Understanding the PPP status and understanding the PPP protocol

We have heard of point-to-point protocols, that is, PPP protocols, during our learning of network protocols. What are the characteristics of this protocol? Here we will take a look at the PPP protocol and the PPP status. PPP is a data link layer protocol that complies with the HDLC Advanced Data Link Control Protocol.

PPP is designed to transmit network layer packets in the OSI model over point-to-point physical links (for example, RS232 serial port links and telephone ISDN lines, it has improved the previous Point-to-Point Protocol-SLIP Protocol-which can run only one network protocol at a time, has no fault tolerance control, and has no authorization. PPP is now the most popular point-to-point link control protocol.

In the PPP, the flag field is always 0 × 7f, the address (adress) field is always 0xff, and the control field is always 0 × 03. protocol) field indicates the payloaddata field encapsulated in the PPP message. If it is 0 × 0021, it indicates the IP packet encapsulated in the PPP, and 0 × 002B indicates the IPX packet, 0 × 0029 indicates AppleTalk packets, all of which belong to PPP data packets. If 0 × 8021, it indicates that ppp lcp packets are used to negotiate connections ), if it is 0xC021, the NCP packet of the PPP is used to negotiate the encapsulated layer-3 Protocol). These are the control packets of the PPP.

Shows the PPP protocol state machine:

Established in the connection establishment phase), PPP uses the LCP message to negotiate a connection to send a configuration request, and then receives the response in a simple "handshake" process, not to mention too much, if you are interested, you can read RFC1661 carefully. during the negotiation, both parties can obtain the status configuration of the current point-to-point connection, and determine which authentication method will be used in the subsequent "authentication" phase.

The authentication phase is optional. If no authentication method is set for the link negotiation phase, this phase is ignored and directly enters the "network" phase. the authentication phase uses the authentication method determined by the link negotiation phase to authorize the connection to ensure the security of point-to-point connections and prevent illegal terminals from accessing point-to-point links. common authentication methods include CHAP and PAP.

The principle of CHAP is that one end regularly challenges "challenge ", one end that receives the "challenge" packet encrypts the key in the received "challenge" packet using an algorithm negotiated by the previous dual-sending method, and then sends the result back to the initiator, this algorithm should be unique in the result. Different inputs must have different outputs) and cannot be obtained from the output, the initiator also uses this algorithm to verify whether the results are correct and authorize the peer. an example of a common solution is: the initiator sends a string with a random length and content with its username as the "key, the Party receiving "challenge" sends the received string and the password of the local user corresponding to the other user name back after calculation using the MD5 algorithm, then, the initiator compares the received calculation result with the random string calculated by the local MD5 and the result of adding its own password. If the two sending requests are consistent, the authentication succeeds.

Another authentication method, PAP, is much simpler. The authenticated user name and password are directly sent to the peer in plaintext, verify the user name and password on the peer end to determine whether the authentication is successful. therefore, CHAP is a safer authentication method.

Note that the two sides of the PPP can have different authentication methods, that is, when the side is the B side of the authentication, use the PAP method B to send your username and password to A for authentication ), at the same time, end B uses the CHAP method to authenticate end A and B initiates the CHAP challenge to end.

If the authentication phase is successful, the PPP state machine enters the "network" phase. in this phase, NCP is used to negotiate the network layer of PPP encapsulation. the NCP packet and negotiation process are very similar to that of LCP.

After the network stage, the PPP state machine enters the OPEN state. In this state, the layer-3 data packets on the PPP link can communicate normally.