Embedded Files
LCP OPTIONS – MAKING PPP FLEXIBLE
When two PPP devices establish a connection using LCP, they can also negotiate options that tweak how the link behaves.
These options are like settings on a new device: they make the connection more efficient, reliable, and compatible with the hardware and protocols in use. Let’s break down the most common ones.
I. Async Control Character Map (ACCM / asyncmap)
What it is: The ACCM is a crucial part of PPP that decides which control characters need escaping during data transmission. Think of it as a character translator for PPP.
Why it Escapes: Some control characters can cause problems – like XON/XOFF, which halt the link. If we don't escape them, the connection could get paused.
How it Works (The Magic):
0x7D (PPP Escape Character): The core of the mechanism. It’s added before the original control character.
XOR with 0x20: This is the key transformation – it changes the control character's meaning.
Example: XOFF (0x13) becomes 0x7D 0x33. This means the connection shouldn't be treated as a stop signal.
In short: The ACCM is about disambiguating control characters, making sure the data flows smoothly.
II. Maximum Receive Unit (MRU)
What it is: The MRU is a limit on how much data a peer can send in a single frame.
Why it Matters: It prevents bottlenecks on slower links. Large packets consume bandwidth, causing delays.
Key Points:
Only Data Payload: MRU counts only the data part of the frame, not headers or FCS (Frame Control Sequence).
Typical Values: 1500 bytes or 1492 bytes (with a maximum of 65,535 bytes).
Minimum IPv6: 1280 bytes. This is a crucial requirement for IPv6 connectivity.
Big Picture: A smaller MRU improves efficiency on slower links.
III. Link Quality Reporting (LQR) – Tracking Link Performance
What it is: LQR is a feature that allows PPP to monitor how well the link is performing.
How it Works:
Periodic LCP Messages: Peers send LCP (Link Control Protocol) messages to share performance data.
Reports Include: Magic numbers, payload data, error/discard data, and LQRs exchanged.
QoS (Quality of Service): Allows configuration of link termination thresholds.
Goal: Identify issues and optimize performance.
IV. Callback – Secure and Charging Protocol
What it is: A security and charging feature for dial-up PPP.
Workflow:
Client Authentication: The client authenticates itself.
Server Disconnects: The server disconnects.
Purpose:
Cost-Effective Calls: Call tolls can be cheaper in one direction.
Extra Security Layer: Adds a layer of protection against eavesdropping.
Negotiated Protocol: Completed via LCP.
V. Padding (for Compression/Encryption)
What it is: Padding is used to fill extra bytes to ensure a minimum block size for compression or encryption.
Self-Describing Padding:
Positioned within the Data: The pad byte indicates the position of the padding.
Example: First pad byte = 0x01, last byte = total number of pad bytes.
Purpose: The receiver knows precisely how many bytes to trim to ensure data integrity.
VI. PPP Multiplexing (PPPMux)
What it is: A mechanism to allow a single PPP frame to carry multiple protocols or types of data.
How it Works:
Outer Protocol Field: 0x0059 (multiplexed frame).
Subframes: Each payload gets a subframe header with:
1 bit (PFF) – indicates if the payload is part of a protocol.
1 bit (LXT) – defines the length of the protocol field (1 or 2 bytes).
Protocol ID – Identifies the protocol (similar to the main header).
Benefits: Reduces header overhead, allows multiple data streams in a single PPP frame.
VII. Other Options
FCS Size: (16 or 32 bits - default 16) – Determines the minimum block size for the frame.
Address/Control Compression (ACFC) & Protocol Field Compression (PFC): Techniques for reducing overhead, especially for larger data packets.
Authentication Method Selection: Choosing the best authentication method.
Internationalization: Supports different languages and character sets.
In essence, these notes explain a complex PPP protocol that focuses on reliability, security, and optimization – all while handling the specific challenges of dial-up connections.
VIII. Quick Summary
MULTILINK PPP (MP)
Multilink PPP (MP), defined in [RFC1990], lets you combine multiple point-to-point links (like ISDN channels or modem lines) into a single high-speed logical link, called a Bundle.
Think of it like several small streams joining to make one big river.
I. Key Concepts
Basically, MP lets multiple physical links act as one while still being flexible.
II. Understanding the Problem: The Sequencing Problem
The core issue is that data transmitted over a network is inherently unreliable. It’s possible for packets to arrive at the receiver out of order – meaning the order in which they arrive is different from the order they were sent.
This is a major challenge for TCP (Transmission Control Protocol), which needs to guarantee the delivery of data accurately. Without a mechanism to handle out-of-order packets, TCP's reliability suffers.
III. The Naive Approach - The Teller Analogy
The naive approach you describe – sending each packet down every available link – is a good starting point, but it's fundamentally flawed for a network like the internet.
It’s like a bank teller giving the next customer to the next counter.
