We have explained the basic content of PPPoE. Here we will focus on the implementation of the PPPoE protocol on BAS. PPPoE dial-up software is already very mature in applications (Windows XP self-carried). The following focuses on the implementation of PPPoE in the Access Server BAS.
1. PPPoE protocol Efficiency
From the PPPoE protocol model, we can see that BAS aggregates all the user's data streams, and each PPPoE package must be split for inspection and processing, this follows the traditional PPP processing method to a large extent. Although it provides good security, once there are many users, there are a large number of data packets, and the encapsulation speed needs to be fast, BAS spends a lot of energy on detecting user data packets, which easily forms a "bottleneck" of access ".
Therefore, the distributed network processor (NP) and ASIC chip can be used in the BAS hardware structure. A network processor is a dedicated processor developed specifically for telecommunication network devices. It has a set of specialized instruction sets for processing various protocols and services of telecommunication networks, which can greatly improve the processing capability of devices. At the same time, when an ASIC chip forwards data packets, the performance is close to that of the hardware, far from being comparable to that of the CPU software. In this way, PPPoE data stream processing and forwarding are separated, greatly improving the work efficiency. In addition, the software system structure should be combined with other technologies to better utilize the performance of PPPoE.
2. Combination of PPPoE and VLAN
VLAN is a virtual LAN technology that logically divides devices in a LAN into different network segments to implement virtual working groups. VLAN Division aims to improve network security. Data in different VLANs cannot communicate freely and must undergo layer-3 tests. Second, broadcast information is isolated. After VLAN division, the broadcast domain is reduced, improves network performance and controls broadcast storms within a VLAN.
PPPoE is a client/server protocol. The client needs to send a PADI package to search for BAS. Therefore, it must be in the same broadcast L2 network as BAS, the combination with VLAN solves the security risks in this aspect. In addition, users of different business types can be allocated to different VLANs for processing, so as to flexibly carry out services and speed up the processing process. Of course, VLAN planning must be uniformly coordinated between L2 devices and BAS.
After receiving the upstream PPPoE package, BAS first identifies the category of the vlan id. If it is a common dial-up user, it determines whether it is a data packet in the Discovery phase or session phase, and strictly follow the PPPoE protocol. In the session phase, IP addresses are allocated to users from different address pools based on different user types. The address pool is configured by the upper-layer network management. If it is a user data packet that has passed the authentication, it is processed according to the user's service type. For example, if it is a locally authenticated dial-up user, and the other party applies for the same function, it is directly forwarded locally.
If you are a leased line user, you can directly enter the leased line user processing process based on the user's vlan id without going through the complicated authentication process of the PPPoE protocol. The access speed is greatly improved. In addition, to achieve unified network management, communication is required between BAS and other devices. These data packets are internal data packets and can be identified by vlan id.
For downstream data, BAS is responsible for allocating and parsing the user's IP address, and also provides the gateway function. It receives the destination IP address of the data packet, therefore, it is much more convenient to search for user information based on IP addresses than on MAC. This is different from that of a common switch. The process is similar to that of uplink processing.
3. Support of PPPoE for Multi-Service Selection
Multi-Service Selection refers to the user's self-selection of various services provided by the backend network operator through a PPP connection ending with BAS. The reason for supporting multiple services is that the specific implementation of various services has different technical focuses and different requirements on network performance, the previous fixed allocation method was inconvenient. On the other hand, from the perspective of the development of network applications, the separation of the Network Content Service Provider (ICP) and the ISP of the network access provider (ISP) is an inevitable trend. On the access aggregation side, the ISP must strictly ensure that the selected business flow is forwarded to the corresponding ICP.
The current method is to select the corresponding service in the PPPoE dialing software, then confirm the user's business authorization, and then activate the corresponding processing module in the BAS. However, in this way, users can only know the business name and cannot intuitively and comprehensively learn the various business types provided by BAS, especially in the development of new businesses, it has many limitations.
Therefore, you can combine BAS with the backend Service Selection gateway and RADIUS server to authenticate the server and then select the service. The specific operations are as follows:
(1) The host sends PADI to search for BAS. PADI contains a service name TAG. Its value is null, indicating that the user can accept any type of service.
(2) BAS receives the package and sends it back to PADO. PADO contains the tags of all services that can be provided and a TAG named General.
(3) The host sends PADR messages. Select a known service name or a General Service.
