Original article address: http://network.51cto.com/art/201009/223664.htm,
Point-to-point mode. The protocol that supports this form is the PPP protocol. Do you know the functions and functions of this protocol? Here we will detail the PPP protocol. After reading this article, I am sure you will have a new understanding of this agreement.
PPP protocol
I. Introduction
The Point-to-Point Protocol (PPP) is a link layer protocol designed for the transmission of data packets between equal units. This link provides full duplex operations and transmits data packets in sequence. The design is mainly used to establish a point-to-point connection to send data through dialing or leased lines, making it a common solution for simple connections between hosts, bridges, and routers.
Ii. PPP link establishment process
PPP provides a complete set of solutions for link establishment, maintenance, removal, upper-layer protocol negotiation, and authentication. The PPP protocol includes the Link Control Protocol (LCP), the Network Control Protocol (NCP), and the authentication protocol, password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) are commonly used ).
LCP is responsible for creating, maintaining or terminating a physical connection. NCP is a family of Protocols responsible for solving the network protocols running on physical connections and the problems arising from upper-layer network protocols.
The following describes how to establish a PPP link:
A typical link creation process consists of three phases: creation, authentication, and network negotiation.
Phase 1: Create a PPP link
LCP is responsible for creating links. At this stage, the basic communication mode will be selected. Devices at both ends of the link Send configuration packets (configure packets) to each other through LCP ). Once a configuration packet (configure-ACK packet) is sent and received, the switching is completed and the LCP is enabled.
It should be noted that in the Link creation phase, only the authentication protocol is selected, and user authentication will be implemented in stage 2nd.
Phase 2: user verification
At this stage, the client sends its identity to the remote access server. This phase uses a security authentication method to prevent a third party from stealing data or impersonating a remote client to take over the connection with the client. Before the authentication is completed, it is prohibited to move from the authentication phase to the network layer protocol phase. If the authentication fails, the authenticator should jump to the end of the link.
In this phase, only the Link Control Protocol, authentication protocol, and packets of The Link Quality Monitoring Protocol are allowed. Other packages received in this phase must be quietly discarded.
The most common authentication protocols are password authentication protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP ). The authentication method is described in the third part.
Phase 3: Call the network layer protocol
After the authentication phase is complete, PPP calls various network control protocols (NCP) selected during the link creation phase (phase 1 ). The selected NCP solves the High-level protocol issues on the PPP link. For example, in this phase, IP Control Protocol (ipcp) can allocate dynamic addresses to the dial-in users.
In this way, after three stages, a complete PPP link is established.
Iii. Authentication Method
1) password verification protocol (PAP)
PAP is a simple plaintext verification method. NAS (Network Access Server) requires users to provide user names and passwords, and PAP returns user information in plaintext. Obviously, this authentication method is less secure. A third party can easily obtain the transferred user name and password, and use this information to establish a connection with Nas to obtain all the resources provided by Nas. Therefore, once a user's password is stolen by a third party, Pap cannot provide protection measures to avoid being attacked by a third party.
2) challenge-handshake verification protocol (CHAP)
CHAP is an encrypted authentication method that prevents the user's real password from being transmitted when a connection is established. NAS sends a challenge password (Challenge) to remote users, including the session ID and an arbitrary challenge string (arbitrary challengestring ). Remote customers must use the MD5 one-way hashing algorithm to return the user name and the challenge password for encryption, session ID, and user password. The user name is sent in non-Hash mode.
Chap improves pap and does not directly send plaintext passwords through links. Instead, it uses challenge passwords to encrypt passwords using hash algorithms. Because the server contains the client's plaintext password, the server can repeat the operations performed by the client and compare the results with the password returned by the user. Chap generates a challenge string for each verification to prevent replay attacks (replay attack ). Throughout the connection process, chap repeatedly sends the challenge password to the client from time to prevent the remote client impersonation attack by the 3rd party.
Iv. Application of PPP protocol
PPP is currently one of the most widely used protocols on the Wide Area Network. It has the advantages of simplicity, user verification capability, and IP Address allocation.
Domestic dial-up Internet access establishes a communication link between the client and the access server of the carrier through PPP. At present, broadband access is becoming a trend to replace dial-up Internet access. In today's ever-changing broadband access technology, PPP has also developed new applications. A typical application is that in the ADSL (asymmetric data user loop, asyuncrical Digital Subscriber Loop) access mode, PPP and other protocols jointly derive a new protocol that meets the broadband access requirements, for example, pppoe (PPP over Ethernet) and pppoa (PPP over ATM ).
Using Ethernet resources to run PPP over Ethernet for user authentication and access is called pppoe. Pppoe protects users' Ethernet resources and meets ADSL access requirements. It is currently the most widely used technical standard in ADSL access methods.
Similarly, pppoa is used to manage user authentication by running the PPP protocol on an ATM (Asynchronous Transfer Mode) network. It works in the same way as pppoe. The difference is that it runs on an ATM network, while pppoe runs on an Ethernet network, so it must adapt to the ATM and Ethernet standards respectively.
The simple and complete PPP protocol has made it widely used. I believe it can play a greater role in the future development of network technology.