PPPoE

What Is PPPoE?

PPPoE operates as the point-to-point protocol over Ethernet at the link layer, facilitating PPPoE connections over Ethernet, establishing PPP sessions, and encapsulating PPP frames within PPPoE frames. It enables users to connect to a remote access device, offering cost-effective user access and robust access control. PPPoE supports remote access for multiple user hosts over Ethernet and generates accounting data for transmission to address application issues such as Internet access billing. Consequently, PPPoE is widely used in carrier network access.

Addressing the Challenges with PPPoE

PPP is a protocol designed for point-to-point communication, allowing one node to connect exclusively with another specified node. Positioned at the second layer of the OSI reference model and the data link layer of the TCP/IP model, PPP is primarily utilized for transmitting data point-to-point over full-duplex asynchronous links. Identity authentication is a critical function of PPP, yet it does not provide address information. Due to Ethernet's broadcast nature, PPP cannot be directly employed in Ethernet links.

Despite Ethernet's advantages, such as simplicity and cost-effectiveness, its broadcast nature poses challenges for authenticating communication parties' identities, rendering communication insecure.

To address these challenges while maintaining cost-effective network operations within the current infrastructure, PPPoE technology offers a solution. PPPoE integrates PPP's authentication function for verifying the identities of both communication parties. Leveraging the PPP networking framework, PPP frames are encapsulated within PPPoE frames to enable point-to-point communication over Ethernet. This allows Ethernet clients to connect to remote broadband access devices seamlessly.

PPPoE Characteristics

PPPoE offers the following features:

Functional aspects:

PPPoE combines the benefits of PPP, incorporating functionalities like identity authentication, encryption, and compression, which are not supported by conventional Ethernet.

• PPPoE combines the benefits of PPP, incorporating functionalities like identity authentication, encryption, and compression, which are not supported by conventional Ethernet.

• PPPoE employs distinct session IDs to guarantee user security.

Applications aspects:

• PPPoE dial-up is the prevalent approach for facilitating terminal connections to the ISP network for broadband access.

• PPPoE can be employed on Ethernet interfaces, including cable modems and digital subscriber lines (DSLs), to furnish users with access services via Ethernet protocols.

Put simply, PPPoE merges the cost efficiency of Ethernet with the manageability and control features of PPP to deliver Internet access. For carriers, it enables full utilization of existing telecommunications access network architecture and dial-up network resources, without necessitating significant changes in operational and management modes. Users, on the other hand, enjoy a user experience akin to traditional dial-up Internet access.

How Is a PPPoE Connection Established?

PPPoE Packets

A PPPoE packet consists of a PPP packet encapsulated within an Ethernet frame. The following diagram illustrates the packet encapsulation structure.

Structure of a PPPoE packet

The following are PPPoE packet field descriptions

• 1. Ver——Indicates a PPPoE version number. This field is 4 bits long and must be set to 0x1.

• 2. Type——Indicates a PPPoE type. This field is 4 bits long and must be set to 0x1.

• 3. Code——Indicates a PPPoE packet type. This field is 8 bits long. The value can be: 0x00 (session data), 0x09 (PADI packet), 0x07 (PADO or PADT packet), 0x19 (PADR packet), and 0x65 (PADS packet).

• 4. Session_ID——Indicates a PPP session ID. This field is 16 bits long. The value is fixed for a given PPP session and defines a PPP session along with Ethernet source and destination addresses. A value of 0xffff is reserved for future use and must not be used.

• 5. Length——Indicates the length of the PPPoE payload. This field is 16 bits long, excluding the length of the Ethernet and PPPoE headers.

Stages of Establishing a PPPoE Connection

PPPoE Utilizes the Client/Server Model. Illustrated below, the fundamental roles in PPPoE networking include the PPPoE client, PPPoE server, and RADIUS device.