The teller isn’t optimizing the flow; they’re simply shuffling things around.
IV. The Sequencing Problem – A More Complex Scenario
The Sequencing Problem arises when you have multiple physical links (wires, channels, etc.) in a network.
Imagine you have multiple ‘counters’ (links) and you need to deliver each customer to the next counter.
The key difference is that each counter has a different speed (latency).
If you send packets one after another, the order of arrival matters.
Out-of-order packets drastically degrade performance.
V. The Solution - Fragmentation and Sequencing Headers
The solution leverages two key techniques:
Fragmentation:
Each packet is broken down into smaller pieces – called fragments.
Think of it like splitting a large document into smaller, more manageable pieces.
Sequencing Header:
Every fragment gets a special header – a header containing information like:
Sequence Number: The order in which the fragment arrived. This is crucial for reconstructing the original stream.
Timestamp: A timing information that specifies when the fragment arrived.
Other relevant data: (e.g. source and destination address, data payload).
VI. Here's a Step-by-Step Breakdown of the Solution
Fragmenting: When a packet arrives, it's broken into smaller fragments.
Sequencing Header Creation: Each fragment is assigned a unique sequence number. This number is crucial for reassembling the fragments into the correct order.
Reassembly: The receiver receives all the fragments. The receiver uses the sequence numbers to reassemble the fragments exactly in the same order they were sent. This is the core of how TCP works.
VII. Why This Works – The Key Advantages
Order Guarantee: The sequencing headers guarantee that the packets arrive in the correct order.
Reduced Delay: Because the receiver reassembles the fragments, it’s able to recover lost or corrupted packets.
Improved Reliability: TCP can maintain reliable data transfer even in the presence of network faults and delays.
Handles Network Variability: The sequencing header handles the varying delays across different links.
Analogy Revisited - The Teller
It’s like the teller now has a system to track each customer’s order. Even if a customer arrives out of order, the teller can quickly identify them and deliver the next order.
The Sequencing Problem highlights a critical challenge in network reliability.
The solution, fragmentation and sequencing headers, provides a robust mechanism for ensuring that data is delivered accurately, even when links have different delays.
It's a fundamental concept in the design of reliable communication protocols like TCP.
FRAGMENTATION HEADER FIELDS
I. Understanding MP’s Fragmentation Header
MP (MultiPart) is a crucial component of the UDP protocol that ensures data packets aren’t fragmented across the network.
It’s designed to handle scenarios where data is split into multiple packets – a common problem in real-world communication.
The fragmentation header provides the necessary information for the receiver to understand how the data is being divided.
II. Here’s a breakdown of the two main header sizes and their roles:
Short Header (2 Bytes):
Purpose: This header provides a basic identifier for the packet. Think of it as a simple fingerprint of the data.
Content: Typically, this header contains a 2-byte sequence of bytes (like a simple checksum). This check is used to quickly verify the integrity of the packet and detect errors.
Role: It's a fundamental, low-level piece of information. It's crucial for the receiver to know where to start looking for the data.
Long Header (4 Bytes):
Purpose: This header is specifically for the MP algorithm’s fragmentation handling. It's designed to identify the fragment identifier and the amount of data being fragmented.
Content: This header has four bytes. The first two bytes are the fragment identifier (a unique code) and the last two are the number of fragments. The fragment identifier is a bit more complex and used for sorting the fragmented data.
Role: This is the heart of the fragmentation detection and recovery mechanism. It allows the receiver to quickly determine which packets are fragmented and how many.
III. Why are these headers important?
Redundancy: The MP algorithm relies on the receiver checking these header values. It ensures that the receiver has a way to piece together the original data if it is fragmented.
Recovery: If a packet is fragmented, the receiver can use the header information to reconstruct the original data.
In short: The short header simply identifies the packet. The long header tells the receiver how to reconstruct the original packet.
Analogy:
Imagine you're sending a package in multiple legs. The short header is like the package's address. The long header is like the delivery instructions – it tells the recipient where to go next and how to connect the legs together.
Tip: If the frame is not fragmented, both B and E are set to 1.
IV. Negotiating the Bundle
MP (MultiPart) uses a set of specific options during the UDP negotiation process.
These options are essential for the receiver to effectively handle data fragments.
Essentially, they provide a structured way for the receiver to understand how the data is being divided into smaller pieces.
DYNAMIC BANDWIDTH – BAP/BACP
MP supports dynamic link management, useful when links are costly. Two protocols handle this:
I. BACP – Bandwidth Allocation Control Protocol
Negotiated once per bundle.
Determines the favored peer to prevent conflicts when both sides want to add links simultaneously.
II. BAP – Bandwidth Allocation Protocol
Handles the grunt work of adding/removing links.
Uses three packet types:
Together, BACP and BAP allow MP to scale bandwidth up and down smoothly.
III. Quick Summary – How MP Works
Create a Bundle → Multiple links act as one virtual link.
