PPPOE (Point to Point Protocol over Ethernet)

1
PPPOE(Point to Point Protocol over Ethernet)
April.2002
ISR System Hyunjong Lee hjlee_at_corecess.com
2
Introduction

• Point to Point Protocol
• Standard method for transporting multi protocol
  datagrams over ppp links
• components
• Encapsulation method
• ??? ?? ??? ??, ??, ??? ?? Link Control
  Protocol(LCP)
• ?? ?? ??? ????? ??, ??? ?? Network Control
  Protocol(NCP)
• Encapsulation
• ?? ??? ?? ?? network layer protocol ? ??? ??
• Encapsulation Octets HDLC-like frame?? ??? ???
  ???? 8 octets? ??, ???? ??? ???? 2 ?? 4 octets??
  ?? ??
• Link Control Protocol
• Portability ??? ??? ??
• Encapsulation ?? ?? ??, ??? ??? ?? ??, ?? ??, ??
  ??
• Network Control Protocol
• ? ?? ?????? ???? ??? ??
• Network protocol? ??

3
Encapsulation

• PPP Encapsulation
• Default encapsulation is HDLC
• Protocol Field
• 1 ?? 2 octet
• Information field?? encapsulation? ??? ?? ??
• 0x0 0x3 network layer protocol (ex
  0x0021 IP)
• 0x8 0xb NCP(ex 0x8021 IPCP)
• 0xC 0xF link layer control protocol
  (ex 0xC021 LCP)
• Information Field
• 0??? octet
• ???? ??? ??? ????? ?? ????? ??
• ?? ??? ?? ?? ??(MRU)? 1500octets? ??
• Padding Field
• ??? ?? ??? PPP?? ?? MRU?? ??
• ?? ??? padding? ???? ?? ? ????? ??

4
Link Operation (phase diagram)
5
Phase of Link Operation

• Link Dead
• ??? ????? ? ??? ???? ???.
• Carrier??, ? ???? ??? ?? ?? ??? ?? ??? ??? ????
  ???? ?? ?? ??? ??
• Link Establishment
• LCP? configure packets ? ??? ?? ?? ??
• Configure-Ack ??? ????? ???? LCP opened state? ??
• Network layer protocol ? ??
• Network layer protocol configure? Network layer
  protocol? NCP? ????
• Authentication
• ??? ????? ????? ???.
• PAP Password Authentication Protocol
• CHAP Challenge Handshake Authentication
  protocol
• Network-layer Protocol
• ?? ??? ?? ????? ??? ? network-layer protocol (ex
  IP, IPX, AppleTalk)? ??? NCP? ??
• ? ????? LCP, NCP ? networks layer protocol? ????.

6
Phase sequence
user
NAS
Phase
Setup
lt Link Dead gt
Connect
LCP Configuration-Request
lt Link Establishment gt
Configure-Ack
lt Authentication gt
IPCP Configure-Request
Configuration-Ack
Datagram
lt Network Layer Protocol gt
IPCP Terminate-Request
Terminate-Ack
LCP Terminate -Request
lt Link Termination gt
Terminate-Ack
Clear
lt Link Dead gt
Disconnect
7
Concept of Operation

• concept of Operation
• ??(event), ??(state), ??(action)?? ??

8
State Diagram
closed
closing
opened
stopped
stopping
initial
starting
Req- sent
Ack- Rcvd
Ack- Sent
Initial, Starting state
9
State Transition Table
10
Event Action
11
LCP Packet Format

• LCP Packet ??
• ??? ???? ????? ???? link configure packet
  (configure-Request, Configure-Aak, Configure-Nak,
  Configure-Reject)
• ??? ????? ???? link termination
  packet(Terminate-Request, Terminate-Ack)
• ??? ???? debug??? ???? link maintenance
  packet(Code-Reject, Protocol-Reject,
  Echo-Request, Echo-Reply, Discard-Request)
• LCP Packet Format
• Code LCP Packet ?? ??
• 1 Configure-Request, 2 Configure-Ack, 3
  Configure-Nak, 4 Configure-Reject
• 5 Terminate-Request, 6 Terminate-Ack, 7
  Code-Reject, 8 Protocol-Reject
• 9 Echo-Request, 10 Echo-Reply, 11
  Discard-Request, 12 Identification
• 13 Time-Remaining
• Identifier ?? ??? ?? ??? ??
• Length Code Identifier Length Data
• Data 0 ??? ??? octets

12
LCP configuration option

• LCP ?? ??
• Configuration packet format
• Type 1 octet.
• 0 Reserved, 1 Maximum Receive Unit, 3
  Authentication Protocol, 4 Quality protocol
• 5 Magic-Number, 7 Protocol Field Compression,
  8 Address and Control Field compression
• 9 FCS Alternatives, 10 Self Describing
  Padding, 13 Callback, 15 Compound Frames
• Length 1 octet, Type Length Data
• Data 0 ??? octet, ?? ??? ??? ??? ??

13
IPCP

• IP? ?? PPP Network Control Protocol
• P to P ??? ? ??? IP ???? ??? ???? ???? ?? ????
  ??.
• LCP? ??? ?? ?? ??? ??
• IPCP ???? PPP? network layer protocol ??? ??? ???
  ???? ??
• IPCP ??(LCP? ?? ?)
• ??? ?? ?? ???? ?? ???? ??? IPCP ??? ???? ???
  0x8021? ???? PPP ??? ?? ?? ???? ?? ???
  encapsulation?
• Code ?? Code 17? ??, ?? Code? Code-Reject?
• Configuration option field IPCP? ???
  configuration option ??
• IP ?????? ??
• PPP? network layer protocol ??? ???? ??, IPCP? ??
  ??? ??? ??.
• ???? ??? IP ??? Protocol Field? 0x0021? ???? PPP
  ??? ?? ?? ???? ?? ??? encapsulation ??.
• PPP???? ???? IP ??? ?? ??? PPP ??? ?? ?? ????
  information filed? ?? ??? ??.
• ?? ? IP ??? ??? ??? ?? ????? ??.
• ???? ?? ? ???? ??? ??? RFC879? TCP Maximum
  Segment Size ??? RFC1191? MTU Discovery? ???? ??.

