Network equipment hard core technology insider router Chapter 14 from deer by device to router (middle)

I dug a hole for everyone yesterday ：

Our common IPTV There is no condition for the set-top box to enter the user name and password , certified . that , How to be in BRAS For certification on 、 Authentication and billing ？

Some students put forward , Can pass MAC Address the authentication .

however , We know ,MAC The address can be modified . If you find a computer , take MAC The address is changed to be the same as that of the set-top box MAC Address , You can use and even attack the whole network wantonly .

Another problem is , If you only recognize MAC Address , that , As long as it is a set-top box within the scope of certification , No matter where you use it, you can connect to the network , Lao Zhang's set-top box can also be used by Lao Wang's next door . This is certainly not in line with IPTV The needs of the provider .

We need a way of authentication ：

1. Set top box only （ Or other approved type of equipment ） Can access the network ;
2. The device must be connected to the network at the designated location ;

This way of Authentication , It's with IPTV The large-scale popularization of IPoE.

IPoE, Is in BRAS Pass for STB DHCP When assigning addresses , With the help of DHCP An extension of Option 60 and Option 82, Determine the terminal type and access location , And a certification method to judge whether it is admitted .

Option 60 As early as RFC 2132 There is an initial definition in . It is DHCP Client towards DHCP Server Report their own manufacturer information . first , This Option The purpose of is to assign addresses of different domains to terminals of different manufacturers , But in IPTV in , This field is used to identify whether it is a set-top box terminal . because IPTV Set top boxes are purchased by operators and distributed to users , therefore , Terminal with incorrect type , It will be regarded as an illegal terminal and refuse to assign an address , Unable to access the network .

and Option 82 Used to identify its access location .Option 82 yes DHCP Added by network devices along the way . As shown in the figure below ：

All equipment along the way will be in DHCP Add Option 82 Field , and BRAS adopt Option 82 Field , Judge whether the user shares the set-top box with Lao Wang next door , To decide whether to enter .

original ,IPoE It was so simple .

No ,IPoE Not simple .

IPoE The certification IPTV In the network , There is another important question ：

How to avoid flooding multicast packets in all interfaces by the floor 2 switch in the corridor , So that Lao Wang next door can see what Lao Zhang's family paid to watch at no cost adult Go channel ？ therefore ,IPoE It also needs to be combined with QinQ To achieve .

As shown in the figure below ：

IPoE And PPPoE The difference between , Did you find out ？

by the way ,IPoE One packet is missing PPP encapsulation , It's going to be IP Data packets are directly encapsulated in Ethernet packet headers , therefore , Is called IPoE(IP Over Ethernet).

obviously , be relative to PPPoE,IPoE The data package of is simpler , Yes BRAS—— The requirements of metropolitan edge routers are also relatively low .

therefore , Engineers have come up with the innovation of metropolitan area network —— Look at the next episode .

Current issues ：

Why? IPTV Do not use the configuration on the access and convergence switch MAC/IP/ Port binding to limit the access location of the set-top box ？

Problems left over from the previous period ：

QinQ The network can be isolated as 4K * 4K = 16M Subnet , and VXLAN Also support 16M Subnet . that , Why not use VXLAN Isolate each user , And you want to use QinQ？

answer ：1. QinQ Inner and outer layers of VLAN ID It can be used to distinguish the access location , Community such as / House number ;2. QinQ Only the access switch support VLAN, Convergence switch support QinQ, and VXLAN Switch support is required VXLAN, The cost is obviously higher ;3. VXLAN yes 2015 The technology that emerged in , Without reducing costs , Change the existing IPTV Networking standards cannot reflect the value of change .