Fragmentation + Sequencing → Avoid packet reordering.
Negotiate MP LCP Options → MRRU, endpoint ID, header size.
Manage Bandwidth Dynamically → BACP picks a leader, BAP adds/removes links.
Think of it as a team of delivery trucks (links) working together: they share the load, make sure packages arrive in order, and can bring in more trucks when traffic increases.
PURPOSE OF CCP
The CCP’s primary purpose is to significantly improve throughput on slow PPP links (historically dial-up modems).
It achieves this through data compression, primarily focusing on minimizing delays caused by slow network connections.
It’s a crucial part of PPP's design for optimal performance.
I. CCP vs. LCP – Distinct Roles
LCP (Link Control Protocol): LCP is primarily concerned with establishing and managing the link itself. It defines the connection parameters – like the initial link state, and what’s expected in the future.
CCP: CCP focuses specifically on data compression. It’s a distinct protocol used for compression after LCP has established the link, acting as a mechanism for achieving faster data transfer.
II. CCP Operation - The Link Setup Process
LCP Negotiation: CCP is initiated after LCP has successfully established the PPP link. This happens during the LCP negotiation phase.
Independent Compression: CCP compression is applied to both directions of the PPP link simultaneously. This ensures that compression is applied to the entire connection, not just one direction.
III. Protocol Field
IV. CCP Packet Structure
Code: Identifies the type of compression operation being performed (e.g., CRC, VCC – Variable-Change Compression).
Identifier: A unique number assigned to each packet within the CCP. This allows for matching and tracking requests/responses.
Length: The length of the entire CCP packet.
Data/Options: Contains specific parameters related to the compression algorithm being used
Special CCP operations beyond LCP codes:
If an error is detected in a compressed frame, a reset-request is sent to reinitialize the compression state.
V. Compression of PPP Frames
Protocol Field 0x00FD/0x00FB: This is the core of the compression – it’s a specific format that carries the Compression-Required flag.
Multiple Packets: The algorithm can compress multiple packets in a single PPP frame, depending on the specific algorithm chosen.
Compression Algorithms: CCP supports a diverse set of algorithms, including BSD-Compress, Microsoft MPPC, and others.
VI. CCP & Multilink PPP (MP) – The Synergy
Combined Compression: CCP can compress either either the entire bundle of links (all member links combined) or individual member links (each link individually compressed).
This combination tackles different aspects of the link's characteristics.
VII. Transparency to Higher Layers
Decompression is Transparent: Once PPP frames are decompressed, higher-layer protocols (IP, XPC, etc.) are completely unaware of the compression that took place.
The network operates as if it’s using a standard, uncompressed stream of data.
VIII. CCP Key Points – Summary
Negotiated After LCP: CCP starts after LCP has established the PPP link.
Multiple Compression Algorithms: Supports diverse compression methods.
Reset-ACK: Uses reset-request/reset-ACK for consistent state management.
Transparent to Higher Layers: Doesn’t require knowledge of the compression from higher protocol layers.
Bundle/Per-Link Compression: Offers flexibility in compression strategies (compressing the entire connection or individual links).
PPP AUTHENTICATION
Before a PPP link can start passing real network data, the devices on each end often need to prove their identity. This is called authentication.
Without it, anyone could potentially connect and use your network.
Fun analogy: Think of PPP like a private highway—you need a pass before you can drive on it. Authentication is checking that pass.
I. No Authentication (Default)
PPP itself doesn’t require authentication by default.
In this case, the link skips the authentication exchange entirely.
When it’s okay: Trusted environments where security isn’t a concern (rare in practice).
II. Password Authentication Protocol (PAP)
How it works:
One peer asks the other for a password.
The peer sends the password in clear text over the link.
Pros: Simple and easy to implement.
Cons: Very insecure—anyone eavesdropping can capture and reuse the password.
Technical detail: PAP packets are encoded as LCP packets with Protocol field 0xC023.
Verdict: Only for very low-security scenarios—otherwise, avoid.
III. Challenge-Handshake Authentication Protocol (CHAP)
More secure than PAP because the password is never sent in clear text.
How it works:
Authenticator sends a random challenge to the peer.
Peer combines the challenge with a shared secret (usually a password) using a one-way function.
Peer sends back the result.
Authenticator checks the result. If it matches what it expects, the peer is authenticated.
Key points:
No password is sent directly, eavesdroppers cannot steal it.
A new random challenge each time prevents replay attacks.
Vulnerability: CHAP can still be tricked by a man-in-the-middle attack if additional protections aren’t in place.
Analogy: The authenticator gives you a puzzle. You solve it using a secret formula (password). The puzzle changes every time, so even if someone sees your answer, they can’t use it later.
IV. Extensible Authentication Protocol (EAP)
EAP is more like a framework than a single authentication method.
