PPP Point to Point Protocol
Agenda
Page 1
Client Logo
AGEND A • INTRODUCTION • PPP COMPONENTS • GENERAL OPERATIONS • STATES , EVENTS AND ACTIONS • PPP GENERAL FRAME FORMAT • INDIVIDUAL PPP PROTOCOLS
Agenda
Page 2
Client Logo
INTRODUCTION
PPP defines a complete method for robust data link connectivity between units using serial lines or other physical layers.
Point-to-Point Protocol (PPP) has become the predominant protocol for modem-based access to the Internet.
PPP runs at the Datalink layer (ISO layer 2), providing symmetric, peer-to-peer connections utilizing encapsulation, transmission and link management services for the upper layer network protocols
Agenda
Page 3
Client Logo
• Capabilities and features - Error detection
- Compression - Authentication - Encryption - Assignment and management of IP addresses
• PPP –advantageous • Operate Synchronous and asynchronous links ,
but the links should be Full – Duplex. • Designed to work with several network layer protocols, such as, IP, IPX and AppleTalk protocol Agenda
Page 4
Client Logo
PPP COMPONENTS
PPP components
PPP Family Protocol Information ATCP | BACP | BAP | BCP | BSD | BVCP | CCP | CHAP | DESE | DNCP | ECP | IPCP | IPHC | IPv6CP | IPXCP | L2F | L2TP | LCP | LQR | LZS | MPPC | MultiPPP | NBFCP | OSINLCP | PAP | PPP | PPP-BPDU | PPTP | SDCP | SNACP
Agenda
Page 5
Client Logo
GENERAL OPERATIONS
GENERAL OPERATION - LCP packet -- configure & test data link - Authentication – PAP / CHAP - NCP packet -- choose &configure - Links remain until explicitly terminated
Agenda
Page 6
Client Logo
PHASES OF PPP 1.
Link Dead Link necessarily begins and ends with this phase.
2.
Link Establishment Phase Establish the connection through an exchange of Configuration packets LCP Open state entered, once a Configure-Ack packet has been both sent and received. All Configuration Options are assumed to be at default values.
3.
Authentication Phase To authenticate peer before allowing network-layer protocol packets to be exchanged. By default authentication is not mandatory. SHOULD take place as soon as possible after link establishment. Authentication fails—Link termination phase .
4.
Network-Layer Protocol Phase Network-layer protocol (such as IP, IPX, or AppleTalk) MUST be separately configured by the appropriate Network Control Protocol (NCP).
5.
Link Termination Phase LCP is used to close the link through an exchange of Terminate packets. Loss of carrier, authentication failure, link quality failure, the expiration of an idle-period timer, or the administrative closing Agenda
Page 7
Client Logo
PPP LINK OPERATION
Agenda
Page 8
Client Logo
PPP WORKING
Agenda
Page 9
Client Logo
TIMERS AND COUNTERS Restart Timer The Restart timer is used to time transmissions of Configure-Request and Terminate-Request packets. Expiration of the Restart timer causes a Timeout event, and retransmission of the corresponding Configure-Request or Terminate-Request packet.
Max-Terminate There is one required restart counter for Terminate-Requests. Max-Terminate indicates the number of Terminate-Request packets sent without receiving a Terminate-Ack before assuming that the peer is unable to respond.
Max-Configure Max- Configure indicates the number of Configure-Request packets sent without receiving a valid Configure-Ack, Configure-Nak or Configure-Reject before assuming that the peer is unable to respond
Max-Failure Max-Failure indicates the number of Configure-Nak packets sent without sending a ConfigureAck before assuming that configuration is not converging
Agenda
Page 10
Client Logo
STATES
Initial---In the Initial state, the lower layer is unavailable (Down), and no Open has occurred. The Restart timer is not running in the Initial state.
Starting---The Starting state is the Open counterpart to the Initial state.Lower layer is still unavailable (Down). The Restart timer is not running in the Starting state. When the lower layer becomes available (Up), a Configure-Request is sent
Closed---link is available (Up), but no Open has occurred. The Restart timer is not running in the Closed state.Upon reception of Configure-Request packets, a Terminate-Ack is sent.
Stopped---Open counterpart to the Closed state. It is entered when the automaton is waiting for a Down event after the This-Layer-Finished action, or after sending a Terminate-Ack. The Restart timer is not running in the Stopped state.
Closing---An attempt is made to terminate the connection. A Terminate-Request has been sent and the Restart timer is running, but a Terminate-Ack has not yet been received. Upon reception of a Terminate-Ack, the Closed state is entered. Restart timer has expired Max-Terminate times, the Closed state is entered.
