PPP over Ethernet

PPP over Ethernet

PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts to a Remote Access Server RAS (also called as Network Access Server NAS or Broadband Remote Access Server B-RAS). With this model, each host (or a CPE) utilizes it's own PPP stack. This way access control, billing and type-of-service can be done on a per-user basis.

To establish a point-to-point connection over Ethernet, each PPP session learns the Ethernet address of the remote peer, as well as establish a unique session identifier.

PPPoE stages

PPPoE has two stages. The Discovery stage and PPP Session stage. The Discovery stage identifies the destination Ethernet (MAC) address of the peer and establish a unique Session ID. The Discovery stage allows a host to discover all Remote Access Servers and then select one. Once discovery is complete, the host and RAS have necessary information to build their point-to-point connection over Ethernet. Once a PPP session is established, both host and RAS must allocate resources for a PPP virtual interface.

1. Discovery stage

The Discovery stage has 4 steps. The first step consists of the host broadcasting an Initiation packet, one or more RAS sending Offer packets, the host sending a unicast Session Request packet and RAS sending a Session Confirmation packet. Once the host receives the Session Confirmation packet, it proceeds to PPP Session stage.

The Discovery stage packets have Ether_Type value of 0x8863. All PPP Session stage packets have Ether_Type value of 0x8864.

1.1 PPPoE Active Discovery Initiation (PADI) packet

The host sends a PADI packet with Destination Address set to broadcast address. The Session ID is set to 0x0000. The PADI packet contains one TAG (TLV) of type Service_Name, indicating the service the host is requesting.

1.2 PPPoE Active Discovery Offer (PADO) packet

When the RAS receives a PADI packet, it replies by sending a PADO packet. The Destination Address is set to the Ethernet (MAC) address of the host that sent the PADI packet. The Session ID is set to 0x0000.

The PADO packet contains a TAG of type AC-Name containing the RAS's name, a Service_Name tag identical to the one in PADI packet and other Service_Name tags that the RAS offers.

1.3 PPPoE Active Discovery Request (PADR) packet

Since the PADI is broadcast, the host may receive multiple PADO packets. The host chooses one from the received PADO packets. The host sends a unicast PADR packet to the RAS it has chosen. The Session ID is set to 0x0000.

The PADR packet contains one TAG of type Service_Name indicating the service the host is requesting.

1.4 PPPoE Active Discovery Session-confirmation (PADS) packet

When the RAS receives a PADR, it generates a unique Session ID for the PPPoE session and replies to the host with PADS packet. The Destination address is set to the unicast Ethernet address of the host.

The PADS packet contains a TAG of type Service_Name indicating the service under which RAS has accepted the PPPoE session.

1.5 PPPoE Active Discovery Terminate (PADT) packet

The PADT packet is sent anytime after the session is established to terminate the PPPoE session. It can be sent by either host or RAS. The Destination address is the unicast address of the peer and the Session ID is set to the one offered by the RAS.

2. PPP Session stage

Once PPPoE session begins, PPP data is sent as in any other session. All Ethernet packets are unicast. The Ether_Type is set to 0x8864. The Session ID remains the same as in Discovery stage. The PPPoE payload contains the PPP frame.

Testbed

All Cisco IOS routers can act as PPPoE Client and Server. Two Cisco routers will act as RAS servers viz RAS 1 and RAS 2.

RAS Server Configuration

First let us define PPPoE profile using bba-group pppoe command in global configuration. PPPoE profiles help assign separate profiles like maximum number of session and can be applied per Ethernet interface, per ATM PVC and per VLAN.

bba-group pppoe CLIENT

 virtual-template 1

The next step is to configure the virtual-template. The clients would need an IP address when they successfully authenticate with the server. Hence a pool is configured to hand out IP addresses. Authentication method used is PPP CHAP for all incoming requests.

