Analysis of principles and applications of PPPOE broadband access

There are many methods for network access, so today we will focus on explaining the content of PPPOE broadband access and some fault problems involved. Currently, radio and television data networks are mainly constructed over Ethernet. As operators, apart from establishing a stable and reliable network, it is also important to select a good broadband access method. A good access method not only ensures secure and stable network operation, but also enables operators to conveniently carry out various services, achieve flexible billing, and better manage users. Currently, there are three main Ethernet access methods: fixed IP, DHCP, and PPPOE. VLAN + PPPOE broadband access is an ideal broadband access method.

1. Basic functions to be implemented for Broadband Access Networks

The basic functions required for broadband access networks can be summarized as follows:

1) User Management

Attackers can master user information and authenticate and authorize users during communication, so that legal users can access the network conveniently and quickly to prevent unauthorized users from occupying network resources.

2) Security Management

Valid users must ensure the security of their data during communication, isolate data packets with user personal information, and prevent the primary network devices from being attacked, resulting in network paralysis. Because the user terminal is connected to a network device using a common Nic, some broadcast address frames, such as ARP and DHCP messages, are sent during communication ), these messages carry the user's personal information, such as the user's MAC address). If these messages are not isolated and received by other users, the MAC/IP address may be counterfeited, affecting the legitimate user's access to the Internet. For operators, it is very important to protect the security of their system devices and prevent malicious attacks.

3) Business Management

Some measures must be provided to ensure QoS. To ensure service QoS, network administrators can provide users with certain bandwidth control capabilities, such as ensuring the lowest access rate and limiting the maximum access rate.

4) billing management

The access network must be able to flexibly charge users based on user types, usage time, user traffic, and other data.

2. Comparison of fixed IP, DHCP, and PPPOE broadband access methods

2.1 user management and overhead

Fixed IP Address: It is difficult to manage IP addresses. Malicious modification by users or attempts to set their own IP addresses will cause management troubles and increase the additional overhead of operators.

DHCP: on the one hand, DHCP has a lot of broadcast overhead, which may lead to a reduction in network efficiency and difficult configuration for man networks with a large number of users. On the other hand, it still cannot solve the problem of user-configured IP addresses.

PPPOE: due to the dynamic allocation of IP addresses, you do not need to configure the IP addresses, gateways, and domain names after dialing. These IP addresses are automatically generated, so you do not have to change the IP addresses on your own, it is easy to manage users, And the PPPOE protocol inserts PPPOE and PPP encapsulation between the packet header and user data. The two packages add up to eight bytes, and the broadcast overhead is very small.

2.2 billing policy

The billing policies of fixed IP addresses and DHCP methods are not flexible. Generally, the monthly subscription system is used. To realize the traffic billing function, a traffic monitoring or collection system is required, or enable the accounting function on the high-end router, and then use SNMP for billing, which may reduce the router operation efficiency.

PPPOE supports flexible billing for users, such as duration, traffic, and monthly subscription.

2.3 customization of user service policies

Fixed IP addresses and DHCP can only be used with IP address translation and address access list control to develop simple services. To achieve traffic control based on specific users, you must purchase a traffic control device.

PPPOE supports service QoS Assurance to facilitate real-time traffic control for users.

2.4 Information Security

Fixed IP addresses, DHCP, and PPPOE can both adopt VLAN-specific methods to solve the security problem of user information. Each port of the LAN switch is configured as an independent VLAN, and VLAN can be used to isolate ARP, DHCP and other broadcast messages carrying user information to improve user data security. To identify the legality of a user, you must bind the IP address and the port VID. Because each user is in a logically independent network, you must configure four IP addresses in one subnet for each user: the subnet address, gateway address, subnet broadcast address, and user host address reduce the address utilization. PPPOE uses authentication and authorization methods.

2.5 Layer 3 broadcast storm

Both the fixed IP address and DHCP address cannot solve the layer-3 broadcast storm problem. The layer-3 broadcast storm affects the quality of use of all users of the same IP address subnet. Because PPPOE adopts layer-2 Tunnel authentication, all link devices work on layer-2, and there is no layer-3 broadcast storm problem.