Agenda
Page 11
Client Logo
STATES contd…
Stopping---Open counterpart to the Closing state. A Terminate-Request has been sent and the Restart timer is running, but a Terminate-Ack has not yet been received.
Request-Sent---An attempt is made to configure the connection. A Configure-Request has been sent and the Restart timer is running, but a Configure-Ack has not yet been received.
AckReceivedA ConfigureRequest has been sent and a Configure Ack has been received.
AckSentA ConfigureRequest and a ConfigureAck have both been sent.
OpenedA ConfigureAck has been both sent and received. The Restart timer is not running. When entering the Opened state, the implementation SHOULD signal the upper layers that it is now Up. Conversely, when leaving the Opened state, the implementation SHOULD signal the upper layers that it is now Down.
Agenda
Page 12
Client Logo
EVENTS Transitions and actions in the automaton are caused by events.
Up This event occurs when a lower layer indicates that it is ready to carry packets.
DownThis event occurs when a lower layer indicates that it is no longer ready to carry packets.
Open Link is administratively available for traffic; that is, the link is allowed to be Opened. When this event occurs, and the link is not in the Opened state, the automaton attempts to send configuration packets to the peer.
CloseLink is not available for traffic; that is, the link is not allowed to be Opened. When this event occurs, and the link is not in the Closed state, the automaton attempts to terminate the connection.
Timeout (TO+,TO)Indicates the expiration of the Restart timer. The Restart timer is used to time responses to ConfigureRequest and TerminateRequest packets.The TO+ event indicates that the Restart counter continues to be greater than zero, which triggers the corresponding Configure Request or TerminateRequest packet to be retransmitted. The Agenda Page 13 Client Logo TO event indicates that the Restart counter is not greater than
EVENTS contd…
ReceiveConfigureRequest (RCR+,RCR)Occurs when a Configure Request packet is received from the peer. Indicates the desire to open a connection and may specify Configuration Options. The RCR+ event < > ConfigureRequest was acceptable, and triggers the transmission of a corresponding ConfigureAck. The RCR event < > ConfigureRequest was unacceptable, and triggers the transmission of a corresponding ConfigureNak or ConfigureReject.
ReceiveConfigureAck (RCA)This event occurs when a valid ConfigureAck packet is received from the peer. The ConfigureAck packet is a positive response to a ConfigureRequest packet.
ReceiveConfigureNak/Rej (RCN)This event occurs when a valid ConfigureNak or ConfigureReject packet is received from the peer. The ConfigureNak and ConfigureReject packets are negative responses to a Configure Request packet. Receive
TerminateRequest (RTR)This event occurs when a Terminate Request packet is received. The TerminateRequest packet indicates the desire of the peer to close the connection. Agenda
Page 14
Client Logo
EVENTS contd…
ReceiveTerminateAck (RTA)Occurs when a TerminateAck packet is received from the peer. The TerminateAck packet is usually a response to a TerminateRequest packet. The TerminateAck packet may also indicate that the peer is in Closed or Stopped states.
ReceiveUnknownCode (RUC)Occurs when an uninterpretable packet is received from the peer. A CodeReject packet is sent in response.
ReceiveCodeReject, ReceiveProtocolReject (RXJ+,RXJ)Occurs when a CodeReject or a ProtocolReject packet is received from the peer.The RXJ+ event arises when the rejected value is acceptable, such as a CodeReject of an extended code, or a ProtocolReject of a NCP. The RXJ event arises when the rejected value is catastrophic, such as a CodeReject of ConfigureRequest, or a ProtocolReject of LCP! This event communicates an unrecoverable error that terminates the connection.
ReceiveEchoRequest, ReceiveEchoReply, ReceiveDiscard Request(RXR)Occurs when an EchoRequest, EchoReply or Discard Request packet is received from the peer. The EchoReply packet is a response to an EchoRequest packet. Agenda
Page 15
Client Logo
ACTIONS Actions in the automaton caused by events and typically indicate the transmission of packets and/or the starting or stopping of the Restart timer.
IllegalEvent ()This indicates an event that cannot occur in a properly implemented automaton.
ThisLayerUp (tlu)This action indicates to the upper layers that the automaton is entering the Opened state. used by the LCP to signal the Up event to a NCP, Authentication Protocol, or Link Quality Protocol, or MAY be used by a NCP to indicate that the link is available for its network layer traffic.
ThisLayerDown (tld)Indicates to the upper layers that the automaton is leaving the Opened state. used by the LCP to signal the Down event to a NCP, Authentication Protocol, or Link Quality Protocol, or MAY be used by a NCP to indicate that the link is no longer available for its network layer traffic.
