For most LANs and some WAN connections, DHCP provides the most com- mon method for configuring client systems. For WAN connections such as DSL, another method based on PPP is often used instead. This method involves carry- ing PPP on Ethernet and is called PPP over Ethernet (PPPoE). PPPoE is used in cases where the WAN connection device (e.g., DSL modem) acts as a switch or bridge instead of a router. PPP is preferred as a basis for establishing connectivity by some ISPs because it may provide finer-grain configuration control and audit logs than other configuration options such as DHCP. To provide Internet connectivity, some device such as a user’s PC must implement the IP routing and addressing functions. Figure 6-28 shows the typical use case.
7HOHSKRQH 1HWZRUN
+RPH3 &
'6/ 0RGHP
,6 3
$FFHVV
&RQFHQWUDWRU
$FWVDVEULGJH 3 RLQWWR3 RLQW
( WKHUQHW
+RPH/$1 :LUHIURP
7HOHSKRQH
&RPSDQ\
Figure 6-28 A simplified view of DSL service using PPPoE as provided to a customer. The home PC implements the PPPoE protocol and authenticates the subscriber with the ISP. It may also act as a router, DHCP server, DNS server, and/or NAT device for the home LAN.
ptg999 Section 6.5 PPP over Ethernet (PPPoE) 287
The figure shows an ISP providing services to many customers using DSL.
DSL provides a point-to-point digital link that can operate simultaneously with a conventional analog telephone line (called plain old telephone service or POTS). This simultaneous use of the customer’s physical phone wires is accomplished using frequency division multiplexing—the DSL information is carried on higher fre- quencies than POTS. A filter is required when attaching conventional telephone handsets to avoid interference from the higher DSL frequencies. The DSL modem effectively provides a bridged service to a PPP port on the ISP’s access concentrator (AC), which interconnects the customer’s modem line and the ISP’s networking equipment. The modem and AC also support the PPPoE protocol, which the user has elected in this example to configure on a home PC attached to the DSL modem using a point-to-point Ethernet network (i.e., an Ethernet LAN using only a single cable).
Once the DSL modem has successfully established a low-layer link with the ISP, the PC can begin the PPPoE exchange, as defined in the informational docu- ment [RFC2516] and shown in Figure 6-29.
%URDGFDVW3$', 3$'2 8QLFDVW
3$'5 8QLFDVW
3HHU
&OLHQW
3HHU 6HUYHU
'LVFRYHU
&KRRVH
2IIHU
8QLFDVW3$'7
3UHSDUH
&ORVH
&ORVH
3336HVVLRQ 0HVVDJHV ([FKDQJHG
3$'6 8QLFDVW
Figure 6-29 The PPPoE message exchange starts in a Discovery stage and establishes a PPP Session stage. Each message is a PAD message. PADI requests responses from PPPoE servers.
PADO offers connectivity. PADR expresses the client’s selection among multiple pos- sible servers. PADS provides an acknowledgment to the client from the selected server.
After the PAD exchanges, a PPP session begins. The PPP session can be terminated by either side sending a PADT message or when the underlying link fails or is shut down.
ptg999 The protocol includes a Discovery phase and a PPP Session phase. The Discov-
ery phase involves the exchange of several PPPoE Active Discovery (PAD) messages:
PADI (Initiation), PADO (Offer), PADR (Request), PADS (Session Confirmation).
Once the exchange is complete, an Ethernet-encapsulated PPP session proceeds and ultimately concludes with either side sending a PADT (Termination) message.
The session also concludes if the underlying connection is broken. PPPoE mes- sages use the format shown in Figure 6-30 and are encapsulated in the Ethernet payload area.
9HU ELWV
6HVVLRQ,'
ELWVYDOXHGXULQJ'LVFRYHU\
&RGH ELWV 7\SH
ELWV /HQJWK
ELWVOHQJWKRISD\ORDG
3D\ORDGYDULDEOH 6HWWR[IRU7KLV9HUVLRQRI
333R(
333R((WKHUQHWW\SHV ['LVFRYHU\
[3336HVVLRQ
>3$'0HVVDJHV&RQWDLQ7/97DJVLQ3D\ORDG$UHD@
&RGHYDOXHV [3$', [3$'2 [3$'5 [3$'6 [$3$'7 [333VHVVLRQ
Figure 6-30 PPPoE messages are carried in the payload area of Ethernet frames. The Ethernet Type field is set to 0x8863 during the Discovery phase and 0x8864 when carrying PPP session data. For PAD messages, a TLV scheme is used for carrying configuration information, similar to DHCP options. The PPPoE Session ID is chosen by the server and conveyed in the PADS message.
