Preface

PPPoE（Point-to-Point Protocol over Ethernet）, On the surface, it means Ethernet PPP. This protocol provides a way to use it in broadcast networks such as Ethernet , Multiple hosts are connected to the remote access concentrator （ Access concentrator is also called broadband access server ） A standard on . The point is that Ethernet is not a point-to-point network , It's a multipoint to multipoint broadcast network . This is the same as before PPP Here's the difference , It's not just point to point .PPPoE On the whole, it can be divided into three stages , The discovery phase , The conversation phase , Closing phase .

One 、PPPoE A brief introduction

PPPoE Just look at both ends , Client and server .PPPoE The protocol provides an access concentrator for multiple hosts to connect to the remote end in a broadcast network （ Access concentrator is also called broadband access server ） A standard on .PPPoE The purpose of the agreement is ： Achieve effective user management , Charge for network access .

1.PPPoE client

The device provides PPPoE The function of the server , Support dynamic allocation IP Address , Provide a variety of authentication methods , Cooperate with firewall , It can provide security for the internal network , Suitable for campus 、 Intelligent communities are accessed through Ethernet Internet Networking application of .

2.PPPoE The server

All hosts in the LAN pass through the same PPPoE Session transfers data , There is no need to install PPPoE Client dial-up software , And all hosts in the same LAN can share one account .

3. Some typical use cases

PPPoE Client
When AR The device will PPPoE As a kind of WAN（Wide Area Network） Access mode ,AR act as PPPoE Client Role ,BRAS（Broadband Remote Access Server） As PPPoE Server.

PPPoE Server
AR1200 The device provides PPPoE Server The function of , Support dynamic allocation IP Address , Provide local certification 、RADIUS/HWTACACS And so on , Suitable for campus 、 Intelligent communities are accessed through Ethernet Internet Networking application of .

4.PPPoE The frame format

Ver： Version number , 4bit, PPPoE This version of the specification is 0x01
Type： type , 4bit, PPPoE This version of the specification should be set to 0x01
Code： Code fields 、8bit, The value varies according to the different functions of various packets in the two stages
Session_ID： The length is 16 The bit . Is an unsigned value of network byte order . Its value is later Discovery Defined in the data package .
Length： The length is 16 The bit . The value is PPPoE Of Payload length . It does not include Ethernet headers and PPPoE The length of the head .
Payload: PPPoE Of Payload, contain 0 One or more Tag.

The pink part above, that is, the Ethernet format frame, is as follows ：

Destination_address Domain
Ethernet unicast destination address or Ethernet broadcast address （0xFFFFFFFF）
stay Discovery In the packet , The value of this field is the Ethernet broadcast address .
stay PPPoE Session traffic , The domain must be Discovery The unicast address of the communication partner that has been determined in the stage .
Source_address Domain
Ethernet of the source device MAC Address .
Ethernet_Type Domain
The duty of 0x8863 It means Discovery Stage
The duty of 0x8864 It means PPPoE The conversation phase

Two 、PPPoE Session creation process

PPPoE The dialing process is shown in the figure above , Now let's look at the discovery stage ：
1. The first step in the discovery stage , The client sends to the server PADI Data packets
2. The second step in the discovery stage , Access concentrator (AC） Send a unicast PADO The packet responds to the request of the host . The destination address is the host MAC Address ,PADO The packet must contain a type AC-Name Of Tag( Contains the name of the access concentrator ).
3. The third step in the discovery stage is because PADI Packets are broadcast , So the host may receive more than one PADO message . After the host receives the message , Will be based on AC-Name perhaps PADO Choose one of the services provided AC, Then the host sends the selected AC Unicast one PADR Data packets .
4. The last step in the discovery stage . When AC Upon receipt of PADR When the message , Just prepare to start one PPP The session . It's for PPPoE Session create a unique session ID And unicast one PADS Packets to respond to the host .