14
Password Authentication Protocol -1

• LCP Authentication-Protocol Configuration option
  format
• type len Authentication-Protocol
• Type (1 octet) 3
• Len (1 octet) 4
• Authentication-Protocol (2 octet) 0xC023
• PPP Protocol ID 0xC023
• PAP packet format
• type identifier len data
• Code (1octet) 1(Authentication-Request),
  2(Authentication-Ack),
• 3(Authentication-Nak
  )
• Identifier (1octet) request? reply?? match
• Len (2 octet) PAP packet length
• Data (0 octet ??) ?? ?

15
Password Authentication Protocol -2

• Authentication-Request packet
• code identifier len peerID-len
  passwd-len passwd
• peerID-len (1 octet) peerID Field Length
• peerID (0 octet ??) ??? peer? ID
• Passwd-len (1 octet) passwd Field Length
• Passwd (0 octet ??) ??? passwd
• Authentication-Ack/Nak packet
• code identifier len msg-len msg
• Msg-len ( 1octet) msg field length
• Msg (0 octet ??) implementation dependent (
  ASCII? ? plain text)

16
Password Authentication Protocol -3
user
NAS
Setup
Connect
Authentication-Protocol Configuration Option with
0xC023
lt Link Establishment gt
PAP-Authentication-Request
ID/Password message
PAP-Authentication-Ack
Network Layer Protocol
lt Link Termination gt
Clear
Disconnect
17
Change Handshake Authentication Protocol -1

• 3-way handshake protocol
• Link? ??? ??? ??? ??? ??? ? ??.
• LCP Authentication Protocol Configuration option
  format
• type len Authentication-Protocol
  algorithm
• Type (1 octet) 3
• Len (1 octet) 5
• Authentication-Protocol (2 octet) 0xC223
• Message (1 octet) 5 (CHAP with MD5)
• PPP Protocol ID 0xC223

18
Change Handshake Authentication Protocol -2

• CHAP packet format
• code identifier len data
• Code (1octet) 1(Challenge), 2(Response),
  3(Success), 4(Failure)
• Identifier (1 octet) challenge, response??
  match
• Len (2 octet) CHAP packet ??
• Data (0 octet??) ?? ??
• Challenge/Response
• code identifier len value-size value
  name
• Value-size (1 octet) value field length
• Value (1 octet ??) challenge value or response
  value
• Challenge value a variable stream of octets
• Response value the one-way hash calculated over
  a stream of identifier secret challenge
  value
• Name (1 octet ??) ??? ???? ???? ??
• Success/Failure
• code identifier len msg
• Msg (0 octet ??) implementation dependent(ASCII
  plain text)

19
Change Handshake Authentication Protocol -3
lt peer gt User
lt authenticator gt NAS
Setup
Connect
lt Link Establishment gt
Challenge
One-way hash
Response
lt Authentication gt
Ack
A random interval
A random interval
20
PPPOE introduction

• Point to Point Protocol over Ethernet
• Network host(client)? simple bridging? ??? remote
  access concentrator(server)? access ? ? ?? ????
• Access control, billing, type of service? ?????
  site?? ??? user??? ??
• Protocol overview
• Two distinct state Discovery stage, PPP Session
  stage
• Discovery stage ?? PPPoE Session ??? peer?
  ether MAC address? identify??
• PPPoE ? Session ID ? establish??. (server? client
  relationship)
• PPP Session stage PPP Session start (Dead phase
  ? Establish phase)

21
PPPoE encapsulation
Ether type 0x8863 -gtDiscovery stage
0x8864 -gt PPP Session stage
Destination ADRS
Source ADRS
Ether type
payload
ver
code
type
Checksum
Session ID
length
Ether type Discovery Stage (0x8863)
Ether type PPP Session Stage
(0x8864) Code 0x00
payload
TAG_type
Protocol
TAG_length
information
TAG_value
padding
22
Discovery stage
Four steps of Discovery Stage
lt host gt client
lt concentrator gt server
Broadcasting Initiation packet
PADI (PPPoE Active Discovery Initiation)
One of more concentrator send Offer packet
PADO (PPPoE Active Discovery Offer)
Session request packet (unicast)
PADR (PPPoE Active Discovery Request)
Confirmation packet
PADS (PPPoE Active Discovery Session-confirmation)
PPP session stage
Terminate packet
PADT (PPPoE Active Discovery Termination)
23
LCP Consideration on PPPoE

• Recommend
• Magic Number LCP configuration
• Not Recommend
• Protocol Field Compression(PFC)
• Must reject
• Field Check Sequence(FCS) Alternatives
• Address and Control Field compression (FCFC)
• Asynchronous Control Character Map(ACCM)
• Must fixed
• PPP MTU Must Not be greater than 1492
• When LCP terminates, the Host and Access
  concentrator MUST stop using that PPPoE Session.
  To restart, it MUST return to the PPPoE Discovery
  stage

24
Other Consideration on PPPoE

• Time out Resend packet
• If host does not receive PADO PADS packet for
  time out period, host resend PADI PADR
  packet(extend double of waiting time).
• Security
• AC Cookie TAG To protect against DOS(Denial
  of Service) attacks.