PPP is a Point-to-Point Protocol and has important applications in network transmission. So here we will sort out this knowledge so that you can clearly understand and apply it. Now let's take a look at the specific content.
I. Introduction to the PPP protocol
PPPPoint-to-Point Protocol (Point-to-Point Protocol) is a link layer Protocol designed for the transmission of data packets between the same unit. This link provides full duplex operations and transmits data packets in sequence. The design is mainly used to establish a point-to-point connection to send data through dialing or leased lines, making it a common solution for simple connections between hosts, bridges, and routers.
Ii. PPP link establishment process
PPP provides a complete set of solutions for link establishment, maintenance, removal, upper-layer protocol negotiation, and authentication.
The PPP Protocol includes the Link Control Protocol LCPLink Control Protocol), the Network Control Protocol NCPNetwork Control Protocol), and the Authentication Protocol, including the PAPPassword Authentication Protocol) and challenge the Handshake verification Protocol CHAPChallenge-Handshake Authentication Protocol ).
LCP is responsible for creating, maintaining or terminating a physical connection. NCP is a family of Protocols responsible for solving the network protocols running on physical connections and the problems arising from upper-layer network protocols.
The following describes how to establish a PPP link:
The PPP link state machine 1 is shown. A typical link creation process consists of three phases: creation, authentication, and network negotiation.
Phase 1: Create a PPP link
LCP is responsible for creating links. At this stage, the basic communication mode will be selected. The devices at both ends of the link send the configuration message Configure Packets to the other Party through LCP ). Once a configuration package Configure-Ack packet is sent and received, the switch is completed and the LCP is enabled.
It should be noted that in the Link creation phase, only the authentication protocol is selected, and user authentication will be implemented in stage 2nd.
Phase 2: user verification
At this stage, the client sends its identity to the remote access server. This phase uses a security authentication method to prevent a third party from stealing data or impersonating a remote client to take over the connection with the client. Before the authentication is completed, it is prohibited to move from the authentication phase to the network layer protocol phase. If the authentication fails, the authenticator should jump to the end of the link.
In this phase, only the Link Control Protocol, authentication protocol, and packets of The Link Quality Monitoring Protocol are allowed. Other packages received in this phase must be quietly discarded.
The most common authentication protocols are password verification protocol PAP) and Challenge Handshake verification protocol CHAP ). The authentication method is described in the third part.
Phase 3: Call the network layer protocol
After the authentication phase is complete, PPP will call various network control protocols selected in the Link creation Phase 1 ). The selected NCP solves the High-level protocol issues on the PPP link. For example, in this phase, the IP Control Protocol IPCP can allocate dynamic addresses to the dial-in users.
In this way, after three stages, a complete PPP link is established.
Iii. Authentication Method
1) password verification protocol PAP)
PAP is a simple plaintext verification method. Network Access Server (NAS) requires users to provide user names and passwords, and PAP returns user information in plaintext. Obviously, this authentication method is less secure. A third party can easily obtain the transferred user name and password, and use this information to establish a connection with NAS to obtain all the resources provided by NAS. Therefore, once a user's password is stolen by a third party, PAP cannot provide protection measures to avoid being attacked by a third party.
2) challenge-handshake verification protocol CHAP)
CHAP is an encrypted authentication method that prevents the user's real password from being transmitted when a connection is established. NAS sends a challenge Password challenge to remote users, including the session ID and an arbitrary challenge string arbitrary challengestring ). Remote users must use the MD5 one-way hashing algorithm one-way hash algorithm to return the user name and the challenge password for encryption, session ID, and user password. The user name is sent in non-Hash mode.
CHAP improves PAP and does not directly send plaintext passwords through links. Instead, it uses challenge passwords to encrypt passwords using hash algorithms. Because the server contains the client's plaintext password, the server can repeat the operations performed by the client and compare the results with the password returned by the user. CHAP generates a challenge string for each verification to prevent replay attacks. replay attack ). Throughout the connection process, CHAP repeatedly sends the challenge password to the client from time to prevent attacks by impersonating remote client impersonation by the 3rd party.
Iv. Application of PPP protocol
PPP is currently one of the most widely used protocols on the Wide Area Network. It has the advantages of simplicity, user verification capability, and IP Address allocation.
Domestic dial-up Internet access establishes a communication link between the client and the access server of the carrier through PPP. At present, broadband access is becoming a trend to replace dial-up Internet access. In today's ever-changing broadband access technology, PPP has also developed new applications. The typical application is in the ADSL asymmetric data user Loop, asyuncrical Digital Subscriber Loop) access method, PPP and other protocols jointly derive a new protocol that meets the broadband access requirements, such as PPPoEPPP over Ethernet), PPPoAPPP over ATM ).
Using Ethernet) resources and running PPP over Ethernet for user authentication and access is called PPPoE. PPPoE protects users' Ethernet resources and meets ADSL access requirements. It is currently the most widely used technical standard in ADSL access methods.
Similarly, in Asynchronous ATM Transmission Mode, Asynchronous Transfer Mode), PPPoA is used to run the PPP protocol to manage user authentication. It works in the same way as PPPoE. The difference is that it runs on an ATM network, while PPPoE runs on an Ethernet network, so it must adapt to the ATM and Ethernet standards respectively.
The simple and complete PPP protocol has made it widely used. I believe it can play a greater role in the future development of network technology.