In recent years, the network data business has developed rapidly, the broadband users have exploded, the operators in the use of XDSL,LAN,HFC, wireless and other access methods, in order to build an operational, manageable, profitable broadband network, very concerned about how to effectively complete the user management, PPPoE is one of the many authentication techniques that come along.
1 PPPoE Protocol Overview
The working principle of 1.1PPPoE
PPPoE (PPP over Ethernet) is a PPP connection on the Ethernet, because Ethernet technology is very mature and widely used, and PPP protocol in traditional dial-up Internet applications show good scalability and quality management control mechanism, The PPPoE protocol, which is a combination of the two, is recognized and widely adopted by broadband access operators.
PPPoE establishment process can be divided into Discovery stage and PPP session stage. The discovery phase is a stateless phase, which is mainly to select the Access server, determine the PPP session ID to be established, and obtain the point-to-point connection information; The PPP session phase performs the standard PPP process.
A typical discovery phase consists of the following 4 steps:
(1) The host first actively sends the broadcast packet PADI to find the access server, PADI must contain at least one tag of the service name type to indicate the service requested by the host.
(2) When the access server receives the package, if the host requirements can be provided
Ethernet Class =0x8863/8864 version (Ver) type (type) encoding (code)
Session ID (length)
NET Lotus (Payload)
(3) The host in response to the Pado of the access server to select a suitable, and send Padr to inform the access server, PADR must declare to the access server to request the type of service.
(4) After receiving the PADR packet, the access server starts assigning a unique session ID to the user, starts the PPP state machine to prepare to start the PPP session, and sends a session confirmation package pads.
After the host receives the pads, the two sides enter the PPP session stage. In the session phase, the Ethernet class domain for PPPoE is set to 0x8864,code as the 0x00,session ID must be the value assigned by the discovery phase.
PPP session phase is mainly LCP, authentication, NCP 3 protocol negotiation process, LCP phase mainly completes the establishment, configuration and detection data link connection, authentication protocol type by LCP negotiation (CHAP or PAP), NCP is a protocol family, used to configure different network layer protocol, Commonly used is the IP Control Protocol (IPCP), which is responsible for configuring the user's IP and DNS work.
The Padt package is a session abort package that can be initiated by either party to the session, but must be valid after the session is established.
The characteristics of 1.2PPPoE
PPPoE not only has the fast and easy characteristics of Ethernet, but also has the powerful function of PPP, any protocol that can be packaged by PPP can be transmitted via PPPoE, in addition to the following features:
(1) PPPoE easy to check to the user offline, through a PPP session of the establishment and release of the user based on the time or traffic statistics, billing method is flexible and convenient.
(2) PPPoE can provide dynamic IP address allocation, the user does not need any configuration, network management maintenance is simple, no need to add equipment to solve the problem of IP address, at the same time, according to the assigned IP address, can well locate the user's activities in the network.
(3) Users through the free PPPoE client software (such as enternet), input user name and password can be used to access the Internet, with the traditional dial-up Internet, the greatest extent to extend the user's habits, from the operator's point of view, PPPoE on its existing network structure changes are very small.
Dslam is the ADSL convergence device, its core uses ATM or IP, but the upper port is Ethernet port, BAS is the local implementation of the PPPoE function of the access server, it terminated by the user side of the PPPoE process initiated. The downlink Ethernet frame is sent from the IP metropolitan area network via router to BAS, by adding the head of PPPoE to Dslam package into the AAL5 frame, after the crossover module is sent to the ADSL Modem, the AAL5 frame is completed and the Ethernet frame is sent to the client, and the client takes out the IP packets from the PPPoE packet.
The uplink PPPoE package is encapsulated into AAL5 frames in the ADSL modem, which is transmitted by ATM to the local Dslam,dslam to terminate ATM, regroup the PPPoE package, and transmit it to BAS processing through a set of PVC (permanent virtual circuit).
As you can see from the above, PPPoE will load PPP onto Ethernet, essentially providing a logical point-to-point link on a shared media network, and for users, the ATM transmission between DSLAM and ADSL modems is transparent, if the middle Dslam and ADSL Modem to switch to cable TV access equipment, is a typical HFC access, BAS on the PPPoE packet processing mode unchanged.
2 The realization of PPPoE on BAS
PPPoE dial-up software is already very mature in applications (with Windows XP), and the following focuses on how PPPoE is implemented in the Access server BAS.
2.1PPPoE of efficiency
It can be seen from the PPPoE protocol model that BAS brings together all the data streams of users, it must be each of the PPPoE packets are opened to check processing, which is largely followed by the traditional way of PPP processing, although there is good security, but once the user a lot, the number of packets is very large, the solution package speed need to quickly , bas a lot of energy spent on testing the user's packet, easy to form the "bottleneck" of access.