Networking Diagram of PPPoE Access

The PPPoE user's online connection process comprises two stages: discovery and PPP session. During the discovery stage, a PPPoE server is selected, and the session ID to be established is identified. The PPP session stage encompasses the standard PPP procedure, involving LCP negotiation, PAP/CHAP authentication, and NCP negotiation.

Working Process of PPPoE

The following figure shows the time sequence of the PPPoE discovery and PPP session stages.

 

Discovery Stage

During the discovery stage, the device assigns a session ID to the user. This session ID serves to identify a PPPoE virtual link established between the user and the device.

• 1. The PPPoE client initiates the connection process by broadcasting a PPPoE Active Discovery Initiation (PADI) packet, specifying the type of service requested.

• 2. Upon receiving the PADI packet, all PPPoE servers within the Ethernet network compare the requested service with the services they offer. The PPPoE server capable of providing the requested service responds with a PPPoE Active Discovery Offer (PADO) packet.

• 3. The PPPoE client may receive multiple PADO packets from different PPPoE servers. Based on certain criteria, the client selects a suitable PPPoE server from those offering PADO packets and sends a PPPoE Active Discovery Request (PADR) packet to the chosen server, specifying details of the requested service.

• 4. Upon receipt of the PADR packet, the designated PPPoE server generates a distinct session ID to identify the PPPoE session established between the server and client. Subsequently, the PPPoE server responds to the PPPoE client with a PPPoE Active Discovery Session-Confirmation (PADS) packet containing the unique session ID. If no errors occur, the PPPoE server transitions to the PPP session stage. Similarly, the PPPoE client proceeds to the PPP session stage upon receiving the PADS packet without encountering any errors.

PPP Session Stage

The PPP session stage includes LCP negotiation, PAP/CHAP authentication, and NCP negotiation.

• LCP negotiation

Upon entering the PPP session stage, LCP negotiation commences, following these steps:

• 1. Both the PPPoE client and PPPoE server exchange LCP Configure-Request packets.

• 2. Upon receiving the Configure-Request packet, each end responds based on the negotiation options included in the packet (For specifics, refer to the table below). If both ends reply with a Configure-ACK packet, the LCP link is successfully established. Until this occurs, both ends continue exchanging LCP Configure-Request packets.

• If both ends send Configure-ACK packets within the designated LCP negotiation timeframe and before the LCP negotiation timer expires, the LCP link is established successfully.

• If no Configure-ACK packet is received before the LCP negotiation timer expires, the LCP negotiation is terminated.

• 3. Once the LCP link is established, the PPPoE server regularly transmits LCP Echo-Request packets to the PPPoE client and awaits Echo-Reply packets from the client. This process serves to verify the normalcy of the LCP link.

• PAP/CHAP authentication

Following the completion of LCP negotiation, the authentication stage begins, supporting two authentication modes: PAP and CHAP.

PAP authentication

PAP is a two-way handshake protocol that verifies users using usernames and passwords, which are transmitted in plaintext. The PPPoE server (or RADIUS server) validates the correctness of the usernames and passwords against the local user table. This method is suitable for environments with minimal network security requirements.

CHAP authentication

CHAP authentication is a three-way handshake protocol utilized by the PPPoE server (or RADIUS server) to verify the correctness of the username and password against the local user table. In CHAP authentication mode, only the username (not the user password) is transmitted over the network, enhancing security compared to PAP authentication.

• NCP negotiation

NCP negotiation primarily handles network-layer parameters, such as IPCP and IPv6CP, within PPP packets. IPCP is primarily utilized by a PPPoE client to acquire an IP address or IP address range for network connectivity.

The NCP negotiation process resembles that of LCP negotiation. Upon successful NCP negotiation, the PPPoE client gains regular network access.

Upon successful NCP negotiation, the PPPoE client automatically initiates an online connection. Subsequently, the PPPoE server (typically a BRAS) sends an accounting request packet to the RADIUS server, which manages accounting for the PPPoE client.