DOCSIS 3.0 & PPPoE/L2TP compatibility


We are a small ISP and have a setup in place with the local cable company for terminating their users via L2TP for Internet access. However they have just announced to us that they are moving to a DOCSIS 3.0 compliant setup, and this standard no longer supports PPPoE via L2TP, and can now only offer PPTP for terminating with us.

We have already begun replacing our Cisco 7206VXR LNS devices with Cisco ASR 1Ks and as you will be aware the older 7206 can do both L2TP and PPTP, whereas the ASR1k can do only L2TP. I do not have any experience in the cable arena, but from what I have read in the DOCSIS standards, each version has maintained backwards compatibility, therefore I am very surprised our CableCo has claimed they cannot do PPPoE/L2TP anymore.

The CMTS they are currently using is a Cisco, and now they are moving to a new ARRIS CMTS. I have not been able to find any information on this device and what it can do or not. With the ASR1K marked as the natural upgrade path for LNS functions, therefore I cannot believe that it is not fully compatible with DOCSIS 3.0.

From what I can tell the only way to accommodate the new CMTS PPTP connections will be to terminate them on the legacy 7206VXR, which at the end of the day is a backwards step. I would greatly appreciate if anyone can give me any pointers and/or suggestions on this matter, so I can understand it and move it forward.

FYI: The driver for the CMTS upgrades is to offer higher bandwidth access speeds 15mb-20mb.

Thank you.

As I recall from my reading of "the standard", there's nothing in there to prevent any tunneling on top of the DOCSIS bridged ethernet.

I suspect this is not a "standard" problem but an ISP problem... their new hardware doesn't support PPPoE/L2TP, it's an additional license, or they don't know how (or unwilling) to configure it.

(I'm assuming the PPPoE is between you and the customer, and L2TP is between your network and the cable network. i.e. L2TP is how your customers are brought to you from the cable network.)

I have no documentation on ARRIS either, so I don't know what they can/cannot do.

"Hi ISP, meet Moxie Marlinspike. Moxie, meet ISP. I think you two
have something to discuss..."

Hey Ricky,

Yes that is the exact setup, the cableco bring the customer to us via L2TP, and now want to do PPTP only.

I will keep digging on the ARRIS, which I have been told is a C4 system. Although their website doesnt show much tech specs.

They are pushing for the L3 option since their CMTS will now be a hop in the path between the customer and us, instead of L2 transparent.



to elaborate on Valdis' reply, stick a fork in pptp, it is done.

Hi iptech

As others have said, early Cisco CMTS could do full bridging and/or PPPoE
termination, but newer gear is typically L3 style only.

For wholesale, the cableco could do one of these :

* L2 solution : Change your customers to configured as DOCSIS BSoD L2VPN,
and deliver you one dot1q VLAN per customer. You can continue to use PPPoE
with this config (sessions landing directly on your LNS). Gotcha: don't know
about Arris, but Cisco caps you at 4K VLANs per chassis which means this
solution doesn't scale all that well.

* L2 solution : Change your customers to be setup as DOCSIS BSoD L2VPN, and
deliver you one MPLS pseudowire per customer. You can continue to use PPPoE
with this config (sessions landing directly on your LNS). Gotcha: don't know
about Arris, but Cisco caps you at 16K pw per chassis which means this
solution only provides moderate scaling. Also you have to somehow terminate
all these pw (which are "xconnect"s in Cisco-speak).

* L3 soution : change your customers to land on a dedicated bundle and VRF.
Apply policy based routing to force-forward all the CPE traffic up a VLAN to
you. If you want to be able to authenticate/count/shape then you probably
need to terminate this traffic as IPoE (Use a dedicated BNG, or maybe you
could try Cisco ISG). Cableco would provide the DHCP for the CM, you would
provide the DHCP for the CPE. CMTS would insert CM MAC as option 82 so you
know which CPE belongs to which CM/customer.

* L3 solution : last option is to do what they proposed. I would probably
still implement this with a dedicated bundle and VRF. But rather than having
to land the sessions as IPoE, you can now have them come in as PPTP. This
allows you to authenticate/count/shape via your LNS.

Hope that helps,

Hey Michael,

Thanks for the feedback.

From the scenarios below, I think that option 3 would be more feasible, i.e BSoD L2VPN, via pw. Our max expected number of sessions would not exceed 10k, so probably not an hw limiting issue for us.

For option 4, we cannot accommodate this, as we are moving to ASR1K, which does not support PPTP, only L2TP.

I am reading through the DOCSIS L2VPN specification to understand the model better.