Supports 40+ authentication types, from simple passwords to advanced options like:
Smart cards
Biometrics
Provides a message format for carrying any authentication type.
When used with PPP:
Authentication may be delayed until the Auth state, right before the Network state.
This allows more complex and flexible access control decisions.
Often, a remote server (like RADIUS) handles the actual authentication, so the PPP server doesn’t need to process the details itself.
Think of EAP as a universal plug: it lets your network use many kinds of security keys without changing the underlying PPP machinery.
Quick Comparison of PPP Authentication Methods
Summary / Key Takeaways
PPP authentication happens before the Network layer starts passing traffic.
PAP is simple but insecure; CHAP is more secure; EAP is flexible and enterprise-ready.
CHAP uses challenges to avoid sending passwords over the link.
EAP allows modern authentication methods like smart cards, biometrics, and external servers.
Bottom line: For modern networks, EAP (often with RADIUS) is the standard choice. CHAP is okay for medium-security links, and PAP should rarely, if ever, be used.
PPP AND NCPS
I. PPP (Point-to-Point Protocol) – The Foundation of Direct Connections
What it Does: PPP is designed to create a direct, reliable connection between two devices – essentially, a point-to-point link. It’s a fundamental building block for network communication.
II. How it Works:
Link Setup & Authentication: First, the LCP (Link Control Protocol) establishes the basic connection and authenticates the two endpoints. This setup is crucial for security.
Network State Entry: After the LCP finishes, PPP enters the network state – a period where it begins negotiating parameters for the actual data transfer.
NCP Negotiation: At this point, NCPs (Network Control Protocols) start negotiating specific network-layer protocols. They're like the agreement on the rules of the road for data transmission at the lower levels.
Multiple NCPs in Play: Importantly, you can have multiple NCPs running simultaneously. This is vital because different protocols might have different priorities or requirements (e.g., IPv4 and IPv6 can coexist).
III. IPCP (IP Control Protocol) – The Protocol for IPv4 Connectivity
Purpose: IPCP is the protocol that actually establishes the connection between devices using PPP. It ensures a stable and reliable exchange of IPv4 data.
Key Details:
Field Values (0-7): The message field values are crucial. They dictate what kind of data is being exchanged:
Configure-Request: Starts the negotiation process.
Configure-ACK: Confirms the configuration.
Configure-NAK/Reject: Signals a problem or error.
Terminate-Request / Terminate-ACK: Indicates the end of the negotiation.
Code-Reject: An error code indicating a problem.
Vendor-specific Extensions: These are custom extensions designed by specific vendors (e.g., RFC 2153 for DNS). These extensions are added to make IPCP more flexible.
IPv4 Address Assignment: This is a core function - IPCP determines the IPv4 address assigned to each endpoint.
Compression: IPCP includes a mechanism to compress IPv4 packets (RFC 1144) to reduce overhead and bandwidth usage.
Key Benefit: It's the primary protocol for IPv4 communication over PPP.
IV. IPV6CP (IPv6 Control Protocol) – The Protocol for IPv6 Connectivity
Purpose: Similar to IPCP, but focused on IPv6 connectivity.
Key Details:
Interface Identifier (IID): This is a defining feature of IPv6. It's a 64-bit address that uniquely identifies the link between two IPv6 devices. Crucially, it's combined with the standard link-local prefix (fe80::/10). This means it creates a 64-bit address that's local to the link. The combination of IID and the link-local prefix allows IPv6 addresses to be automatically assigned, simplifying configuration.
Compression: IPCP also includes compression, as with IPv4.
Key Differences from IPv4: The most important distinction is the use of the IID instead of the globally unique IPv4 address. This makes IPv6 more adaptable and avoids the need to manually manage addresses.
IV. The Synergy – How They Work Together
PPPoPP (Point-to-Point Protocol over PPP): PPPoPP is a specific implementation that combines PPP and IPCP to create a secure, reliable connection.
It’s the most common way to establish a direct connection between two devices using PPP for IPv4 and IPv6.
V. In Summary
PPP provides the foundation for direct, low-level connections.
IPCP establishes the protocol for IPv4, manages address assignment, and includes compression.
IPVCP provides the protocol for IPv6, using IID for link-local addressing, compression, and automation.
📊 Key Takeaway - A Seamless Connection
The combination of these protocols allows PPP to seamlessly carry both IPv4 and IPv6 traffic, making networks more flexible and manageable.
They're a vital piece of the modern IP networking infrastructure.
PPP HEADER COMPRESSION: MAKING SLOW LINKS WORK 📉
The core idea behind PPP header compression is to drastically reduce the size of the TCP/IP headers that are sent over slow dial-up lines (like 56 kbps).
This was a significant problem because the full TCP/IP headers were too large, especially for small TCP ACKs (acknowledgements) that were sent with each packet.