In Figure 6-30, the PPPoE Ver and Type fields are both 4 bits long and contain the value 0x1 for the current version of PPPoE. The Code field contains an indica- tion of the PPPoE message type, as shown in the lower right part of Figure 6-30.
The Session ID field contains the value 0x0000 for PADI, PADO, and PADR mes- sages and contains a unique 16-bit number in subsequent messages. The same value is maintained during the PPP Session phase. PAD messages contain one or more tags, which are TLVs arranged as a 16-bit TAG_TYPE field followed by a 16-bit TAG_LENGTH field and a variable amount of tag value data. The values and meanings of the TAG_TYPE field are given in Table 6-2.
ptg999 Section 6.5 PPP over Ethernet (PPPoE) 289
To see PPPoE in action, we can monitor the exchange between a home system such as the home PC from Figure 6-28 and an access concentrator. The Discovery phase and first PPP session packet are shown in Figure 6-31.
Figure 6-31 shows the expected exchange of PADI, PADO, PADR, and PADS messages. Each contains the Host-Uniq tag with value 9c3a0000. Messages coming from the concentrator also include the value 90084090400368-rback37.snfcca in the AC-Name tag. The PADS message can be seen in more detail in Figure 6-32.
In Figure 6-32, the PADS message indicates the establishment of a PPP ses- sion for the client and the use of the session ID 0xecbd. The AC-Name tag is also maintained to indicate the originating AC. The Discovery phase is now complete, and a regular PPP session (see Chapter 3) can commence. Figure 6-33 shows the first PPP session packet.
The figure indicates the beginning of the PPP Session phase within the PPPoE exchange. The PPP session begins with link configuration (PPP LCP) by the client sending a Configuration Request (see Chapter 3). It indicates that the client wishes to use the Password Authentication Protocol, a relatively insecure method, for authenticating itself to the AC. Once the authentication exchange is complete and various link parameters are exchanged (e.g., MRU), IPCP is used to obtain and configure the assigned IP address. Note that additional configuration information (e.g., IP addresses of the ISP’s DNS servers) may need to be obtained separately and, depending on the ISP’s configuration, configured by hand.
Table 6-2 PPPoE TAG_TYPE values, name, and purpose. PAD messages may contain one or more tags.
Value Name Purpose
0x0000 End-of-List Indicates that no further tags are present. TAG_
LENGTH must be 0.
0x0101 Service-Name Contains a UTF-8-encoded service name (for ISP use).
0x0102 AC-Name Contains a UTF-8-encoded string identifying the access concentrator.
0x0103 Host-Uniq Binary data used by client to match messages; not interpreted by AC.
0x0104 AC-Cookie Binary data used by AC for DoS protection; echoed by client.
0x0105 Vendor-Specific Not recommended; see [RFC2516] for details.
0x0110 Relay-Session-ID May be added by a relay relaying PAD traffic.
0x0201 Service-Name-Error The requested Service-Name tag cannot be honored by AC.
0x0202 AC-System-Error The AC experienced an error in performing a requested action.
0x0203 Generic-Error Contains a UTF-8 string describing an unrecoverable error.
ptg999
Figure 6-31 The PPPoE exchange begins with a PADI message sent to the Ethernet broadcast address. Subsequent messages use unicast addressing. In this exchange, only the Host-Uniq and AC-Name tags are used. The PPP session begins with the fifth packet, which begins a PPP link configuration exchange that ultimately assigns the system’s IPv4 address using the IPCP (see Chapter 3).
ptg999 Section 6.5 PPP over Ethernet (PPPoE) 291
Figure 6-32 The PPPoE PADS message confirms the association between the client and the access concentrator.
This message also defines the session ID as 0xecbd, which is used in subsequent PPP session packets.
Figure 6-33 The first PPP message of the PPPoE session is a Configuration Request. The Ethernet type has changed to 0x8864 to indicate an active PPP session, and the Session ID is set to 0xecbd. In this case, the PPP client wishes to authenticate using the (relatively insecure) Password Authentication Protocol.
ptg999