Pppoe Protocol Introduction

Pppoe, short for Point-to-Point Protocol over Ethernet, works at the OSI data link layer. pppoe Provides broadcast-type networks (such as Ethernet) multiple hosts are connected to the Remote Access Concentrator (we use a broadband access server for the devices that can currently complete the above functions.

1. How pppoe works

The pppoe protocol consists of two phases: the pppoe discovery stage and the pppoe session stage ). The main difference between the two is that the pppoe packet header is encapsulated before the PPP data packets.

When a host wants to start a pppoe session, it first looks for an Access Concentrator on a broadcast network. Of course, Multiple Access Concentrator may exist on the network, for the host, the selection is based on the services provided by the Access Concentrator (AC, access concentration) or the user's pre-configuration. After the host selects the required Access Concentrator, it starts to establish a pppoe session process with the Access Concentrator. In this process, the Access Concentrator allocates a unique process ID for each pppoe session. After the session is established, the pppoe session phase starts, in this phase, we have established a point-to-point connection (this point-to-point structure is different from that of PPP, which is a logical point-to-point relationship) to exchange data packets using the PPP protocol, to complete a series of PPP processes, the network layer datagram is finally transmitted on this point-to-point logical channel.

2. pppoe data packet format

We will briefly introduce the data packet format of pppoe. Pppoe data packets are encapsulated in the data domain of the Ethernet frame. To put it simply, we may divide the pppoe packet into two parts: one is the data header of pppoe, and the other is the net load (data domain) of pppoe ), the content in the data domain of the pppoe packet will change as the session process progresses. 1. Format of pppoe packets:

Version	Type	Code	Session ID
Length Field			Net Load (or data domain)

(Figure 1 pppoe datagram format)

L pppoe data packets start with a four-digit version domain. The Protocol provides clear provisions that the content of this domain is filled with 0x1.

L The four digits following the versionfield are type fields. The protocol also stipulates that the content of this field is filled with 0x1.

L The code domain occupies 1 byte, And the content in this domain is different for different stages of pppoe.

L The session ID point uses two bytes. If the Access Concentrator has not assigned a unique session ID to the user host, the content in the domain must be filled with 0x0000, once the host obtains the session ID, the unique session ID value must be filled in the domain in all subsequent messages.

L The length field is two bytes to indicate the length of the net load in the pppoe datagram.

L data domains, also known as Net Load domains, have different data contents in different stages of pppoe. In the pppoe discovery phase, some tags are added to the domain. In the pppoe session phase, the domain carries PPP packets.

Here we will mainly introduce the Message format and its packets in the pppoe discovery phase:

1) tag format in pppoe Datagram

For pppoe data packets in the discovery phase, its net load may contain zero or multiple tags. In fact, these tags are very similar to PPP Configuration Parameter options, it also needs to be negotiated. The pppoe protocol does not have much details defined as the PPP Configuration Parameter options, but is just a preliminary definition, therefore, the actual implementation of this process will vary according to the devices of different manufacturers. First, let's take a look at the mark Encapsulation Format carried in the pppoe message data domain. 2,

Type	Length
Data

(Encapsulation Format marked in figure 2)

As shown in figure 2, the tag Encapsulation Format uses the well-known TLV structure (Type + Length + data ). The type fields of the tag are two bytes. The following table lists the meanings of the tag types:

Tag type	Tag description
Zero x 0000	Indicates the end of a string of tags in the data domain of the pppoe message. It is retained to ensure version compatibility and is applied in some packets.
Zero X 0101	Service name, mainly used to indicate some services that the network side can provide to users.
Zero X 0102	The Access Concentrator name. When the user side receives the pado packet from the AC response, the user can obtain the name of the Access Concentrator from the flag carried, you can also select the Access Concentrator accordingly.
Zero X 0103	The unique identifier of the host, similar to the identifier domain in the PPP data packet, is mainly used to match the sender and receiver, because many pppoe data packets exist in the broadcast network at the same time.
Zero X 0104	Ac-cookies are mainly used to prevent malicious DoS attacks.
Zero X 0105	The identifier of the seller.
Zero X 0110	The relay session ID. For pppoe data packets, it can also be interrupted to end on another ac like a DHCP packet. This field is used to maintain another connection.
Zero X 0201	The service name is incorrect. When the requested service name is not accepted by the peer end, this flag is carried in the Response Message.
Zero X 0202	An error occurred while accessing the concentrator name.
Zero X 0203	General error.