I. Van Jacobson’s VJ Compression (RFC 1144):
What it was: This was the original and foundational compression technique.
How it worked: VJ compression replaced the vast majority of the TCP/IP header with a single-byte connection ID.
Key Changes:
Non-Changing Fields: It only changed the types of fields in the header (e.g., source port, destination port) once. This was a huge efficiency gain.
Differential Updates: As the data flowed, the fields within the header were updated (changed) as new data arrived. This allowed for more efficient compression.
Typical Header Size Reduction: Initially, it shrunk the header to around 3-4 bytes.
Impact: This was a massive improvement for TCP over slow links – significantly reducing bandwidth usage and latency.
II. IP Header Compression (RFC 2507, RFC 3544):
Generalization: This was an extension of VJ compression, making it adaptable to other link types beyond just PPP.
TCP, UDP, IPv4, IPv6: It supported various protocols like TCP, UDP, and IPv4, making it usable in a wider range of network scenarios.
Error Detection: Crucially, it included a mechanism to detect bad headers – if a compressed header contained invalid data, it could reconstruct the packet into garbage, which the recipient would still recognize. This is essential for reliability.
Link Type Flexibility: The goal is to treat the compression as a single mechanism that can be used across different network topologies.
III. Robust Header Compression (ROHC) (RFC 5225):
Latest Evolution: This is the most recent and sophisticated approach.
More Protocol Support: ROHC now handles a broader range of transport protocols beyond just RTP, UDP, and TCP. It's designed to be more resilient to packet loss and errors.
Multiple Compression Schemes: The system allows for different compression strategies to be active simultaneously. This provides more flexibility and adaptability to various network conditions.
Resilience: This design prioritizes robustness – the compression process is designed to be more resistant to disruptions in the network.
IV. Why It Matters – The Benefits:
Bandwidth Savings: Primarily, the compression reduces the amount of data transmitted. This means more data can be sent over the same network infrastructure.
Reduced Latency: By minimizing the data size, the delay experienced by the receiver (the recipient of the packets) is decreased, leading to faster response times.
Wireless/Cellular Relevance: In mobile and wireless networks, bandwidth is often extremely valuable. Small packets can easily be lost or distorted. ROHC’s resilience is particularly important here.
VoIP and Streaming: The emphasis on small packets in VoIP and streaming justifies the importance of this technique in these bandwidth-sensitive applications.
V. Overall Conclusion
PPP header compression has evolved from a simple hack for speed to a sophisticated, generalized system.
The core innovation of VJ compression paved the way, while ROHC provides a more flexible and robust mechanism for managing the complexities of modern network traffic.
It's a prime example of how incremental improvements can significantly impact network performance.
PPP DEBUGGING EXAMPLE (VISTA CLIENT ↔ LINUX SERVER)
I. Link Establishment (LCP) – The Foundation
Purpose: LCP initiates the entire negotiation process for establishing a secure, authenticated connection. It’s the starting point for a collaborative agreement.
Process:
Server Request: The server initially sends a request to the client to authenticate. This request includes the client’s security credentials.
Client Rejection & MS-CHAP v2: The client rejects the request, indicating it needs further authentication. It suggests MS-CHAP v2 as a possible solution.
Server Retries & MS-CHAP v2: The server then retries the authentication process with MS-CHAP v2. This continues until the client accepts.
Exchange of Options: Key options are negotiated:
EAP (Extensible Authentication Protocol): Specifies the authentication method used.
AP (Authentication Process): Details the authentication process itself (e.g., MS-CHAP v2).
MPPE (Microsoft Point-to-Point Encryption): A form of encryption, not compression, used to improve efficiency.
ACFC (Advanced Compression for Connection): Compression method used.
IPCP (IP Control Protocol): Negotiates IPv4 addresses and DNS/WINS options.
IPV6CP (IPv6 Control Protocol): Negotiates IPv6 link-local addresses.
Outcome: This initial exchange ensures the client is authorized to connect and that the negotiation process is initiated correctly.
II. Authentication – Verifying Identity
Server’s Role: The server's primary function is to verify the client's identity.
CHAP Challenge: The server sends a challenge – a piece of information – to the client in the form of a challenge to the client.
Client Response: The client responds with a response – typically a certificate or authentication data – confirming their identity.
Server Validation: The server checks the client’s response against the defined rules (e.g., certificate validity, authentication data match).
Success/Failure: If the validation succeeds, the server confirms authentication – the link is authenticated.
III. Network Layer Protocols (NCPs) – Orchestrating the Connection
After Authentication: Once the connection is established, the process shifts to the Network State, focusing on establishing a reliable communication path.
PPP (Point-to-Point Protocol): The cornerstone of the protocol. PPP manages the connection between the client and server.
NCP Breakdown:
CCP (Compression Control Protocol): This is critical for MPPE – it’s responsible for the compression of data packets. MPPE uses a forward-errors-first (FE) compression algorithm.