ThisLayerStarted (tls)Indicates to the lower layers that the automaton is entering the Starting state, and the lower layer is needed for the link. Agenda
Page 16
Client Logo
ACTIONS contd…
ThisLayerFinished (tlf)Indicates to the lower layers that the automaton is entering the Initial, Closed or Stopped states, and the lower layer is no longer needed for the link.
InitializeRestartCount (irc)Sets the Restart counter to the appropriate value(MaxTerminate or MaxConfigure). The counter is decremented for each transmission, including the first.
ZeroRestartCount (zrc)This action sets the Restart counter to zero.
SendConfigureRequest (scr)A ConfigureRequest packet is transmitted. Indicates the desire to open a connection with a specified set of Configuration Options. The Restart timer is started when the ConfigureRequest packet is transmitted, to guard against packet loss.
SendConfigureAck (sca)A ConfigureAck packet is transmitted. This acknowledges the reception of a ConfigureRequest packet.
SendConfigureNak (scn)This negative response reports the reception of a ConfigureRequest packet with an unacceptable set of Agenda Page 17 Client Logo Configuration Options.
ACTIONS contd…
SendTerminateRequest (str)A TerminateRequest packet is transmitted. This indicates the desire to close a connection.
SendTerminateAck (sta)A TerminateAck packet is transmitted. This acknowledges the reception of a TerminateRequest packet .
SendCodeReject (scj)A CodeReject packet is transmitted. This indicates the reception of an unknown type of packet.
SendEchoReply (ser)An EchoReply packet is transmitted. This acknowledges the reception of an EchoRequest packet.
Agenda
Page 18
Client Logo
STATE TRANSITION DIAGRAM LAYER OPERATION
Agenda
Page 19
Client Logo
PPP GENERAL FRAME FORMAT
Agenda
Page 20
Client Logo
LCP—LINK CONTROL PROTOCOL
PPP is about links, and LCP is about controlling those links.
Three classes of LCP packets - Link Configuration - to establish and configure a link (Configure-Request, Configure-Ack, Configure-Nak and Configure-Reject). - Link Termination - terminate a link (Terminate-Request and Terminate-Ack). - Link Maintenance packets - manage and debug a link (Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply and Discard-Request).
LCP PACKET FORMAT
Code
Identifier
Length
Options
Agenda
Page 21
Client Logo
CODE FIELD VALUES Code
Packet Type
Description
0116
Configure-request
Contains the list of proposed options and their values
0216
Configure-ack
Accepts all options proposed
0316
Configure-nak
Announces that some options are not acceptable
0416
Configure-reject
Announces that some options are not recognized
0516
Terminate-request
Requests to shut down the line
0616
Terminate-ack
Accepts the shut down request
0716
Code-reject
Announces an unknown code
0816
Protocol-reject
Announces an unknown protocol
0916
Echo-request
A type of hello message to check if the other end is alive
0A16
Echo-reply
The response to the echo-request message
0B16
Discard-request
A request to discard the packet
Agenda
Page 22
Client Logo
LINK CONFIGURATION OPTIONS Configuration option format Type
Type
Length
Data
- The Type field is one octet, and indicates the type of Configuration Option.
Length - Field is one octet. Includes type,length and data fields. Data
- field is zero or more octets. Contains information specific to configuration options. 0
Reserved
1
Maximum- receive-unit
3
Authentication-protocol
4
Quality-protocol
5
Magic-number
7
Protocol-field compression
8
Address & control field compression Agenda
Page 23
Client Logo
AUTHENTICATION PROTOCOL
Authentication is not mandatory . If required there are two different protocols used for the purpose of authentication during PPP set up • PAP – Password Authentication Protocol • CHAP – Challenge Handshake Authentication Protocol
Agenda
Page 24
Client Logo
Password Authentication Protocol
The Password Authentication Protocol (PAP) provides a simple method for the peer to establish its identity using a 2-way handshake.
This is done only upon initial link establishment.
After the Link Establishment phase is complete, an Id/Password pair is repeatedly sent by the peer to the authenticator until authentication is acknowledged or the connection is terminated.
Packet format: PAP Code(1)
Identifier(1)
Length(2)
Data… Code: 1- Auth-req, 2-Auth-Ack, 3-Auth-Nak Configuration Option format Type(1)
Length(1)
Authentication Protocol(2) Agenda
Page 25
Client Logo
PAP cont’d… •
PAP
Agenda
Page 26
Client Logo
Challenge Handshake Authentication Protocol
The Challenge-Handshake Authentication Protocol (CHAP) is used to periodically verify the identity of the peer using a 3-way handshake.
