Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
MikroTik’s RouterOS v7.17 beta 4 introduces a valuable feature for ISPs: PPP over Ethernet (PPPoE) over 802.1Q VLAN tagging. This functionality is designed to simplify network segmentation and customer management. From my experience working with ISP setups, this addition provides a streamlined way to handle multiple VLAN-tagged customer connections, similar to configurations used by providers like BSNL. Let’s delve into the setup, clarify key terms, and see how to configure this feature for optimal performance.
What Are PPPoE and VLAN Tagging?
PPPoE (Point-to-Point Protocol over Ethernet) enables ISPs to create unique sessions for each customer over a shared network, making it easy to track and bill individual users. By tagging traffic with 802.1Q VLANs, ISPs can further segment customer traffic, isolating each connection for security and quality assurance.
With the latest MikroTik update, PPPoE over 802.1Q VLAN allows ISPs to manage multiple PPPoE sessions, each associated with a unique VLAN tag over the same physical interface, eliminating the need for additional hardware. This is especially useful in FTTH (Fiber-to-the-Home) deployments where ISPs need to manage many individual customer VLANs over shared infrastructure.
Common Understanding: 802.1Q vs. QinQ (802.1ad)
Here’s a quick clarification:
- 802.1Q: The standard VLAN tagging used for single-layer VLANs. ISPs like BSNL use 802.1Q to create multiple VLANs under one physical interface, assigning a VLAN ID to each customer or group. This approach supports PPPoE for each VLAN, keeping customer traffic separate.
- QinQ (802.1ad): Also known as double tagging or stacked VLANs, QinQ enables a second layer of VLAN tags. It’s often used in larger, more complex networks where traffic from various customers requires additional segmentation within each VLAN.
Analogy: Bridge Lanes and Toll Booths
Think of 802.1Q VLANs as lanes on a bridge, with each lane representing a VLAN that keeps data isolated for each customer. Here, PPPoE acts like toll booths at each lane, authenticating and tracking each user’s entry and ensuring they have permission to use the network.
With QinQ (802.1ad), imagine adding sub-lanes within each main lane, where additional segments help an ISP track and manage multiple customers under a larger corporate network. However, BSNL’s setup and MikroTik’s feature work without this second layer; they rely solely on 802.1Q single-layer VLANs, using PPPoE on each VLAN to manage connections.
Step-by-Step Setup: PPPoE Server on 802.1Q VLAN in MikroTik RouterOS v7.17
Setting up PPPoE over 802.1Q on MikroTik is straightforward and involves only a few steps.
- Step 1: Create a PPPoE Server on the Physical or Outer VLAN Interface
- Go to PPP > PPPoE Servers in your MikroTik settings and add a new server.
- In the Interface field, select the Physical Interface or the Main Outer VLAN Interface.
- Configure essential settings like authentication and IP pools according to your requirements.
- Step 2: Define the VLAN Range for the PPPoE Server
- In the PPPoE server settings, specify the VLAN Range associated with your physical interface.
- This enables the PPPoE server to respond to PPPoE requests from any VLAN within this range, managing multiple customer VLANs over a single physical interface, similar to BSNL’s setup for FTTH networks.
With this configuration, ISPs can scale up service delivery and manage multiple customer connections seamlessly without needing separate physical interfaces for each customer, making it a scalable and efficient solution.
Key Advantages of PPPoE Over 802.1Q for ISPs
- Efficient Segmentation: Each customer connection is managed individually, maintaining data isolation and network security.
- Reduced Complexity: ISPs can manage multiple VLAN-tagged connections over one interface, reducing hardware requirements.
- Scalability: By using a single physical interface with 802.1Q, ISPs can add many customers without additional configuration overhead.
Comparison of PPPoE with VLAN Tagging and without VLAN Tagging:
| Feature | PPPoE with VLAN Tagging | PPPoE without VLAN Tagging |
|---|---|---|
| Network Segmentation | Provides network segmentation by creating isolated VLANs for each customer or group, ideal for ISP environments. | No built-in segmentation; all users are on the same network, leading to potential security and performance issues. |
| Traffic Isolation | Isolates traffic between different VLANs, ensuring that customer data is secure and inaccessible to others. | Limited isolation; traffic from all customers is mixed, increasing the risk of data breaches. |
| Scalability | Allows the creation of multiple VLANs, enabling scalable growth without needing new physical interfaces. | Less scalable, as each new segment might require additional interfaces or separate configurations. |
| Efficiency and Cost | Reduces hardware requirements by supporting multiple virtual networks over a single physical interface. | Higher hardware requirements if segmenting traffic, as it may need more interfaces or routers. |
| Configuration Complexity | Slightly more complex initial setup but streamlines management for ISPs handling multiple customers. | Easier initial setup but may require additional configurations to manage traffic or customer isolation. |
| Bandwidth Control | Enables individual bandwidth control per VLAN, allowing ISPs to manage customer service levels more effectively. | Limited bandwidth control as traffic is not segmented, making it harder to allocate or limit bandwidth per customer. |
| Service Flexibility | Supports flexible service options, letting ISPs offer tiered services by VLAN. | Less flexibility, as all customers are part of the same network and service levels are harder to customize. |
| Security | Enhanced security as each customer or group has an isolated VLAN, reducing the risk of internal network attacks. | Lower security since all customers share the same network, making it easier for unauthorized access if vulnerabilities exist. |
| Troubleshooting | Easier troubleshooting with VLAN tagging, as each VLAN can be tested independently. | Harder to troubleshoot network issues as traffic from all users is mixed. |
Conclusion:
The new PPPoE over 802.1Q feature in MikroTik RouterOS v7.17 is a game-changer for ISPs. By simplifying customer VLAN management, this feature supports secure, isolated connections without requiring QinQ (double-tagging). As seen with BSNL’s 802.1Q approach, single-layer VLAN tagging with PPPoE allows ISPs to handle numerous customer connections with efficiency and ease. For any ISP looking to optimize service delivery, this is a highly effective configuration that aligns well with real-world demands.
