Skip to main content

WHAT IS PPPOE?

PPPOE (POINT TO POINT PROTOCOL OVER ETHERNET)

The PPPoE protocol is a network protocol used to encapsulate Point to Point Protocol frames in Ethernet frames. It is mainly used in DSL services and simple Metro Ethernet networks, where users can independently connect to a DSL modem over Ethernet. UUNET was developed by Redback Networks and RouterWare and can be found in RFC 2516.

The Ethernet network is a packet-based network and there is no concept of a loop-through connection and it needs simple security features, protection against IP and MAC conflicts and rogue DHCP servers. Using PPPoE, users can virtually “dial” from one machine to another over the Ethernet network, establishing a point-to-point connection between them and securely transferring data over that connection. Since PPPoE can be easily integrated into existing dial-up AAA* systems, it has been used primarily by telephone companies.

HOW AND WHERE DOES PPPOE WORK?

The transport protocol using the telephone network uses ATM. The DSL modem encapsulates PPP packets into ATM cells and sends them over the WAN.

PPPOE DISCOVERY

Since the traditional PPP connection has been established between two endpoints for serial links or virtual ATM circuits already set up for dial-up connections, we can be sure that all PPP frames can reach the other endpoint. But every node in an Ethernet network can reach other nodes. Ethernet frames contain the hardware address (mac address) of the destination node. This helps the frames find their destination, so before exchanging PPP control packets to establish a connection over Ethernet, the two nodes must know each other’s MAC addresses. So they can encode them in the control packets. This is exactly what PPPoE Discovery does. It also helps with Session ID setup in subsequent packet conversions.

PPPOE DISCOVERY (PPPOED)

However PPP is the traditional point-to-point access protocol, naturally PPPoE is now a client-server relationship since multiple users can connect to the service provider through a single physical connection.

The discovery process consists of 5 steps between the ISP point and the host PC acting as a client. These steps are listed below.

Client to Server: Initiation PADI (The PPPoE Active Discovery Initiation)

PADI is located at the start of PPPoE active discovery. The first packet is the PADI. If a user wants to connect via DSL, the client first has to find the DSL access concentrator (DSL-AC) (server) of the ISP’s POP point. Communication over Ethernet can only be realized via MAC addresses. Meanwhile the computer does not know the MAC address of the DSL-AC, it sends the PADI packet via Ethernet broadcast. This PADI packet contains the MAC address of the sender.

  • Src.(=source) holds the MAC address of the sender in the PADI packet.
  • Dst.(=destination) is the Ethernet broadcast address.
  • The PADI packet can be received by more than one DSL-AC. Only the DSL-AC matching the “Service-Name” tag will reply.

Server to Client: Offer (offer) PADO (The PPPoE Active Discovery Offer)

PADO is for PPPoE active discovery offer. Once the client computer sends a PADI packet, the DSL-AC responds with a PADO packet using the MAC address provided with the PADI. The PADO packet contains the DSL-AC MAC address, mac name and service name. If multiple DSL-AC POPs reply with the PADO packet, the computer selects the provided name and service.

  • AC-Name-> AC name is stored in the data string, in this example “Ipzbr001″ (the Arcor DSL-AC in Leipzig)
  • Src.holds the MAC address of the DSL-AC.
  • The MAC address of the DSL-AC also contains the manufacturer’s information (in this case Nortel Networks)

Client to Server: Request PADR (The PPPoE Active Discovery Request)

PADR is the request step in the PPPoE Active Discovery process. This packet is sent by the client computer to the DSL-AC in response to the packet (PADO) previously sent by the DSL-AC. This packet confirms the acceptance of the offer in the PADO packet previously sent by the respective DSL-AC to make a PPPoE connection.

Server to client: Session-confirmation
PADS (The PPPoE Active Discovery Session-confirmation)

PADS is the session confirmation step in PPPoE Active Discovery process. The Session ID is broadcast with the PADS packet, which is confirmed by the DSL-AC with the PADR packet on top. From this moment on, the connection to the DSL-AC specified for this POP is fully established.

The end or other endpoint: Termination PADT (The PPPoE Active Discovery Terminate)

PADS is the termination step in the PPPoE Active Discovery process. This packet terminates the POP connection. This packet can be sent by the DLS-AC or the client.

APPENDICES

AAA : AUTHENTİCATİON, AUTHORİZATİON AND ACCOUNTİNG

In the computer world, the common meaning of AAA is Authentication, Authorization and Accounting.

  • Authentication:

Authentication refers to the checking of an entity’s identity. It is typically held as private digital credentials with the provision of evidence, e.g. identifiers and proxy secure documents (corresponding credentials). Examples of such secure documents are passwords, one-time tokens, digital certificates.

  • Authorization:

Authorization parça birimin (particular entity) tipik olarak sunucu ya da uygulamaya log on(giriş) olması ya da verilen aktiviteyi yürütmesi için verilen yetkilendirme işlemidir. Authorization çeşitli kısıtlamalar olarak da tanımlanabilir. Örneğin gün kısıtlamalı, ya da fiziksel lokasyon kısıtlaması ya da aynı birim ya da kullanıcı için aynı anda birden çok bağlantı kurulumu kısıtlaması gibi. Bu örnekler belirtilen servisler kapsar fakat bu servisler için kısıtlama yoktur: IP address filtering, address assignment, route assignment, Quality of Service/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption.

  • Accounting:

Accounting is a concept related to monitoring the consumption of network resources by users. This information can be used for planning, billing, management or other purposes. Real-time accounting is about the instantaneous consumption distribution of network resources. Typically, accounting deals with information such as the total number of users logged on, the service information that is naturally distributed, the start and end of the service.