RAS1 router:

interface virtual-template 1

 ip address 10.0.10.1 255.255.255.0

 peer default ip address pool POOL1

 ppp authentication chap callin

ip local pool POOL1 10.0.10.10 10.0.10.20

username client password 0 cisco

RAS2 router:

interface virtual-template 1

 ip address 10.0.20.1 255.255.255.0

 peer default ip address pool POOL2

 ppp authentication chap callin

ip local pool POOL2 10.0.20.10 10.0.20.20

username client password 0 cisco

And last step is to assign the PPPoE profile to a physical interface.

interface fastethernet 0/0

 pppoe enable group CLIENT

 no shutdown

PPPoE Client Configuration

First step in client configuration is to setup Dialer interface. It is a logical interface that uses per destination dialer profile.

The dialer-list 1 command defines the interesting traffic. The dialer-pool command associates the dialer interface to a physical interface. The ip address negotiated command gets an IP address from the dialer interface by using PPP negotiation with the RAS server. The IP MTU is lowered to 1492 bytes as PPPoE has 8 bytes header and Ethernet can send a maximum of 1500 bytes. No authentication is done by the Client.

interface Dialer 1

 ip address negotiated

 encapsulation ppp

 ppp chap password 0 cisco

 dialer pool 1

 dialer-group 1

 ip mtu 1492

dialer-list 1 protocol ip permit

ip route 0.0.0.0 0.0.0.0 dialer 1

Then assign the dialer interface to a physical interface.

interface fastethernet 0/0

 pppoe enable

 pppoe-client dial-pool-number 1

Verification

When no negotiation between Client and Server is done, there is no IP address on Client.

Client# show ip int brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES unset  administratively down down

FastEthernet0/1            unassigned      YES unset  administratively down down

Dialer1                    unassigned      YES manual up                    up

When the interesting traffic matches the dialer-list, Client starts negotiation with the RAS servers. The Client sends a PADI packet with Destination address as broadcast Ethernet address.

Client# show debugging

PPPoE:

  PPPoE protocol events debugging is on

PPP:

  PPP authentication debugging is on

  PPP protocol negotiation debugging is on

!---The Client receives multiple PADO offer packets from RAS 1 and RAS 2 in response to PADI packet from the Client. The "I" indicates incoming PADO packets

Client#

*Mar  1 00:08:58.827:  Sending PADI: Interface = FastEthernet0/0

*Mar  1 00:08:58.855: PPPoE 0: I PADO  R:c202.0678.0000 L:c200.0678.0000 Fa0/0

*Mar  1 00:08:58.903: PPPoE 0: I PADO  R:c201.0678.0000 L:c200.0678.0000 Fa0/0

!----The Client chooses one PADO (RAS server) and sends a PADR packet to that particular RAS. The RAS responds with a PADS packet. This completes PPPoE Discovery Stage.

*Mar  1 00:09:00.875:  PPPOE: we've got our pado and the pado timer went off

*Mar  1 00:09:00.875: OUT PADR from PPPoE Session

*Mar  1 00:09:00.967: PPPoE 12: I PADS  R:c202.0678.0000 L:c200.0678.0000 Fa0/0

*Mar  1 00:09:00.967: IN PADS from PPPoE Session

!----After the Discovery stage, the PPP Session stage starts. PPP goes through Down, Establishing, Authentication and UP states.

*Mar  1 00:09:00.979: %DIALER-6-BIND: Interface Vi2 bound to profile Di1

*Mar  1 00:09:00.979: PPPoE: Virtual Access interface obtained.