For this reason, distributed network Processor (NP) and ASIC chip design can be used in the hardware structure of BAS. Network processor is a special processor specially developed for telecom network equipment, it has a set of special instruction sets, which is used to deal with various protocols and business of Telecom network, and can greatly improve the processing ability of equipment. At the same time, when the ASIC is forwarding the packet to the hardware, it is far from the CPU software, so the processing and forwarding of the PPPoE data stream can be separated and the efficiency is greatly improved. In addition, the software system structure should be combined with other technologies to better play the performance of PPPoE.
2.2PPPoE combined with VLAN
VLAN is a virtual local area network (LAN), which is a kind of technology to realize virtual workgroup by dividing the equipment logically into different network segments. The purpose of dividing VLAN is to improve the security of the network, the data of different VLAN can not be exchanged freely, and it needs to be tested by the third layer. The second is to isolate the broadcast information, divide the VLAN, reduce the broadcast domain, improve the network performance, and can control the broadcast storm inside a VLAN.
PPPoE is a client/server protocol, the client needs to send PADI packet to look for BAS, so it must be with BAS in the same broadcast two-tier network, and the combination of VLAN is a good solution to this security risks. In addition, by assigning users of different business types to different VLAN processing, it is possible to conduct business flexibly and speed up processing processes, while VLAN planning must be coordinated between two layers of equipment and BAS.
BAS received the uplink of the PPPoE packet, first of all identify the category of VLAN ID, if it is ordinary dial-up users, it is discovery phase or session of the packet, and strictly in accordance with the PPPoE protocol processing. In the session phase, the IP address is assigned to the user from different address pools according to different user types, and the address pool is configured by the upper network administrator. If it is a user's packet that has already been authenticated, it is processed according to the user's service type, for example, if it is a locally authenticated dial-up user and the other person applies for the same function, it is forwarded directly locally.
If you are a dedicated user, you do not have to pass the complex certification process PPPoE, directly according to the user's VLAN ID will be able to enter the user processing process, access speed greatly improved. In addition, in order to unify the network management, between BAS and other devices need communication, these packets are internal packets, can also be based on VLAN ID to identify.
For downlink data, because BAS is responsible for allocating and parsing the user's IP, and has the function of the gateway, it receives the destination IP of the packet is the user, so the IP for the index to find the user's information than according to the Mac to be more convenient, this point with the ordinary switch, the specific process with the upstream processing almost
2.3PPPoE support for multiple business choices
Multi-service selection refers to the user through a PPP connection to the BAS to choose the various services provided by the backend network operators. The reason to support the choice of multiple services, on the one hand, because the specific implementation of various businesses in the technical focus is different, the requirements of the network performance is not the same, the previous adoption of the fixed allocation of the way is very inconvenient; on the other hand, from the development of network applications, Network content service provider ICP and network access provider ISP separation is the inevitable trend, in the access Convergence side, the ISP must strictly ensure that the user's choice of business flow to the corresponding ICP.
At present, the method is that the user chooses the corresponding business in the PPPoE dialing software first, then carries on the authorization confirmation to the user, finally activates the corresponding processing module inside the BAS. However, in this way, users can only know the name of the business, not intuitive and comprehensive knowledge of the various types of services provided by BAS, especially in the development of new business is very difficult, there are great limitations.
Therefore, BAS and the background business selection gateway and RADIUS server, to take the first certification after the choice of business, the specific operations are as follows:
(1) The host sends PADI to find the Bas,padi containing a service name type tag, its value is NULL, indicating that the user can accept any type of service.
(2) BAS received the package after the loopback Pado,pado contains all the services can provide the tag, but also contains a service named General tag.
(3) The host sends Padr. The user chooses a known service name or a General Service.
(4) BAS receives the PADR package, assigns resources to the user, and begins the PPP negotiation process. In the PPP process, BAS sends user-entered account and password information to the RADIUS server for authentication.
(5) Through the authenticated user, enjoy the service provided by BAS, but if the general is selected, it is forced to access the service selection gateway with the BAS direct connection. The service selection gateway in the background is a server with Web server function, the user can get the relevant information (including cost, bandwidth, etc.) of the business by the interactive interface of the Web, and display the corresponding information of the user account.
(6) The user chooses the corresponding business, at the same time the service chooses the gateway to define each kind of user's business scope and the Operation authority.
(7) The service selection gateway activates the corresponding business model within the access server to implement the business. The above approach is strictly in accordance with the PPPoE protocol, and the current popular dial-up software is fully compatible, if the user is not interested in other business is very familiar with the application of the business, also does not affect the user's habits.
From the perspective of BAS, the operating process of PPPoE has not changed much, just added a service type. If the operator does not currently have a service selection gateway, can be configured through the network management, in the response to the PADI package does not include general services.
For operators, the use of the above method not only greatly improve the access to user operation transparency, but also can play a role in the business portal for the next step of service expansion to provide space, and from the broadband access network after the trend of development, on demand and business type corresponding to the bandwidth and QoS is inevitable. (Computer science)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
