Understanding the PPPoE protocol discovery phase

Here we will analyze some specific content of the PPPoE protocol. We have also studied the PPP protocol before, so we can understand PPPoE more easily. This time we will also talk about the PPPoE discovery stage. Data packets of the PPPoE protocol are encapsulated in the data domain of the Ethernet frame.

Ethernet frame headers include:

1. Target MAC address (the broadcast address in this phase is ffffffffffff)

2. source MAC address client MAC address)

3. Ethernet protocol type (this stage is 0x8863, indicating the discovery stage ).

PPPoE data packet format:

1. PPPoE data packets start with a Version domain Version). The Protocol provides clear provisions that the content filled with this domain is 0x01.

2. The version domain is a four-digit Type domain. According to the protocol, the content filled with this domain is also 0x01.

3. The Code field occupies one byte, and the content of this field is different for different stages of PPPoE.

4. session IDSession ID) occupies two bytes. When the Access Concentrator has not been assigned a unique session ID to the user host, the domain content must be filled with 0x0000; once the host obtains the session ID, the unique session ID must be filled in all subsequent packets.

5. the Payload Length of PPPoE occupies two bytes. The Payload of PPPoE can be composed of multiple TLVs, each of which includes Tag_Type, Tag_Length, and Tag_Vlaue.

Discovery phase

The PPPoE Discovery phase consists of four steps: PADI (PPPoE Active Discovery Initiation), PADO (PPPoE Active Discovery Offer), and PADR (PPPoE Active Discovery Request ), PADS (PPPoE Active Discovery Session-confirmation ). After completing these four steps, both the user host PC and the Access Concentrator AC can obtain the unique MAC address and unique session ID of the other party. The MAC address and session ID jointly define a unique PPPoE session. The Ethernet Type of PPPoE Discovery is 0x8863.

1. PADI: the first step in PPPoE discovery. The user host sends the PADI packets in broadcast mode and requests to establish a link. The Code field is set to 0x09, and the session ID field must be set to 0x0000.

2. PADO: Step 2 of PPPoE discovery stage. Access Concentrator AC) sends a PADO packet to respond to the host request in Unicast mode. The destination address is the MAC address of the host, the Code field is set to 0x07, and the session ID field must be set to 0x0000. A pado packet must contain a Tag of the AC-Name type that contains the Name of the Access Concentrator ).

3. PADR: Step 3 of PPPoE discovery stage. Because PADI packets are broadcast, the host may receive more than one PADO packet. After receiving the packet, the host selects an AC based on the service provided by AC-Name or PADO, and then broadcasts a PADR packet to the selected AC. The MAC address of the target address domain is AC, the Code domain is set to 0x19, and the session ID field must be set to 0x0000. A padr message must contain only one Tag with the Tag_Type of Service-Name, indicating the Service requested by the host.

4. PADS: the last step of PPPoE discovery. When the AC receives the PADR message, it is ready to start a PPP session. It creates a unique session ID for the PPPoE session and broadcasts a PADS packet to respond to the host. The target address field is the MAC address of the host, the Code field is set to 0x65, and the session ID must be set to the created session ID.

Note:

1. Host-Uniq

In the four steps of the PPPoE protocol discovery phase, the Payload of the PPPoE header always contains the following TLV:

Tag_Type = 0103 (Host-Uniq)

Tag_Length = 8 8 bytes)

Tag_Value = 0500000008000000

Host-Uniq is the unique identifier of the Host. It is similar to the identifier domain in PPP data packets and is mainly used to match the sender and receiver. This is because many PPPoE data packets exist simultaneously in a broadcast network.

2. AC-Cookie

Both PADO and PADR data packets contain tags with the Tag_Type of AC-Cookie, 16 Bytes. Ac-Cookie is used to prevent Denial-of-Service (DOS) attacks ). Access Concentrator AC) can generate unique Tag_Value based on the source address of PADR. In this way, AC can ensure that the source address of PADI is reachable and limit the number of parallel sessions of the address.