A detailed _PPP protocol for PPPoE working principle

Compared with the traditional access mode, PPPoE has a higher performance price ratio, it is widely used in a series of applications including the construction of Community network, and the current popular broadband access mode ADSL uses the PPPoE protocol. With Low-cost broadband technology becoming increasingly popular, DSL (Digital subscriber Line) Digital Subscriber lines technology has enabled many computers to surf the internet in a hearty fashion. But it also adds to the concern that DSL service providers have about cybersecurity. The computers that use ADSL to surf the internet are mostly connected with the Internet via Ethernet card (Ethernet). The same is normal TCP/IP, and no new protocols are attached. On the other hand, the modem dial-up access to the Internet, using the PPP protocol, that is, point to point Protocol, Point-to-Point Protocol, the Protocol has the user authentication and notification IP address function. The PPP over Ethernet (PPPoE) protocol is a technique for relaying PPP frame information in an Ethernet network, especially for ADSL applications.

Introduction to PPP protocol----------------------------ppp:point-to-point Protocol, Link layer protocol. The user realizes point-to-point communication. The PPP protocol provides a set of solutions to solve the problems of link establishment, maintenance, demolition, upper layer protocol negotiation and authentication. This includes several parts: the Link Control Protocol LCP (link controls Protocol), the Network Control Protocol NCP (network controls Protocol), the authentication protocol, and the most commonly used include the Password Authentication protocol pap (Password Authentication Protocol) and Challenge Handshake Authentication Protocol CHAP (CHALLENGE-HANDSHAKE authentication Protocol).
The frame format is similar to HDLC, and the difference is that PPP is character-oriented and HDLC is bit-oriented. The PPP frame format is as follows:

See the total number of more than 8 bytes, where the first byte is the beginning and end of the frame of the flag bit, a is the address, C represents control. The two fields of the protocol that represent the data protocol for the following information section, including: 0x0021--information field is an IP datagram
0xc021--information field is link Control data LCP
0x8021--Information field is network control data NCP
0xc023--information field is security authenticated PAP
0xc025--Information field is LQR
0xc223--Information field is security-authenticated chap

