What Is PPPoE?

LUIS SUPPORT 0 COMMENTS

When we log in to the firmware of some routing ONTs or home routers through the webpage, we will see that there is an
option called PPPoE at the location of the WAN connection, so what is PPPoE?

PPPoE is the point-to-point protocol running over the Ethernet at the link layer. It provides PPPoE connections on the
Ethernet, sets up PPP sessions, and encapsulates PPP frames into PPPoE frames. PPPoE connects users to a remote access
device, providing cost-effective user access and excellent user access control.
PPPoE supports remote access to multiple user hosts over an Ethernet and provides accounting data for transmission to
resolve application issues, such as Internet access charging issues. PPPoE is therefore widely used for carrier network
access.
PPPoE Characteristics
PPPoE provides the following characteristics:
In terms of functions:
PPPoE integrates the advantages of PPP and implements functions such as identity authentication, encryption, and
compression unsupported by traditional Ethernet.
PPPoE uses unique session IDs to ensure user security.
In terms of applications:
PPPoE dial-up is the most common method of enabling terminals to connect to the ISP network for broadband access.
PPPoE can be used on Ethernet cables, such as cable modems and digital subscriber lines (DSLs), to provide access services
for users through Ethernet protocols.
Simply put, PPPoE combines the cost-effectiveness of Ethernet with the manageability and controllability of PPP to provide
Internet access. For carriers, it can fully utilize the current architecture of the telecommunication access network and the
current dial-up network resources, without requiring major changes in the operations and management modes. For users,
they obtain a similar experience to that obtained using the original dial-up Internet access.
How Is a PPPoE Connection Established?
This section describes the PPPoE packet structure and the stages of PPPoE connection establishment.
PPPoE Packets
Before learning about PPPoE connection establishment, you need to understand the PPPoE packet structure. A PPPoE
packet is a PPP packet encapsulated in an Ethernet frame. The following figure shows the packet encapsulation structure.

Description of fields in a PPPoE packet

Field Description

Ver Indicates a PPPoE version number. This field is 4 bits

 long and must be set to 0x1.

Indicates a PPPoE type. This field is 4 bits long and

Type
must be set to 0x1.

Indicates a PPPoE packet type. This field is 8 bits

long. The value can be: 0x00 (session data), 0x09
Code
(PADI packet), 0x07 (PADO or PADT packet), 0x19
(PADR packet), and 0x65 (PADS packet)

Indicates a PPP session ID. This field is 16 bits long.

The value is fixed for a given PPP session and
Session_ID defines a PPP session along with Ethernet source and
destination addresses. A value of 0xffff is reserved
for future use and must not be used.

Indicates the length of the PPPoE payload. This field

Length is 16 bits long, excluding the length of the Ethernet
and PPPoE headers.
Stages of PPPoE Connection Establishment
Before learning about the stages of PPPoE connection establishment, you need to understand the roles involved in the
PPPoE network architecture.
PPPoE adopts the client/server model. As shown in the following figure, the basic roles in PPPoE networking are the
PPPoE client, PPPoE server, and RADIUS device.

Networking diagram of PPPoE access

The process in which a PPPoE user goes online involves two stages: the discovery stage and the PPP session stage. In the
discovery stage, a PPPoE server is selected and the ID of the session to be established is determined. The PPP session stage
refers to the standard PPP process, including LCP negotiation, PAP/CHAP authentication, and NCP negotiation.