*Mar  1 00:09:00.979: PPPoE : encap string prepared

*Mar  1 00:09:00.979: [0]PPPoE 12: data path set to Virtual Acess

*Mar  1 00:09:00.983: Vi2 PPP: Phase is DOWN, Setup

*Mar  1 00:09:00.983: Vi2 PPP: Using dialer call direction

*Mar  1 00:09:00.987: Vi2 PPP: Treating connection as a callout

*Mar  1 00:09:00.987: Vi2 PPP: Session handle[D6000038] Session id[0]

*Mar  1 00:09:00.987: Vi2 PPP: Phase is ESTABLISHING, Active Open

*Mar  1 00:09:00.987: Vi2 PPP: Authorization required

*Mar  1 00:09:00.987: Vi2 PPP: No remote authentication for call-out

*Mar  1 00:09:00.991: Vi2 LCP: O CONFREQ [Closed] id 1 len 10

*Mar  1 00:09:00.991: Vi2 LCP:    MagicNumber 0x000EB973 (0x0506000EB973)

*Mar  1 00:09:00.995: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

*Mar  1 00:09:01.111: Vi2 LCP: I CONFREQ [REQsent] id 1 len 19

*Mar  1 00:09:01.111: Vi2 LCP:    MRU 1492 (0x010405D4)

*Mar  1 00:09:01.111: Vi2 LCP:    AuthProto CHAP (0x0305C22305)

*Mar  1 00:09:01.115: Vi2 LCP:    MagicNumber 0x02144337 (0x050602144337)

*Mar  1 00:09:01.115: Vi2 LCP: O CONFNAK [REQsent] id 1 len 8

*Mar  1 00:09:01.115: Vi2 LCP:    MRU 1500 (0x010405DC)

*Mar  1 00:09:01.115: Vi2 LCP: I CONFACK [REQsent] id 1 len 10

*Mar  1 00:09:01.115: Vi2 LCP:    MagicNumber 0x000EB973 (0x0506000EB973)

*Mar  1 00:09:01.207: Vi2 LCP: I CONFREQ [ACKrcvd] id 2 len 19

*Mar  1 00:09:01.207: Vi2 LCP:    MRU 1500 (0x010405DC)

*Mar  1 00:09:01.207: Vi2 LCP:    AuthProto CHAP (0x0305C22305)

*Mar  1 00:09:01.207: Vi2 LCP:    MagicNumber 0x02144337 (0x050602144337)

*Mar  1 00:09:01.211: Vi2 LCP: O CONFACK [ACKrcvd] id 2 len 19

*Mar  1 00:09:01.211: Vi2 LCP:    MRU 1500 (0x010405DC)

*Mar  1 00:09:01.211: Vi2 LCP:    AuthProto CHAP (0x0305C22305)

*Mar  1 00:09:01.211: Vi2 LCP:    MagicNumber 0x02144337 (0x050602144337)

*Mar  1 00:09:01.215: Vi2 LCP: State is Open

*Mar  1 00:09:01.215: Vi2 PPP: No authorization without authentication

!----PPP CHAP Authentication is successful by RAS, Client does not perform any authentication indicated by the below otherwise it would say "by both"

*Mar  1 00:09:01.215: Vi2 PPP: Phase is AUTHENTICATING, by the peer

*Mar  1 00:09:01.327: Vi2 CHAP: I CHALLENGE id 1 len 26 from "RAS_2"

*Mar  1 00:09:01.331: Vi2 CHAP: Using hostname from interface CHAP

*Mar  1 00:09:01.331: Vi2 CHAP: Using password from interface CHAP

*Mar  1 00:09:01.335: Vi2 CHAP: O RESPONSE id 1 len 27 from "client"

*Mar  1 00:09:01.587: Vi2 CHAP: I SUCCESS id 1 len 4

*Mar  1 00:09:01.587: Vi2 PPP: Phase is FORWARDING, Attempting Forward

*Mar  1 00:09:01.595: Vi2 PPP SSS: Receive SSS-Mgr Connect-Local

*Mar  1 00:09:01.595: Vi2 PPP: Phase is ESTABLISHING, Finish LCP

*Mar  1 00:09:01.599: Vi2 PPP: Phase is UP

!-----Once the authentication is successful, the Client requests an IP address from the RAS and the RAS assigns one 10.0.20.10 from its pool

