On 13 September 2017 at 19:03, Ewen McNeill
Part of what prompted my surprise is that this Mikrotik very much did have a username and password on the PPPoE configuration, apparently given to my client (setting it up for their customer) by the ISP in question -- and the password looks "password like" rather than just a placeholder. It's good to hear from you (and Nathan) that at least that part is less common.
My ISP at home uses the same username/password as the customer portal for PPPoE authentication (we might be talking about the same one, though).
Unless I'm missing something, wouldn't the PVLAN sort of approach work out here? Put each customer into a isolated PVLAN, and put the ISP-end gateway into a community PVLAN, then the customer VLANs can talk to the ISP but not to each other -- and you can use a larger subnet for efficiency (/24, /22, etc). Possibly this would require some fibre provider/ONT assistance... but the whole UFB thing was built from scratch so doing it didn't have to be layers upon layers of abstraction to make it look like the past.
The problem with that approach is that you break P2P connectivity between customers. If I have a public IP address, I would expect it to be accessible from any other public IP address unless explicitly filtered. I guess proxy-arping is the best solution here, unfortunately. You will still need to allocate a gateway IP address per subnet (although you can increase the subnet size to mitigate this, assuming you have enough contiguous address space available).
This particular one seems to have the Mikrotik defaulting the PPPoE interface MTU to 1480. I didn't investigate exactly why, but it didn't seem to be specified in the PPPoE client config on the Mikrotik. (VLAN 10 MTU was 1500.)
1492 MTU seems to be the best case for PPPoE if the parent ethernet interface MTU is 1500; and configuring for mini-jumbo frames on the ONT/UFB side would seem to be an obvious work around, but it's not clear if that's commonly done either. I'd be a little less bitter about forcing PPPoE on end users if it didn't force their user-data-MTU down below the assumed-in-end-user-equipment 1500 byte MTU....
I believe most Chorus products support at least a 2000 byte MTU, the problem is that you need to set it up manually on every CPE. Kind regards, Andre