Working process of PPPoE

The following figure shows the time sequence of the PPPoE discovery and PPP session stages.
Time sequence of the PPPoE discovery and PPP session stages
Discovery stage
In the discovery stage, the device allocates a session ID to the user. The session ID identifies a PPPoE virtual link between
the user and the device.
The PPPoE client broadcasts a PPPoE Active Discovery Initiation (PADI) packet carrying the type of service being
requested.
After receiving the PADI packet, all PPPoE servers on the Ethernet compare the requested service in the packet with the
services that they can provide. The PPPoE server that can provide the requested service responds with a PPPoE Active
Discovery Offer (PADO) packet.
The PPPoE client may receive PADO packets from multiple PPPoE servers. The PPPoE client selects a qualified PPPoE
server among those that return PADO packets based on certain conditions. The client then sends a PPPoE Active Discovery
Request (PADR) packet back to the selected server. The PADR packet carries information about the requested service.
After receiving the PADR packet, the selected PPPoE server generates a unique session ID to identify the PPPoE session
between the PPPoE server and the PPPoE client. The PPPoE server replies to the PPPoE client with a PPPoE Active
Discovery Session-confirmation (PADS) packet carrying the unique session ID. If no error occurs, the PPPoE server enters
the PPP session stage. The PPPoE client also enters the PPP session stage if no error occurs after it receives the PADS
packet.
PPP session stage
The PPP session stage includes LCP negotiation, PAP/CHAP authentication, and NCP negotiation.
LCP negotiation
After the PPP session stage is entered, LCP negotiation starts. The LCP negotiation process is as follows:
The PPPoE client and PPPoE server send LCP Configure-Request packets to each other.
After receiving the Configure-Request packet, the client and server respond based on the negotiation options in the packet
(For details, see the following table.) If both ends reply with a Configure-ACK packet, the LCP link is successfully
established. Before this occurs, both ends keep sending LCP Configure-Request packets.
If both ends reply with a Configure-ACK packet within the specified LCP negotiation interval and before the timer for LCP
negotiation expires, the LCP link is successfully established.
If no Configure-ACK packet is received before the timer for LCP negotiation expires, LCP negotiation is terminated.
After the LCP link is established, the PPPoE server periodically sends LCP Echo-Request packets to the PPPoE client and
receives Echo-Reply packets from the PPPoE client to check whether the LCP link is normal.
Table 1-2 List of response packet types
Response Packet Type Description

If the LCP options received in a Configure-Request

packet are all supported, the receive end replies with a
Configure-ACK
Configure-ACK packet that carries the same LCP
options as those in the Configure-Request packet.

If the negotiation options received in a Configure-

Request packet are supported but some values are not
acceptable, the receive end replies with a Configure-
NAK packet that carries the expected values of the
Configure-NAK local device. For example, if the Configure-Request
packet carries an MRU value of 1500 but the local
end expects an MRU value of 1492, the receive end
fills the MRU value 1492 in the Configure-NAK
packet.

If negotiation options received in a Configure-

Request packet are not supported, the receive end
Configure-Reject
replies with a Configure-Reject packet that carries the
unsupported options.
PAP/CHAP authentication
After LCP negotiation is complete, the authentication stage starts. Two authentication modes are supported: PAP and
CHAP.
PAP authentication
PAP is a two-way handshake protocol that authenticates users based on usernames and passwords. The usernames and
passwords are transmitted in cleartext. The PPPoE server (or RADIUS server) checks whether the usernames and passwords
are correct based on the local user table. This mode applies to environments with low network security requirements.
CHAP authentication
CHAP authentication is a three-way handshake protocol. It can be used by the PPPoE server (or RADIUS server) to check
whether the username and password are correct based on the local user table. In CHAP authentication mode, only the
username (and not the user password) is transmitted over the network. As such, CHAP authentication is more secure than
PAP authentication.
NCP negotiation
NCP negotiation mainly deals with network-layer parameters, such as IPCP and IPv6CP, in PPP packets. A PPPoE client
mainly uses IPCP to obtain the IP address or IP address segment for network access.
The NCP negotiation process is similar to the LCP negotiation process. After NCP negotiation succeeds, the PPPoE client
can normally access the network.
The PPPoE client automatically goes online upon successful NCP negotiation. In this case, the PPPoE server (usually a
BRAS) sends an accounting request packet to the RADIUS server, which performs accounting for the PPPoE client.