Cisco 3810 DSL Config Help for USWest Based MegaCentral ISPs

Here is some information that will hopefully help ISPs that are utilizing a Cisco MC 3810 ATM router to support customers connecting via USWest's DSL service.

Topology

DSL is rapidly being deployed by LECs across the country. USWest is making this move to combat the perceived threat from cable companies, who are just now starting to bring Internet access through cable modems to a wide audience nationwide, and to leverage their investment in the physical cable plant (local loop) through the provisioning of medium to high speed digital ATM circuits over a DSL physical layer.

In USWest land, the ISP is connected to the local exchange carrier (LEC) ATM network through a T1 or DS3 level circuit. The ISP then pays for tiered bandwidth based on 3MB increments, and VCs are created on the ATM pipe as customers are hooked up. This is in contrast to other DSL providers, who may offer connectivity to the host (or ISP) site through Frame Relay.

This creates a great economy of scale for both the LEC and the ISP, who don't have to rely on adding phone lines as they get new users connected.

Protocols

USWest's RADSL offering utilizes rfc1483 ethernet encapsulation over ATM. Most often this takes takes the form of bridged ethernet IP packets being delivered over the ATM/DSL layers. Cisco has promised PPP over ATM encapsulation in version 12.0 of the IOS, and also has promised to fix the IP routing and PPP in the Cisco 675 (NetSpeed 204) DSL modem.

Because you must currently use bridging, you must create bridge groups and BVI (bridged virtual interface) interfaces, the IOS configuration is a little different than most ISPs are used to using for Frame-Relay or other dedicated circuit type links.

Glossary

Because I am throwing around so many acronyms on this page, I have included a Glossary that can be used a reference. Send me e-mail to let me know if I have forgotten anything.

Example Configurations

I will endeavor to include configuration examples for all different routing/bridging schemes I know of, as well as point to a couple of Cisco resources on the web. I'll try as hard as I can to label configurations as "working" or "not-tested" or "blatant lie from Cisco tech" or whatever else label best fits.

Straight IP Bridging with DHCP

I'm not personally doing this, but it should work fine, as most ISPs are using some variation on this configuration. Cisco has an example configuration on the web using this architecture.

This scheme does have some limitations. Users are given an address with a 24 bit (class "C") mask, so they cannot route traffic to users in the same subnet. Sort of a "Split Horizon" kind of problem, like you might see with certain Frame-Relay configurations. This makes DSL useless for home to home Videoconferencing, or sharing of information through personal webservers, if the site you want reach is connected to the same ISP and on the same subnet.

You can use a single bridge group and BVI interface for all DHCP routed customers.

!
no service pad
!
hostname MegaCentral
!
ip subnet-zero
ip classless
no ip source-route
!
controller T1 0
framing esf
linecode b8zs
description MegaCentral T1
!
interface Ethernet0
description Switched Ethernet Backbone
ip address 192.168.0.1 255.255.255.0
no ip directed broadcast
no ip mroute-cache
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial2
no ip address
no ip directed-broadcast
encapsulation atm
no ip route-cache
no ip mroute-cache
atm uni-version 3.1
serial restart-delay 1
!
interface Serial 2.32 multipoint
no ip directed-broadcast
atm pvc 32 1 32 aal5snap
atm pvc 33 1 33 aal5snap
atm pvc 34 1 34 aal5snap
!
! (etc. for each subcriber VC)
!
bridge-group 1
!
interface BVI1
description Shared subinterface for DSL customers
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.0.254
no ip directed-broadcast
no ip proxy-arp
arp timeout 3600
!
bridge irb
bridge 1 protocol ieee
bridge 1 route ip

With this addressing scheme you would assign addresses via the DHCP server at 192.168.0.254. Customers on the same subnet will *NOT* be able to route traffice between each other.

Subnet Routing Over rfc1483 Bridging

This is a more common scenario for the ISPs I've talked to who are providing DSL internet access through USWest's DSL offering, and I happen to be using it successfully.

You must create a seperate bridge group and BVI interface for each routed subnet, effectively limiting the total number of such connections to 64, which is the maximum number of BVI interfaces you may create.