The working process of PPP protocol---------------------------------PPP communication is the communication between two endpoints, each end must first send LCP packets data to set up and test the data link, when the link is established, peer can be authenticated, Once the authentication is complete, the Network layer protocol is selected by sending the NCP packets, which can be done at the network level.
The specific process is as follows: 1. Link rest state: Link must start and end at this stage. When an external event, such as carrier interception or network administrator settings, indicates that the physical layer is ready, PPP enters the link-building phase. At this stage, the LCP automatic machine will be in the initial state, and the transition to the link building phase will give the LCP automatic machine a up event signal.
2. Link Establishment Status: LCP is used to Exchange configuration information packets (Configure packets) to establish a connection. Once a configuration Success packet (Configure-ackpacket) is sent and received, it completes the exchange and enters the LCP open state. All configuration options are assumed to use default values unless they are changed by a configured Exchange. One thing to note: Only configuration options that do not depend on a particular network layer protocol are configured by LCP. At the network layer protocol stage, the configuration of individual network layer protocols is handled by individual network Control Protocol (NCP). Any non-lcppackets received at this stage must be silentlydiscarded (silently discarded). Receiving Lcpconfigure-request (LCP configuration requirements) enables the link to be returned from the Network layer protocol phase or the authentication phase to the link establishment phase.
3. Certification phase: In some links, before allowing the Network layer protocol packets Exchange, the link may need to peer to authenticate it at one end. Authentication is not required to be enforced. If one execution wants peer to be authenticated according to a specific authentication protocol, it must require that authentication protocol to be used at the link establishment stage. Authentication should be done as soon as possible after the link is established. Link quality checks can occur at the same time. It is prohibited to advance from the authentication stage to the Network layer protocol phase until the authentication is complete. If authentication fails, the authenticator should be moved to the link termination stage. In this phase, only the link control protocol, the authentication protocol, and the Link Quality Monitoring protocol (packets) are allowed. Other packets received in this phase must be silently discarded.
4. Network layer Protocol phase: Once the PPP completes the previous phase, each network layer protocol (e.g. IP,IPX, or AppleTalk) must be set by the appropriate network Control Protocol (NCP) respectively. For example, the NCP can assign a temporary IP address to a newly accessed PC so that the PC becomes the last host on the Internet. Each NCP can be opened and closed at any time. When an NCP is in a opened state, PPP will carry the corresponding Network layer protocol packets. When the corresponding NCP is not in the opened state, any received supported Network layer protocol packets will be silently discarded.
5. Link Termination phase: PPP can terminate the link at any time. There are many reasons for link termination: Carrier loss, authentication failure, link quality failure, idle cycle timer expiration, or administrator shutdown link. The LCP terminates the link using the swap terminate (terminating) packets method. When the link is being closed, PPP notifies the network layer protocol so that they can take the right action. After swapping terminate (terminated) packets, execution should notify the physical layer of disconnection in order to force the link to terminate, especially if authentication fails. Terminate-request (Terminate-Request) sender, after receiving terminate-ack (Terminate-allow), or after the restart counter expires, should disconnect. Receive the terminate-request side, should wait for peer to cut, after issuing terminate-request, at least after a restarttime (restart time), to allow disconnection. PPP should advance to the link death phase. Any lcppackets received at this stage must be silently discarded. The PPPoE protocol and its working process-----------------------------------------PPPOE:PPP over Ethernet, is a variant protocol that is often used on DSL links (RFC 2516), in addition to PPPoA It is also sometimes used (PPP over ATM). PPPoE is typically used in DSL access networks, as shown in the following illustration: PPPoE packets are preceded by the Ethernet header in front of the PPP message, allowing PPPoE to connect to the remote access device via a simple bridging device. But here we find that the PPP content in the PPPoE message is not the same as the original PPP. You can also refer to the entire PPPoE message (including the Ethernet Frame): In detail, here's what:
Explain the significance of the key fields in the PPPoE message above. ether_type:0x8863 Discovery Stage 0x8864 PPP session Stage
code:0x00 PPP Session Stage 0x09 PPPoE active Discovery Initiation (PADI) packet 0x07 PPPOE active Discovery offer (PAD   O) Packet 0x19 PPPoE active Discovery Request (PADR) packet 0x65 PPPoE active Discovery session-confirmation (PADS) packet 0xa7 PPPOE Active Discovery Terminate (PADT) packet tag_types: (for negotiation parameters in Discovery stage)
0x0000 end-of-list
0x0101 Service-name
0x0102 Ac-name
0x0103 Host-uniq
0x0104 Ac-cookie
0x0105 vendor-specific
0x0110 Relay-session-id
0x0201 Service-name-error
0x0202 Ac-system-error
0x0203 Generic-error
The working process of PPPoE is divided into two phases, namely Discovery phase (Discorvery) and PPP session phase.
The specific process of the discovery phase (Discovery Stage) is as follows: 1. The user host broadcasts the PADI (PPPOE Active Discovery Initiatio) package to obtain all accessible access devices (with their MAC address); 2. After receiving the PADI package, the Access device returns Pado (PPPOE Active Discovery offer) as a response; 3. The user host selects a suitable access device from multiple Pado packets received, based on its name Type name or service name, and then sends the PADR (PPPOE Active Discovery Request) package. In addition, if a user host does not receive Pado within the specified time after the PADI is issued, the PADI will be sent back 4. After receiving the PADR package, the access device returns to the PAS (PPPOE Active Discovery session-confirmation) package, which contains a unique session ID, in which the two parties enter the PPP conversation stage.
The PPP session phase, that is, the communication phase after sessions are established. In addition, whether the user host or access equipment can be launched at any time Padt packet, stop communication.
The entire process of communicating using PPPoE is shown in the following illustration:

The realization of PPPoE in BAS
The PPPoE dial-up software is already very mature in application (with Windows XP above), and the following focuses on how PPPoE is implemented in the Access server BAS.
3.1PPPoE of efficiency
It can be seen from the PPPoE protocol model that BAS brings together all the data streams of users, it must be each of the PPPoE packets are opened to check processing, which is largely followed by the traditional way of PPP processing, although there is good security, but once the user a lot, the number of packets is very large, the solution package speed need to quickly , bas a lot of energy spent on testing the user's packet, easy to form the "bottleneck" of access.
　　
For this reason, distributed network Processor (NP) and ASIC chip design can be used in the hardware structure of BAS. Network processor is a special processor specially developed for telecom network equipment, it has a set of special instruction sets, which is used to deal with various protocols and business of Telecom network, and can greatly improve the processing ability of equipment. At the same time, when the ASIC is forwarding the packet to the hardware, it is far from the CPU software, so the processing and forwarding of the PPPoE data stream can be separated and the efficiency is greatly improved. In addition, the software system structure should be combined with other technologies to better play the performance of PPPoE.
　　
3.2PPPoE combined with VLAN
　　
VLAN is a virtual local area network (LAN), which is a kind of technology to realize virtual workgroup by dividing the equipment logically into different network segments. The purpose of dividing VLAN is to improve the security of the network, the data of different VLAN can not be exchanged freely, and it needs to be tested by the third layer. The second is to isolate the broadcast information, divide the VLAN, reduce the broadcast domain, improve the network performance, and can control the broadcast storm inside a VLAN.
　　
PPPoE is a client/server protocol, the client needs to send PADI packet to look for BAS, so it must be with BAS in the same broadcast two-tier network, and the combination of VLAN is a good solution to this security risks. In addition, by assigning users of different business types to different VLAN processing, it is possible to conduct business flexibly and speed up processing processes, while VLAN planning must be coordinated between two layers of equipment and BAS.
　　
BAS received the uplink of the PPPoE packet, first of all identify the category of VLAN ID, if it is ordinary dial-up users, it is discovery phase or session of the packet, and strictly in accordance with the PPPoE protocol processing. In the session phase, the IP address is assigned to the user from different address pools according to different user types, and the address pool is configured by the upper network administrator. If it is a user's packet that has already been authenticated, it is processed according to the user's service type, for example, if it is a locally authenticated dial-up user and the other person applies for the same function, it is forwarded directly locally.
　　
If you are a dedicated user, you do not have to pass the complex certification process PPPoE, directly according to the user's VLAN ID will be able to enter the user processing process, access speed greatly improved. In addition, in order to unify the network management, between BAS and other devices need communication, these packets are internal packets, can also be based on VLAN ID to identify.
　　
For downlink data, because BAS is responsible for allocating and parsing the user's IP, and has the function of the gateway, it receives the destination IP of the packet is the user, so the IP for the index to find the user's information than according to the Mac to be more convenient, this point with the ordinary switch, the specific process with the upstream processing almost
　　
3.3PPPoE support for multiple business choices
　　
Multi-service selection refers to the user through a PPP connection to the BAS to choose the various services provided by the backend network operators. The reason to support the choice of multiple services, on the one hand, because the specific implementation of various businesses in the technical focus is different, the requirements of the network performance is not the same, the previous adoption of the fixed allocation of the way is very inconvenient; on the other hand, from the development of network applications, Network content service provider ICP and network access provider ISP separation is the inevitable trend, in the access Convergence side, the ISP must strictly ensure that the user's choice of business flow to the corresponding ICP.
　　
At present, the method is that the user chooses the corresponding business in the PPPoE dialing software first, then carries on the authorization confirmation to the user, finally activates the corresponding processing module inside the BAS. However, in this way, users can only know the name of the business, not intuitive and comprehensive knowledge of the various types of services provided by BAS, especially in the development of new business is very difficult, there are great limitations.
　　
Therefore, BAS and the background business selection gateway and RADIUS server, to take the first certification after the choice of business, the specific operations are as follows:
　　
(1) The host sends PADI to find the Bas,padi containing a service name type tag, its value is NULL, indicating that the user can accept any type of service.
　　
(2) BAS received the package after the loopback Pado,pado contains all the services can provide the tag, but also contains a service named General tag.
　　
(3) The host sends Padr. The user chooses a known service name or a General Service.
　　
(4) BAS receives the PADR package, assigns resources to the user, and begins the PPP negotiation process. In the PPP process, BAS sends user-entered account and password information to the RADIUS server for authentication.
　　
(5) Through the authenticated user, enjoy the service provided by BAS, but if the general is selected, it is forced to access the service selection gateway with the BAS direct connection. The service selection gateway in the background is a server with Web server function, the user can get the relevant information (including cost, bandwidth, etc.) of the business by the interactive interface of the Web, and display the corresponding information of the user account.
　　
(6) The user chooses the corresponding business, at the same time the service chooses the gateway to define each kind of user's business scope and the Operation authority.
　　
(7) The service selection gateway activates the corresponding business model within the access server to implement the business. The above approach is strictly in accordance with the PPPoE protocol, and the current popular dial-up software is fully compatible, if the user is not interested in other business is very familiar with the application of the business, also does not affect the user's habits.
　　
From the perspective of BAS, the operating process of PPPoE has not changed much, just added a service type. If the operator does not currently have a service selection gateway, can be configured through the network management, in the response to the PADI package does not include general services.