(4) After receiving the PADR package, BAS allocates resources to the user and starts the PPP negotiation process. During the PPP process, BAS sends the user-entered account and password to the RADIUS server for authentication.
(5) authenticated users can enjoy the service provided by BAS. However, if General is selected, the user is forced to access the service directly connected to BAS and select the gateway. The backend Service Selection gateway is a Server with the Web Server function. You can obtain information about the selected services (including costs and bandwidth) through the Web interactive interface ), the user account information is displayed.
(6) The user selects the corresponding business, and the service selection gateway defines the business scope and operation permissions of various users.
(7) The service selects a gateway to activate the corresponding internal business model of the Access Server to implement the service. The above methods are strictly implemented in accordance with the PPPoE protocol and fully compatible with the popular dial-up software. If you are not interested in other services and are very familiar with the applications, does not affect users' habits.
From the perspective of BAS, the operation process of the PPPoE protocol has not changed, but an additional service type has been added. If the carrier does not select a gateway for the service currently, you can configure it through the network management, so that the General service is not included in the response to the PADI package.
For carriers, the above method not only greatly improves the transparency of user access operations, but also serves as a business portal to provide space for further service expansion, in addition, according to the future development trend of broadband access networks, it is inevitable that the bandwidth and QoS corresponding to the business type should be allocated on demand. The operation mode of PPPoE is the future development direction of the business.
4 PPPoE support for Multicast
PPPoE is a Point-to-Point Protocol. Each user and BAS have a PPP link. The user and BAS transmit data through this link through a layer-2 device in the form of unicast. However, with the continuous development of online video services, the demand for bandwidth is growing, and PPPoE is very important to support multicast. The multicast protocols supported by PPPoE generally refer to the layer-2 multicast protocol IGMP proxy or IGMP Snooping. The basic method is to send multicast packets in groups, the following describes the implementation methods of the two Protocols.
◆ IGMP Snooping
IGMP Snooping maintains the ing between multicast addresses and VLAN tables by listening for IGMP messages that communicate between users and routers. It maps activity members of the same multicast group to a VLAN, after receiving the multicast packet, the packet is only forwarded to the VLAN member corresponding to the multicast group. The procedure is as follows:
(1) The host conducts PPPoE negotiation with BAS and passes PPPoE authentication.
(2) The host sends an IGMP member report packet to the router. The BAS listens to the packet and obtains the multicast group address from the PPPoE packet to add the user to the corresponding VLAN, if the user is the first user in the multicast group, a multicast entry is generated for the multicast group and the packet is forwarded to the top-layer router to update the multicast route table.
(3) When BAS receives the multicast datagram from the vro, it finds the corresponding VLAN based on the relationship between the multicast MAC address and the multicast IP address, then, the packets are encapsulated into a session packet of the PPPoE protocol and forwarded to the members in the VLAN.
(4) When receiving a packet from the host requesting to leave the multicast group, BAS deletes the port that received the packet from the corresponding VLAN, if the user is the last user in the multicast group (the VLAN is empty at this time), delete the VLAN and forward the packet content through the upstream port. The IGMP Snooping rule is relatively simple. The query package is passthrough in the downstream direction, and the upstream direction is forwarded to or out of the package as needed. However, the BAS must have a three-layer extraction function, it is transparent to hosts and routers.
◆ IGMP Proxy
IGMP Proxy sets up a multicast table by intercept IGMP messages between the user and the router. the uplink port of the Proxy device executes the role of the host, and the downlink port executes the role of the router.
The following is a brief process:
(1) The host conducts PPPoE negotiation with BAS and passes PPPoE authentication.
(2) the uplink port executes the host role and responds to the query from the vro. When a new user group or the last user in a group exits, it actively sends the member report package or leaves the package.
(3) Business packages in the downstream direction are forwarded according to the multicast table.
(4) The role of the downstream port to execute the vro is fully performed in accordance with the mechanism specified in IGMP V2, including the queryers' election mechanism, regularly sending General query information, and sending specific queries when receiving the exit package. IGMP Proxy implements different functions on two ports, with a relatively large workload. The advantage is that when there is no router in the network, the IGMP Proxy device can act as the queryer, in addition, if you want to extend the multicast routing function, Proxy is more convenient than Snooping. Considering the huge pressure of BAS to copy PPPoE multicast data to underlying devices, the current switch and some DSLAM (especially IP-based DSLAM) have started to support layer-2 multicast, therefore, it is better to adopt IGMP Proxy from the perspective of development.