!
no service pad
!
hostname MegaCentral
!
ip subnet-zero
ip classless
no ip source-route
!
controller T1 0
framing esf
linecode b8zs
!
interface Ethernet0
description Switched Ethernet Backbone
ip address 192.168.0.1 255.255.255.0
no ip route-cache
no ip mroute-cache

interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial2
description ATM MegaCentral T1
no ip address
encapsulation atm
no ip route-cache
no ip mroute-cache
atm uni-version 3.1
serial restart-delay 1
!
interface Serial2.32 point-to-point
description Customer A
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
atm pvc 32 1 32 aal5snap
bridge-group 1
!
interface Serial2.35 point-to-point
description Customer B
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
atm pvc 35 1 35 aal5snap
bridge-group 2
!
interface Serial2.38 point-to-point
description Customer C
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
atm pvc 38 1 38 aal5snap
bridge-group 3
!
interface BVI1
description Customer A - 256k (assigned subnet 192.168.1.0/29)
ip address 192.168.1.1 255.255.255.248
no ip directed-broadcast
no ip proxy-arp
arp timeout 3600
!
interface BVI2
description Customer B - 256k (assigned subnet 192.168.1.8/29)
ip address 192.168.1.9 255.255.255.248
no ip directed-broadcast
no ip proxy-arp
arp timeout 3600
!
interface BVI3
description Customer C - 7M/1M (assigned subnet 192.168.1.64/27)
ip address 192.168.1.65 255.255.255.224
no ip directed-broadcast
no ip proxy-arp
arp timeout 3600
!
interface FR-ATM20
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
bridge 3 protocol ieee
bridge 3 route ip

With this configuration, Customer A (ATM VC 1/32) is assigned the block of IP addresses 192.168.1.0/29, which gives them 5 usable IP addresses. A gateway address of 192.168.1.1 is used (the BVI interface IP address), with a subnet mask of 255.255.255.248. Available IPs for use in this subnet would be 192.168.1.2 through 192.168.1.6.

Customer B (ATM VC 1/35) is assigned a similar block of 192.168.1.8/29, utilizing 192.168.1.9 as the gateway, and the same subnet mask of 255.255.255.248. IP addresses would be 192.168.1.10 through 192.168.1.14.

Customer C (ATM VC 1/38) is assigned a larger block of 192.168.1.64/27 which gives them 28 usable IPs starting with the address of 192.168.1.66, utilizing a gateway of 192.168.1.65 and a netmask of 255.255.255.224.

As mentioned above, the maximum number of bridge groups and BVI interfaces on the 3810 is 64, so the number of ATM VCs you can connect are limited.

Static IP Over rfc1483 Bridging

Extremely similar to the above DHCP config, you can give the user an address with a /24 bit mask, but they have to enter it manually, and it will never change. Of course small ISPs like this because it gives them more control in regards to security issues (via logging, etc.), and users like it because they get a dedicated IP and hostname that their friends can use to find them online, but with the config below, you'll still have the same "split-horizon" problem with users on the same subnet not being able to route traffic to each other. IN the example below, users will be assigned an address in the 192.168.1.0/24 subnet.

!
no service pad
!
hostname MegaCentral
!
ip subnet-zero
ip classless
no ip source-route
!
controller T1 0
framing esf
linecode b8zs
description MegaCentral T1
!
interface Ethernet0
description Switched Ethernet Backbone
ip address 192.168.0.1 255.255.255.0
no ip directed broadcast
no ip mroute-cache
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial2
no ip address
no ip directed-broadcast
encapsulation atm
no ip route-cache
no ip mroute-cache
atm uni-version 3.1
serial restart-delay 1
!
interface Serial 2.32 multipoint
no ip directed-broadcast
atm pvc 32 1 32 aal5snap
atm pvc 33 1 33 aal5snap
atm pvc 34 1 34 aal5snap
!
! (etc. for each subcriber VC)
!
bridge-group 1
!
interface BVI1
description Shared subinterface for DSL customers
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
arp timeout 3600
!
bridge irb
bridge 1 protocol ieee
bridge 1 route ip

PPP Over ATM Configurations