will usually have some sort of web interface for you for account creation along with some troubleshooting/monitoring tools. The rest is likely to be accomplished via alternative channels like phone, email or hardcopy forms.
Layer 2 option setup
This is where things become really tricky, because some areas need to be looked at in detail.
For example, authentication. You need some sort of authentication server setup so that your customers’ modems are able to send PPP authentication requests, prove that they have a valid account, and establish a connection.
Some frequently used terms for your reference:
- Realm – for example, firstname.lastname@example.org where username.org is the realm. In a wholesale environment, a realm is required for your upstream provider to forward your customer’s authentication requests to your network.
- Forwarding authentication – setting up the router, so that it knows where exactly to forward your authentication requests to. This requires some Cisco/Juniper/whateveritis know-how.
- Authentication server – any form of RADIUS will do, in a pinch. Of course, you need certain attributes on the server:
- Realm configuration – to allow requests with the right realm for authentication.
- Username/password configuration – to allow the right username/password pair to be configured
- IP address configuration – to either assign a static IP address, or to assign one from a dynamic pool, so one or the other. You will need either an IP address range from the upstream provider, or sign up for your own allocation from APNIC.
- Optional attributes – for example, shaping the upload or download speed.
- L2TP – this is the protocol used to establish a session from customer to your network.
- LAC – L2TP Access Concentrator. This is the network router from your upstream provider, where they forward authentication requests to you.
- LNS – L2TP Network Server. This is your router, the one that receives and establishes L2TP sessions.
I’ll break the post up again at this point, part 3 will be a closer look at a layer 2 option, authentication setup with regards to Cisco equipment – sorry, can’t do anything else as I’m only familiar with that.
Let me know what else you would like to see in this series, and I’ll be happy to elaborate.