[CLUE-Tech] Cisco 675 PPP vs. Bridging modes

David Anselmi anselmi at intradenver.net
Fri Aug 10 13:00:29 MDT 2001 

So, suppose I have a linux gateway between my LAN and my router.  Could I
set the router to bridge and let the linux box talk PPPoE to Qwest?

Not that I'd want to, but it'd be fun to get an 'unsupported' config to
work (since I'm already doing that by having a Linux box behind the
router).

Jim Ockers wrote:

> > Thus I pose my question to a relatively unbiased group and hope that
> > this does not cause a flame war ... <g>
>
> Hah.  Anything can be turned into a flame war, for those who are
> so inclined.  :P
>
> > Could someone(s) please compare and contrast the bridging and the PPP
> > modes for a Cisco 675 router, vis-a-vis the advantages and
> > disadvantages, bandwidth, security, etc.?
>
> Sure, but only as I understand it.  The Cisco 675 is a DSL modem/
> router so you must be a DSL bandwidth customer.  Typically the DSL
> "DSLAM" concentrator devices use ethernet frames to communicate with
> the customer DSL modems, over the DSL phone lines.
>
> PPP mode uses PPPoE (PPP over Ethernet) to encapsulate PPP point-to-
> point-link frames inside ethernet frames.   PPP is peer to peer.  The
> ethernet frames would contain your PPP frames, and the peers (your
> 675 and the DSLAM/ISP) would encapsulate the IP packets in PPP frames
> which would be transmitted using ethernet frames.
>
> Bridging mode simply takes all ethernet traffic on the ethernet port
> and replicates it over the WAN interface, to the other end.  This
> would mean that all broadcasts, etc. on the LAN would be replicated
> over the DSL connection.  This is bad if the ethernet port of your
> 675 is connected to a hub with a bunch of chatty (Windows) computers
> on the network, because the noise has to be replicated over the bridge
> along with the useful traffic.  If there is only one computer
> connected to the LAN port of the 675, then you are fine.
>
> Most PPP frames are not encrypted so there would not be a security
> benefit to using PPPoE.  The ISP may prefer PPPoE because it allows
> them to collect a username and password from you that may not be
> available to them if you were talking to them via straight ethernet
> bridging.  (Since you don't need a password to be an ethernet device
> and have a MAC address on an ethernet network.)
>
> As far as bandwidth, if you have only one computer connected to the
> DSL modem (and especially if it's a well-behaved system like a Linux
> system), I think you will get slightly more bandwidth using straight
> bridging mode.  The PPP overhead, and processing required to encap-
> sulate/decapsulate the PPP frames, will consume some of your band-
> width, perhaps mostly by increasing latency.
>
> > I am currently using an ISP with the 675 in PPP mode and, in spite of
> > having applied the 675 CBOS upgrade and redirecting the HTTP port, I
> > am still getting killed by the Code Red worm. Someone has suggested
> > that placing the 675 in the bridging mode will eliminate this
> > vulnerability.
>
> This may be correct, depending on the network setup.  If the 675 has
> an internal IP address assigned to the ethernet port, then it won't
> matter what the encapsulation method is for talking to the ISP, that
> IP address is still going to be out there and accessible.
>
> In CBOS can you do "no ip http-server" ?  I know very little about the
> 675, although I'm about to get DSL and I have a 675 I'm going to try
> to use here.  If you can turn off the HTTP server that should work
> around your problem.
>
> > I talked to my ISP, who swears that the bridging mode is the worst
> > possible way to run this router, but I am not sure that I understand
> > their reasons because they sounded like so much double-talk.
>
> I also get suspicious at large amounts of hand-waving.  Hopefully my
> explanation made sense, even if it isn't right.  I'm sure if it's
> not right someone will correct me.
>
> --
> Jim Ockers (ockers at ockers.net)                     Ask me about Linux!
> Contact info: please see http://www.ockers.net/
>
> Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
> at http://www.cauce.org/ .
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list