IPCP (IP Control Protocol): This protocol addresses IPv4 addresses and DNS/WINS options.
IPV6CP (IPv6 Control Protocol): This handles IPv6 link-local addresses and ensures IPv6 connectivity.
Essentially: PPP orchestrates the communication by handling the different network aspects required for establishing a secure link.
IV. Address Assignment – The Basics of IP
Server Assignment:
IPv4: The server assigns itself a unique IPv4 address – 192.168.0.1.
IPv6: The server assigns a derived address – fe80::1234:5678:9abc:def01 – this creates a unique ID that represents the MAC address.
Client Proposal: The client initially proposes a generic IPv4 address – 0.0.0.0.
Client Acceptance: The client actively accepts 192.168.0.2 and the IPv6 address fe80::dead:beef. This shows the client is agreeing to a unique identifier.
Link Established: The connection is established through these addresses.
V. Observations – Key Considerations & Flexibility
MPPE (Microsoft Point-to-Point Encryption): This is a crucial element. It's not a compression algorithm, but rather a mechanism to improve efficiency. It encrypts data packets, offering better performance in situations with high latency.
VJ Header Compression (Van Jacobson TCP/IP Header Compression): This optimizes the TCP/IP header by compressing it, reducing overhead and improving throughput.
Multiple ConfReq/ConfNak/ConfAck/ConfRej: This demonstrates the protocol's dynamic nature – it can handle multiple scenarios while maintaining security. It's a complex mechanism for dealing with various connection states and potential issues.
Low-Latency Considerations: The negotiation delays are a significant point to note – these are particularly noticeable over long distances (satellite). The protocol is designed to adapt to different link speeds.
In essence, we’re talking about the modular and iterative nature of PPP's negotiation, highlighting the key components and their roles in establishing a secure and well-defined connection.
LOOPBACK
I. What is the Loopback Interface?
Definition: The loopback interface is a software-based virtual network interface. Think of it as a real network interface, but it doesn’t actually connect to anything outside your computer.
Purpose: It’s used primarily for testing and debugging software on your local machine. It allows your computer to talk to itself.
Why it’s important: It's a crucial part of how computers communicate internally – it lets them test things without needing to connect to external networks.
II. Key Differences Between IPv4 and IPv6 Loopback
IPv4:
Reserved Block: 127.0.0.0/8 – This is a special block of IP addresses that’s always available for the localhost (your own computer). It’s the standard address used for testing locally.
Most Common Address: 127.0.0.1 → named localhost – This is the address you commonly use to access your own computer on the network.
Loopback Loops: Any address within the 127.0.0.0/8 range can loop back. This makes it easy to test connectivity to the local machine.
IPv6:
Single Reserved Address: ::1 – A single, unique address for localhost.
Prefix Length: /128 – Represents a single address.
Named localhost: ::1 is also used as the name for localhost.
III. How It Works (Linux Example)
Interface Name: lo – This is the name of the loopback interface.
IPv4: 127.0.0.1 with mask 255.0.0.0 – This is the address you'd normally use to connect to your computer.
IPv6: ::1/128 – This represents a single address within the loopback network.
MTU (Maximum Transmission Unit): Often set to 16 KB – This is the maximum size of a packet that can be transmitted over the loopback interface. It’s a limit to efficiency.
Traffic Statistics: Packets sent/received internally – The loopback interface is useful for measuring how much data your computer is actually using.
IV. Windows Example
Default Support: Loopback is automatically supported by Windows by recognizing 127.0.0.0/8 and ::1.
Optional Adapter: Microsoft Loopback Adapter – Allows for more advanced testing and debugging.
Virtual Ethernet Device: Appears as a virtual Ethernet device with addresses for both IPv4 and IPv6.
Example Addresses:
169.254.x.x.: This is a standard IPv4 address for your computer.
fe80::....: This is a standard IPv6 address for your computer.
V. Special Considerations (Important)
Applications Can Control Loopback: Applications can decide whether to loop back to the sender (e.g., testing a network client).
Uses:
Testing network applications without needing a real network connection.
Measuring how well a software application handles network traffic.
Running client and server software on the same machine.
The loopback interface is a fundamental building block for network testing and debugging in computer systems – it’s a really valuable tool for developers and system administrators.
MAXIMUM TRANSMISSION UNIT (MTU)
Definition: The largest frame size (payload) that a link-layer network (like Ethernet) can reliably carry. Think of it as the size limit for data packets traversing a network segment.
Ethernet MTU: ~1500 bytes – This is the standard, commonly used MTU for Ethernet. It's a critical configuration setting for ensuring data can be transmitted efficiently.
PPP MTU: Often set to match Ethernet for compatibility. This is a common practice because interoperability is key when multiple PPP devices are connected.