CHAP provides protection against playback attack through the use of an incrementally changing identifier and a variable challenge value.
This authentication method depends upon a "secret" known only to the authenticator and that peer. The secret is not sent over the link.
Packet format: CHAP Code(1)
Identifier(1)
Length(2)
Data… Code: 1- Challenge, 2- Response, 3- Success, 4- Failure.
Configuration Option format Type(1)
Length(1)
Authentication Protocol(2)
Algorithm Type: 3
Length: 5
Authentication Protocol: c223(hex) Agenda
Page 27
Client Logo
CHAP cont’d…
challenge
MD 5
challenge
Hash value
MD 5 Hash value
Compare
Protocol: 1. After the Link Establishment phase is complete, the authenticator sends a "challenge" message to the peer. 2. The peer responds with a value calculated using a "one-way hash" function. 3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated.
Agenda
Page 28
Client Logo
CHAP cont’d…
Agenda
Page 29
Client Logo
NETWORK CONTROL PROTOCOL - The Network Control Protocol (NCP) phase in the PPP link connection
process is used for establishing and configuring different network-layer protocols such as IP, IPX or AppleTalk. - After a NCP has reached the Opened state, PPP will carry the corresponding
network-layer protocol packets. Any supported network-layer protocol packets received when the corresponding NCP is not in the Opened state MUST be silently discarded. - During this phase, link traffic consists of any possible combination of LCP, NCP, and network-layer protocol packets.
- The most common layer 3 protocol negotiated is IP. The routers exchange IP Control Protocol (IPCP) messages negotiating options specific to the protocol
Agenda
Page 30
Client Logo
PPP NETWORK CONTROL PROTOCOL FOR IP
The IP Control Protocol (IPCP) Used for configuring,enabling, and disabling the IP protocol modules on both ends of the pointto point link. It is an NCP protocol IPCP Has same packet exchange mechanism as the Link Control Protocol (LCP). IPCP packets exchanged after PPP has reached the NetworkLayer Protocol phase. LCP performs the basic link setup, and after (optional) authentication, invokes a Network Control Protocol (NCP) The NCP conducts a negotiation.
FRAME FORMAT
Agenda
Page 31
Client Logo
IPCP Data Link Layer Protocol Field
1.
One IPCP packet is encapsulated in the Information field of PPP Data Link Layer frames.
2.
Code field Codes 1 through 7 are used. CODE
IPCP PACKET
01
Configure-request
02
Configure-ack
03
Configure-nak
04
Configure-reject
05
Terminate-request
06
Terminate-ack
07
Code-reject
1. Timeout
IPCP packets may not be exchanged until PPP has reached the NetworkLayer protocol phase. 3. Configuration Option Types Agenda Page 32 IPCP has a distinct set of Configuration Options.
Client Logo
CONFIGURATION OPTIONS
IPCP COFIGURATION OPTIONS -
Allow negotiation of desirable Internet Protocol parameters.
IP-Compression-Protocol: Allows devices to negotiate the use of something called “Van Jacobson TCP/IP header compression”. This compresses the size of TCP and IP headers to save bandwidth. Thus, this is similar in concept to the Protocol-Field-Compression and Address-and-Control-FieldCompression (ACFC) options in LCP.
IP-Address: Allows the device sending the Configure-Request to either specify an IP address it wants to use for routing IP over the PPP link, or to request that the other device supply it with one. This is most commonly used for dial-up networking links.
Agenda
Page 33
Client Logo
PPP ENCAPSULATION PPP uses the High-Level Data Link Control (HDLC) protocol as a basis for encapsulating datagrams over point-to-point links. The PPP encapsulation is used to disambiguate multiprotocol datagrams. This encapsulation requires framing to indicate the beginning and end of the encapsulation .
PROTOCOL FIELD – "0***" to "3***" -- Identify the network layer protocol of specific packets. – "8***" to "b***" -- Packets belonging to the associated network control protocols – "4***" to "7***" -- Protocols with low volume traffic have no associated NCP. – "c***" to "f***" --- Link layer control protocols (such as LCP). INFORMATION FIELD – Contains the datagrams for the protocol specified in the Protocol field – Maximum length –1500 octets(MRU) PADDING – Information field may be padded with an arbitrary number of octets up to the MRU Agenda
Page 34
Client Logo
PPP SETUP Establish connection: PPP link MUST first send LCP packets to configure and test the data link.
Authenticate Users: User Name & password Authenticate
PPP send NCP packets to configure Network Layer Protocol, then
Transmit Data DATA PPP
Protocol Header
Protocol Header
PPP DATA
Agenda
Page 35
Client Logo