From the comparison above, we can see that PPPOE has great advantages over the other two access methods. Therefore, PPPOE broadband access is currently widely used by major carriers.

3. PPPOE Certification

For PPPOE authentication, you must first install the PPPOE driver software on the client. At the front end, the BRAS server works with the RADIUS server to authenticate and charge users.

Authentication process: the user sends a REQUEST by dialing and transmits it to the BRAS server over the network. After receiving the REQUEST, the BRAS server sends an access request packet to the RADIUS server, it contains the user's account, password, port type, etc. After being verified by the RADIUS server, the access reponse response packet is sent back to BRAS, which includes the user's validity and some settings, such as the user IP address, mask, gateway, domain name, and bandwidth available to the user. After receiving the information, the user can access the internet. During the Internet access period, the BRAS constantly sends billing information to the RADIUS, including the user's Internet time, user traffic, and user offline time, so that the RADIUS can be accurately charged.

From the PPPOE authentication process, we can see that the BRAS server plays a key role in the entire Link. Therefore, the BRAS server must also implement a large and comprehensive function, it includes authentication, connection, final connection, security management, billing service aggregation, convergence, and other functions. The device is complex. Because the data must pass through BRAS after the connection is established, BRAS can easily become a "bottleneck", which is the most prone to problems. When the congestion is serious, the user's connection speed is slow or cannot be connected at all, the solution is to connect multiple BRAS at the front end or put multiple BRAS in each relay data center, and adopt the distributed authentication method.

4. Code and Analysis of Common PPPOE broadband access faults

1) 645 fault description: the dial-up adapter is not installed

This is mainly for Windows ME and Windows 98. The solution is to add the dial-up adapter component under Windows 98. For Windows ME, because it does not have the option to add a dial-up adapter directly, you must first Delete the dial-up network component in the control panel, and then add the dial-up network component to add the adapter.

2) 691/629 fault description: verification fails.

The possible cause is that the user's account or password is incorrect, or the user's account balance is insufficient. If the user does not exit normally during use, the user's account will reside, wait a few minutes or restart before dialing.

3) 630 fault description: unable to dial, no suitable Nic and driver

The possible cause is that the NIC is not installed properly, the NIC Driver is abnormal, or the NIC is damaged. Check whether the NIC is working normally or update the NIC Driver.

4) 633 fault description: no phone number book found, no dial-up connection found

This may be because the PPPOE driver is not correctly installed, the driver is damaged, or the Windows system is faulty. We recommend that you delete the installed PPPOE driver, reinstall the PPPOE driver, and check whether the NIC works properly. If the problem persists, the system may be faulty. We recommend that you reinstall the system and then add the PPPOE driver.

5) 720 fault description: PPPOE connection is not supported.

It is a fault exclusive to Windows 2000. It is recommended to restart and connect again. If the fault still cannot be ruled out, it is recommended to reinstall the system.

6) 697 fault description: Nic disabled

You only need to re-enable the NIC in device management.

7) 769 fault description: 769 error upon dialing

In Windows XP, if the network card is disabled, the system cannot detect the network card, or the dial-up software fails, a 769 error is reported. Enable the NIC again, check whether the NIC is working normally, or reinstall the dialing software.

8) 678 fault description: A connection cannot be established.

This fault is complicated. If a problem occurs at any link in the user and the BRAS link, 678 of the fault may occur. The fault should be handled according to different situations.

5. Conclusion

The PPPOE broadband access method has some advantages for the convenience of user management and the flexibility of billing, but it also has its shortcomings. You need to install the client software on the client, it increases the workload of debugging and maintenance. PPPOE is a point-to-point access mode and does not support multicast. Currently, the Windows XP system provides support for the PPPOE protocol, which allows you to access PPPOE without installing the client software. This solves the problem of installing PPPOE software. PPPOE broadband access is a mature and convenient access method for operation and management. It has been widely used by carriers, including radio and television.