The length field of the mark is 2 bytes, which indicates the length of the Mark data field.

L The Marked data fields are used to place the data corresponding to different types of tags.

2) data packets in the pppoe discovery phase

The discovery phase of pppoe can be divided into four steps. In fact, this process is also a process of exchanging the four types of data packets of pppoe. After completing these four steps, both the host and the Access Concentrator can obtain the MAC address and unique session ID of the other party, and then enter the next phase (pppoe session phase ). In fact, after the two sides know each other's MAC address, they have determined a one-to-one correspondence relationship on the broadcast network. To ensure the validity of this connection, at the same time, the pppoe protocol can be used more flexibly. Therefore, the session ID field is added to determine the point-to-point relationship between the two parties through these two conditions.

At the beginning of this phase, because the access user does not know the MAC address of the Access Concentrator, a mechanism similar to the ARP parsing process is used to obtain the MAC address of the Access Concentrator. First, an initialized broadcast packet is initiated by the access user. When the Access Concentrator is configured with pppoe, it will detect packets on the network, when it is found that the Ethernet data frame carries the pppoe packet (which is differentiated by the Protocol domain content), it will be handed over to the corresponding module for processing. After receiving the initialization packet, the Access Concentrator will respond to the user with a message. If there are many such Access Concentrator on the network and all of them receive the Initialization Packet sent by the user side, they will also send a confirmation packet to the user side, if the user receives the message, a unique Access Concentrator is selected based on the content carried in the message or some local configurations. By now, the first two steps have been completed. The remaining two steps are to negotiate some provided service options and obtain the session ID value required for the pppoe session phase.

Note: At this stage, all data packets are carried in the Ethernet data domain, and the protocol domain of the Ethernet data frame is always 0x8863.

During the four steps of pppoe discovery, pppoe may encounter four types of packets: padi, pado, padr, and pads. The PAdT packet in pppoe is used to terminate a session.

LPadi (pppoe active discovery initiation) packets

The first step in the pppoe discovery phase is that the user side first sends such a message. The user host sends this message in broadcast mode. Therefore, the destination address domain of the Ethernet frame corresponding to the message should be 1, and the source address domain should be filled with the MAC address of the user host. The broadcast package may be received by Multiple Access Concentrator.

LPado (pppoe active discovery offer) packets

The second step in the pppoe discovery phase is that the Access Concentrator responds to the padi packets sent by each user host. At this time, the source address of the Ethernet frame corresponding to the packet is filled with the MAC address of the Access Concentrator, the target address is the MAC address of the user host obtained from padi.

LPadr (pppoe active Discovery request) packets

The third step in the pppoe discovery phase is that the user host sends unicast request packets to the access server. When the user host receives the pado packet, it selects an Access Concentrator from these packets as the object for subsequent sessions. The user host receives the MAC address of the Access Concentrator after receiving the pado packet. Therefore, the source address of the Ethernet frame of the padr packet is filled with the MAC address of the user host, the destination address of Ethernet is the MAC address of the Access Concentrator.

LPads (pppoe active discovery session-confirmation) packets

The fourth step in the pppoe discovery phase is the last step. When the Access Concentrator receives a padr message, it is ready to start a PPP session, at this time, the Access Concentrator allocates a unique session process ID for this session and carries this session ID in the pads message sent to the host. Of course, if the Access Concentrator does not meet the service applied by the user, a pads message will be sent to the user, with a service name error mark, in this case, the session ID in the pads packet is filled with 0x0000.

LPAdT (pppoe active discovery terminate) packets

The PAdT message may be sent at any time after the start of the session, mainly used to terminate a pppoe session. It can be sent by the host or Access Concentrator, And the destination address is filled with the MAC address of the Peer Ethernet.