*Mar  1 00:09:01.599: Vi2 IPCP: O CONFREQ [Closed] id 1 len 10

*Mar  1 00:09:01.603: Vi2 IPCP:    Address 0.0.0.0 (0x030600000000)

*Mar  1 00:09:01.603: Vi2 CDPCP: O CONFREQ [Closed] id 1 len 4

*Mar  1 00:09:01.603: Vi2 PPP: Process pending ncp packets

*Mar  1 00:09:01.639: Vi2 IPCP: I CONFREQ [REQsent] id 1 len 10

*Mar  1 00:09:01.639: Vi2 IPCP:    Address 10.0.20.1 (0x03060A001401)

*Mar  1 00:09:01.639: Vi2 IPCP: O CONFACK [REQsent] id 1 len 10

*Mar  1 00:09:01.643: Vi2 IPCP:    Address 10.0.20.1 (0x03060A001401)

*Mar  1 00:09:01.711: Vi2 IPCP: I CONFNAK [ACKsent] id 1 len 10

*Mar  1 00:09:01.711: Vi2 IPCP:    Address 10.0.20.10 (0x03060A00140A)

*Mar  1 00:09:01.711: Vi2 IPCP: O CONFREQ [ACKsent] id 2 len 10

*Mar  1 00:09:01.711: Vi2 IPCP:    Address 10.0.20.10 (0x03060A00140A)

*Mar  1 00:09:01.759: Vi2 LCP: I PROTREJ [Open] id 3 len 10 protocol CDPCP (0x820701010004)

*Mar  1 00:09:01.759: Vi2 CDPCP: State is Closed

*Mar  1 00:09:01.759: Vi2 CDPCP: State is Listen

*Mar  1 00:09:01.783: Vi2 IPCP: I CONFACK [ACKsent] id 2 len 10

*Mar  1 00:09:01.783: Vi2 IPCP:    Address 10.0.20.10 (0x03060A00140A)

*Mar  1 00:09:01.783: Vi2 IPCP: State is Open

*Mar  1 00:09:01.787: Di1 IPCP: Install negotiated IP interface address 10.0.20.10

*Mar  1 00:09:01.803: Di1 IPCP: Install route to 10.0.20.1

*Mar  1 00:09:01.811: Vi2 IPCP: Add link info for cef entry 10.0.20.1

*Mar  1 00:09:02.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

The show ip interface brief command now shows that IP address that Dialer 1 interface receives from RAS server via IPCP.

Client# show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES unset  up                    up

FastEthernet0/1            unassigned      YES unset  administratively down down

Virtual-Access1            unassigned      YES unset  up                    up

Virtual-Access2            unassigned      YES unset  up                    up

Dialer1                    10.0.20.10      YES IPCP   up                    up

The show pppoe session command shows the status of PPPoE session. It also shows the Ethernet addresses of the Client and the RAS.

Client# show pppoe session

     1 client session

Uniq ID  PPPoE  RemMAC          Port                  Source   VA         State

           SID  LocMAC                                         VA-st

    N/A     12  c202.0678.0000  Fa0/0                 Di1      Vi2        UP

                c200.0678.0000                                 UP

A PADT packet is send either by the Client or the RAS when they wish to terminate the PPPoE session.

Client(config)#int dialer 1

Client(config-if)#shutdown

Client(config-if)#^Z

Client#

Client#

*Mar  1 00:12:03.903:  PPPoE : Shutting down client session

*Mar  1 00:12:03.903: [0]PPPoE 12: O PADT  R:c202.0678.0000 L:c200.0678.0000 Fa0/0

*Mar  1 00:12:03.907: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1

*Mar  1 00:12:03.915: Di1 DDR: dialer shutdown complete

*Mar  1 00:12:04.035: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

*Mar  1 00:12:05.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

*Mar  1 00:12:05.915: %LINK-5-CHANGED: Interface Dialer1, changed state to administratively down

Further reading:

http://www.thinkbroadband.com/guide/howitworks/