Effect: If an IP datagram (a packet containing data) is larger than the MTU, the IP must fragment it. This means the IP packet will be split into smaller pieces before it’s sent.
II. Path MTU Discovery (PMTUD)
Definition: The smallest MTU along the path between two hosts. It’s a fundamental concept for ensuring packets can traverse all links without fragmentation.
Why it’s Important:
Seamless Communication: PMTUD is vital because it avoids fragmentation, which can disrupt communication and cause problems. It’s a necessary condition for reliable data transfer.
Dynamic Paths: It acknowledges that paths can change dynamically over time – routers can route packets through different paths, potentially changing the MTU.
Asymmetric Paths: PMTUD works across asymmetric paths (e.g., A->B vs. B->A) because the MTU can vary significantly between these different paths.
Mechanism:
Sender attempts: The sender tries to send packets at a size that matches the MTU.
Router Response: If a router receives a packet that is larger than the MTU, it sends back an ICMP Packet Too Big message. This message signals to the sender that they need to reduce their packet size.
Sender Reduction: The sender then reduces the size of its packet accordingly.
Requirement: PMTUD is mandatory in IPv6. It's a cornerstone of IPv6's design for ensuring packet delivery.
III. Complementary Approach (RFCs)
RFC 1191 (IPv4): Defines the MTU in IPv4.
RFC 1981 (IPv6): Defines the MTU in IPv6.
PLPMTUD (Packetization Layer Path MTU Discovery): This is a key addition to IPv6.
Approach: Instead of relying on ICMP, it uses transport-layer probing to discover usable packet sizes locally on the path. This approach is more resilient.
How it Works:
Sender sends first: The sender tries to send a packet that's a bit larger than the MTU.
Router responds: If the router can't forward the packet due to the MTU, it sends back a message.
Sender adjusts: The sender reduces the size of the packet to accommodate the MTU.
Avoids Reliance on ICMP: This is a significant advantage because ICMP (the protocol used for error reporting) can be blocked or delayed, potentially interrupting communication.
In essence:
MTU: The maximum size of a single packet.
PMTUD: Ensures packets can travel across a network without unnecessary fragmentation, especially crucial for IPv6's layered approach. It provides a mechanism for dynamically adjusting packet sizes when paths change.
WHAT IS TUNNELING?
Tunneling is the technique of carrying one network protocol inside another, like a train traveling inside a tunnel.
I. TUNNELING: LIKE A TRAIN INSIDE A TUNNEL
Core Concept
Tunneling is essentially creating a shortcut or an enclosed path through a network, allowing you to send data across existing infrastructure without physically connecting it.
Think of it like a train traveling inside a tunnel – it doesn't go through the tunnel, it goes around it.
Why do we use it?
Networks are often built with layers – each layer has its own rules and limitations. Tunneling lets us:
Connect disparate networks: You can connect a LAN (like your home network) to the Internet, or a company network to a cloud server, without needing a direct, complex connection.
VPNs: Create secure, encrypted connections across networks. A VPN encrypts your data as it travels, hiding your IP address and location.
Overlay Networks: Create virtual networks that are easier to manage and extend than the physical infrastructure.
II. Common Tunneling Protocols – The Ways We're Tunneling
Let’s look at some specific examples of how tunneling works in practice:
GRE (Generic Routing Encapsulation):
What it does: It's a protocol that wraps data packets inside another packet, creating a logical tunnel between two networks.
How it works: It’s a layer 3 protocol, meaning it operates at the network layer (Layer 3) of the OSI model.
Key Benefit: It's really useful for routing between different providers (ISPs, branch offices) and for creating virtual point-to-point links. It's simple to set up and widely used.
PPTP (Point-to-Point Tunneling Protocol):
What it does: This protocol specifically creates a virtual point-to-point link between two devices (e.g., two computers or routers) on the same network.
How it works: It wraps PPP (Point-to-Point Protocol) frames inside GRE.
Use Cases: Frequently used for remote access to corporate networks. It often includes encryption (MPPE - Multi-Protocol Encryption with PKI) for enhanced security. Think of it as a secure tunnel for connecting to the company's network.
L2TP (Layer 2 Tunneling Protocol):
What it does: L2TP is a layer 2 protocol, meaning it operates on the physical layer (Layer 2).
How it works: It provides secure tunneling. It is often combined with IPsec for added security.
Key Benefit: Provides a secure connection over the IP network.
In short: These protocols work by creating virtual pathways or tunnels for data to travel between networks, enabling new ways to connect and manage networks.
Let's summarize it with a quick comparison:
III. GRE HEADER OVERVIEW
The Standard GRE header is a crucial component of Layer 3 tunneling, acting as a vital piece of data that identifies the nature of the traffic being routed.
It's essentially a metadata box that tells the network about what’s going on.
