Setting up a PPPoE session for AE (Active Ethernet), DSL, GPON or microwave links

Owned by Ole Ernst
Last updated: Jun 02, 2020 by Nino Ryschawy
4 min read

At NMS Prime we strive for device and vendor agnostic provisioning. Thus, we want to abstract the devices-specific settings and quirks as much a possible. In order to limit the throughput of our consumers we use routers acting as a BRAS/BNG, which terminate the PPPoE sessions towards the CPE. PPPoE is a very well established, proven protocol and is supported by most CPEs. Thus, it is an ideal choice for device and vendor agnostic throughput provisioning.

In order to be able to set-up PPPoE sessions we first need a L2 link between the head-end and the consumers CPE. AE and microwave links provides this out-of-the-box. In the case of DSL one can configure the DSLAM, such that the DSL modems are directly bridged and from the head-ends perspective don't look any different to devices using AE or microwave links. For the most DSLAMs we have seen, one only needs to configure this bridging once and it is automatically established for all modems, that will be connected to the DSLAM later on.

GPON however is a different matter. The OLTs we have been using so far have greater complexity when it comes to provisioning ONTs. Using a protocol used between the OLT and the ONTs (e.g. OMCI) one can configure lots of settings, among others the throughput, VLANs, phone numbers and CATV. However, these settings are proprietary and thus highly dependent on the devices and vendors being used. Sometimes they even change between different firmware versions. This leads to a lot of incompatibilities, such that you won't be able to use any ONT with any OLT. Furthermore, the commands need to be run via Telnet or SSH, which can make this system unreliable (as the command-line options may change between devices of the same vendor and different firmware version) and potentially vulnerable to man-in-the-middle attacks due to the unencrypted nature of Telnet.

We strive to alleviate this issues by using the proprietary protocols as little as possible. Our goal is to only set-up the L2 link between the ONTs and the head-end (via the OLT) via the device and vendor dependent protocols. We provision the links with the highest possible throughput to every ONT and again use the BRAS/BNG (via PPPoE) to do the actual limiting. Some OLTs require running commands for every new ONT being connected. For this case we provide scripts, which are automatically running in the background every 5 minutes.

All CPE settings such as PPPoE credentials, phone numbers, CATV, firewall settings or Wi-Fi names, password and security will be configured via TR-069/CWMP - another highly well-defined, established and proven protocol for provisioning CPEs.

In summary we want touch the intermediary systems (switches (AE), base stations (microwave links), DSLAMs (DSL) and OLTs (GPON)) as little as possible by setting them up with a default configuration, which enable an L2 link between the CPE and our head-end with maximum throughput, which will later be limited by our BRAS/BNG to the actual subscribed throughput. The CPEs are configured via TR-069/CWMP. We already have configuration suggestions for common DSLAMs and OLTs and will extend them in the future. The same is true for TR-069/CWMP provisions for the CPEs. The latter can be easily modified and added by you using a very simple syntax.

Having an unprovisioned L2 link alone is not sufficient, to get the customer online. One needs to supply the CPE with its PPPoE credentials and the URL of the ACS (CWMP/TR-069) server in order to provision phone numbers among other settings. There are multiple options to accomplish this task:

  1. Bootstrapping using DHCP
  2. Preconfigure the CPE with default settings prior to shipping to the customer (e.g. via AVM ProviderManager)
  3. Manual configuration

In this scenario a factory-new CPE is required to use DHCP as its default means of getting an IP address. This is the case for most AE/microwave CPEs we have seen so far. In this case we supply the CPE with a temporary (non-routed to the internet) IP address and the location of the ACS server. The CPE will inform the ACS server, tell its serial number and can than be provisioned via TR-069/CWMP. This way the CPE will get (among others, such as the phone number and Wi-Fi settings) its PPPoE credentials. Afterwards the CPE will shutdown its IPoE connection and will establish the PPPoE session, which is than routed to the internet and limited by the BRAS/BNG.

Using DSL it is not usually the case, that modems use DHCP as their default means of getting an IP address. That is why many modem vendors either supply a default ACS server location and default PPPoE credentials for all their modems. The latter typically are identical among all the modems. This means one can set-up a default PPPoE account in NMS Prime for factory-new DSL modems. This way they will be able to get an IP address via PPPoE and to communicate to the ACS server to get their actual PPPoE credentials and other settings. The ACS server location is usually preconfigured by the manufacturer using a hostname such as acs.example.test. Because we control the nameserver, which is given to the PPPoE clients (i.e. CPEs) during PPPoE session set-up, we can configure according A/AAAA DNS records, such that the CPE will connect to our ACS server.

If this is for some reason not sufficient or suitable for the use case at hand, many vendors also allow to supply other default PPPoE credentials / ACS server locations to the CPE using simple scripts prior to shipping them to the consumers. If your ordered modem batch size is large enough the vendor itself will modify this settings according to your needs. Note that this settings do survive a factory reset of the modem.

Of course you can always set-up the PPPoE credentials and other settings (e.g. phone number, WiFi settings, etc.) on the CPE prior to shipping it to the consumers. This way you don't need to use TR-069/CWMP at all.