PPPoE What about the conversation stage ：
PPP The establishment of conversation , Devices on both ends need to send LCP (Link Control Protocol） Data packets to configure and test the data communication link .
1. The first step of the conversation phase is the negotiation phase ,LCP Of Request The host and AC Send to each other ,LCP The negotiation phase completes the maximum transmission unit , Whether to conduct authentication and what kind of authentication method to adopt .
2. The second step of the session phase is the authentication phase , Both sides of the conversation pass LCP The negotiated authentication method is used for authentication , If the certification is passed , The following network layer negotiation can be carried out . The authentication process is carried out after the link negotiation .
3. The third step in the conversation stage ICPC Negotiation stage , Users and access devices are right P Some requirements in the service stage are negotiated for many times , To determine the agreement that both parties can accept . Such as :IP Used in the business phase P Compression protocol, etc . The agreement between the two parties is through Option Items for negotiation , every last Option Both are issues that need negotiation . Finally, both parties need the other party to reply Configure_Ack Consent message .

Finally, stop , Get into Terminate After the termination phase and the resources are released , Enter Dead Stage , Terminal connection communication package PADT,PADT The server or client of the message receiving end can accurately identify the received message according to the verification identification PADT Whether the message is generated by the current PPPoE Sent by a legitimate user in the session , So as to terminate the current PPPoE Session or discard PADT Message processing .

3、 ... and 、PPPoE Detailed explanation of bag catching

1.PADI

First the client sends... To the server PADI Data packets , The results are as follows ：

Code Domain set to 0x09, conversation ID The domain must be set to 0x0000.

2.PADO

The destination address of the catch is the host MAC Address ,Code Domain set to 0x07, conversation ID The domain must be set to 0x0000.PADO The packet must contain a type AC-Name Of Tag( Contains the name of the access concentrator ）.

3.PADR

The destination address field is AC Of MAC Address ,Code Domain set to 0x19, conversation ID The domain must be set to Ox0000.PADR The message must contain only one Tag_Type by Service-Name Of Tag, Indicates the service requested by the host .

4.PADS

The destination address domain is the host MAC Address ,Code Domain set to 0x65, conversation ID It must be set to the created session ID.

5. The conversation phase

PPP The establishment of conversation , Devices on both ends need to send LCP(Link Control Protocol) Data packets to configure and test the data communication link .

Negotiation stage

LCP Of Request The host and AC Send to each other ,LCP The negotiation phase completes the maximum transmission unit , Whether to conduct authentication and what kind of authentication method to adopt .

Config-ACK ： If you fully support peer LCP Options , Response Config-ACK message , The message must
Completely co belt the opposite end Request Options in the message .
Config-NAK ： If the negotiation option of opposite end is supported , However, the contents of this negotiation are not recognized , Response Config-NAK
message , stay Config-NAK Fill in your desired content in the options of , Such as : Opposite end MRU The value is 1500 , And I expect
at MRU The value is 1492 , It's in Config-NAK Put your expectations in the message 1492 .
Config-Reject : If you cannot support the negotiation option of the opposite end , Response Config-Reject message , Message with
Options that are not supported on , Such as Windows The Dialer will negotiate CBCP（ Called back ） , and ME60 I won't support it CBCP
function , Then this option will be rejected .

Authentication phase

This is the encryption protocol we negotiated to use . Can be in PPPOE Change on . At present, there are generally three CHAP, The other is PAP Now?

summary

PPPoE It's the peer-to-peer protocol on Ethernet , Is the point-to-point protocol （PPP） Encapsulated in Ethernet （Ethernet） A network tunneling protocol in the framework . Due to the integration in the protocol PPP agreement , Therefore, the authentication that traditional Ethernet cannot provide 、 Encryption and compression , It can also be used in cable modems, digital subscriber lines and other protocol systems that provide access services to users with Ethernet Protocol .
The most important point of our study is that in typical application scenarios PPPOE How is the job , Be clear about the process of his agreement and understand the important information in the packet capture .