Pages

What is PPP and PPPoE?


Point To Point Protocol (PPP) and Point To Point Protocol over Ethernet (PPPoE) are network protocols that allow data communication between two network entities or points. Throughout the documentation for both protocols, points are referred to as nodes, computers, or hosts. The protocols are similar in design with a major difference - PPPoE is encapsulated in Ethernet frames. Both protocols exist at the network access layer (also known as the data link layer) that supports network layer protocols including IPv4 and IPv6.

Point To Point Protocol (PPP)

PPP was first proposed as a standard by the Internet Engineering Task Force (IETF) in 1989 and became a working standard in 1994. The IETF specification for PPP is RFC 1661. PPP is a protocol most widely used by Internet service providers (ISPs) to enable dial up connections to the Internet. PPP facilitates the transmission of data packets between point to point links. Originally designed to work with serial connections, PPP was adopted by ISPs to provide dial up Internet access. PPP can be encapsulated in a number of data link layer protocols, including Ethernet (PPPoE) and Asynchronous Transfer Mode (PPPoA).

PPP uses Link Control Protocol (LCP) to establish a session between a user's computer and an ISP. LCP is responsible for determining if the link is acceptable for data transmission. LCP packets are exchanged between multiple network points to determine link characteristics including device identity, packet size, and configuration errors.

PPP supports three types of user authentication protocols that provide varying levels of security. Password Authentication Protocol (PAP) is an access control protocol used to authenticate a user's password on the network access server. The network access server requests a password from the client machine and sends the retrieved password to an authentication server for verification. As an authentication protocol, PAP is considered the least secure because the password is not encrypted in transmission.

Challenge Handshake Authentication Protocol (CHAP) is similar to PAP with several unique characteristics. Instead of requesting a password, the network access server sends a challenge message to the client machine. The challenge message is a random value. The client machine encrypts the challenge message with a user's password and sends the combination back to the access server. The access server forwards the challenge/password combination to the authentication server. The authentication server encrypts the challenge with the user's password stored in the authentication database. If the user's response is a match, the password is considered authentic. CHAP uses the model of a shared secret (the user password) to authenticate the user. The use of CHAP is considered a moderately secure method of authentication.

Extensible Authentication Protocol (EAP) is considered an authentication framework used by a number of secure authentication protocols. EAP is most commonly used for authentication on wireless networks.

Point To Point Protocol over Ethernet (PPPoE)

The working standard for the PPPoE protocol was published by the IETF in 1999. The IETF specification for PPPoE is RFC 2516. PPPoE expands the original capability of PPP by allowing a virtual point to point connection over a multipoint Ethernet network architecture. PPPoE is a protocol that is widely used by ISPs to provision digital subscriber line (DSL) high speed Internet services, of which the most popular service is ADSL. The similarity between PPPoE and PPP has led to the widespread adoption of PPPoE as the preferred protocol for implementing high speed Internet access. Service providers can use the same authentication server for both PPP and PPPoE sessions, resulting in a cost savings. PPPoE uses standard methods of encryption, authentication, and compression specified by PPP.

PPPoE is configured as a point to point connection between two Ethernet ports. As a tunneling protocol, PPPoE is used as an effective foundation for the transport of IP packets at the network layer. IP is overlaid over a PPP connection and uses PPP as a virtual dial up connection between points on the network. From the user's perspective, a PPPoE session is initiated by using connection software on the client machine or router. PPPoE session initiation involves the identification of the Media Access Control (MAC) address of the remote device. This process, also known as PPPoE discovery, involves the following steps:

  1. Initiation - The client software sends a PPPoE Active Discovery Initiation (PADI) packet to the server to intitiate the session.
  2. Offer - The server responds with a PPPoE Active Discovery Offer (PADO) packet.
  3. Request - Upon receipt of the PADO packet, the client responds by sending a PPPoE Active Discovery Request (PADR) packet to the server.
  4. Confirmation - Upon receipt of the PADR packet, the server responds by generating a unique ID for the PPP session and sends it in a PPPoE Active Discovery Session (PADS) confirmation packet to the client.

When a PPPoE session is initiated, the destination IP address is only used when the session is active. The IP address is released after the session is closed, allowing for efficient re-use of IP addresses.