The Key Features and Roles of GRE include:
Purpose: Layer 3 Tunneling & Metadata
GRE’s primary job is to create a secure and logical connection between two networks, regardless of their underlying IP addresses or routing protocols. It’s a lightweight layer that lets you tunnel data traffic across networks.
The 4-Byte Header (C Bit)
Checksum Field (Optional 16-bit): This is critical. GRE uses a checksum to verify the integrity of the data within the header. If the checksum is incorrect, the packet is discarded, ensuring data isn't corrupted during transit. The presence of this field indicates that the header contains a checksum.
Reserved1 (Always 0): This is a constant value that signifies that a checksum is present. It's a standardized marker.
Protocol Type (Extended GRE Header - RFC 2890)
This field is extremely important. It tells the network what protocol is encapsulated within the GRE header. It’s like a label on the packet saying, This data belongs to this type of traffic. Common examples include:
IPv4: For IPv4 packets.
IPv6: For IPv6 packets.
PPP (Point-to-Point Protocol): For PPP connections (like secure remote access).
Other protocols: Like IP, and even some specialized protocols.
K Bit (Key Field)
Key: This bit acts as a unique identifier for the flow of data.
It’s used to reorder packets within the GRE tunnel, which is vital for scenarios like NAT (Network Address Translation) - allowing multiple devices behind the same public IP address to communicate.
It essentially helps the network determine the order in which packets should be processed.
S Bit (Sequence Number)
Used for reordering packets.
In a multi-hop network (like a VPN), packets are often sent out of order.
The S bit allows the network to reorder packets based on their sequence numbers so that they arrive at their destination in the correct order.
Optional Fields (Key, Sequence Number): These fields provide more granular control for the GRE protocol.
Key Characteristics & Usage
Layer 3 Tunneling: GRE operates at the network layer (Layer 3) of the OSI model – meaning it’s not a transport layer protocol like TCP or UDP.
Encapsulation: It’s a minimal encapsulation mechanism. GRE primarily focuses on routing and metadata. It doesn't provide the robust security or data integrity features of other protocols.
Network-Focused: GRE is designed for use within networks (like the Internet or a company’s internal LAN). It's not designed for end-to-end, complex communication.
In essence, the Standard GRE Header is the foundation for creating logical tunnels within a network – allowing packets to be routed and authenticated without needing a full-blown connection between endpoints.
IV. PPTP (GRE + PPP)
This section focuses on the core functionality and differences of the PPTP protocol, which builds upon the existing PPP (Point-to-Point Protocol) technology. It’s essentially a modernized version of PPP, prioritizing speed and security.
Uses a Non-Standard GRE Header with Extra Fields
Why it matters: This is a critical design choice.
The standard GRE header is relatively basic.
The extra fields (R, s, A, Flags, Recur) are not standard and are designed specifically for PPTP.
What they do:
R (Remote): Identifies the session as being run remotely.
s (Sequence): A unique sequence number for the packet. This is crucial for flow control and ensures reliable delivery. It's used for tracking the largest packet seen by the peer.
A (Acknowledgment): Acknowledges the receipt of the packet.
Flags: Control bits for various aspects of the connection (e.g., SYN, ACK, RST).
Recur (0): Indicates that the packet is not a reflection (no cycle).
Significance: This non-standard header allows PPTP to efficiently manage multiple connections within a single IP network.
K, S, A Bits:
Indicate Presence of Key, Sequence, and Acknowledgment Numbers.
These three bits are essential for PPTP’s flow control and reliability mechanisms.
K (Key): Used for secure communication. It's a unique key that is exchanged between the client and server.
S (Sequence): Identifies the sequence number of the packet. This helps ensure that packets arrive in the correct order.
A (Acknowledgment): The server acknowledges the receipt of the packet.
Role in Flow Control: The K/S/A bits are used to establish and maintain the TCP connection. The server uses these bits to track the number of packets sent and received.
Sequence Number
Tracks the Largest Packet Seen by the Peer → Helps Flow Control and Reliability.
The Core Concept: This is the defining feature of PPTP. The sequence number acts as a fingerprint for the session. The server maintains a record of the largest packet ID seen by the peer. This allows for:
Flow Control: The server can send packets at a slightly higher rate than the client, preventing the client from being overwhelmed.
Reliability: If a packet is lost or delayed, the server can retransmit it by looking at the sequence number.
PPTP Session Setup
Control Connection (TCP):
Client → Server: The initial connection setup. It begins with a type 1 request, setting up a TCP connection.
Server Responds with START CTRL CONN RPLY: The server confirms the connection and responds with a START CTRLCONN message to indicate the start of the PPP process.
Outgoing Call Request:
Client → Server: A request for a connection to initiate a call.
Server Configures Maximum Speed (100 Mbps) and Window (64): This is the foundation of PPTP's speed control – setting a maximum rate and a window size (the amount of data that can be sent before retransmission) to optimize performance and prevent congestion.
PPP Process (pppd) Starts:
GRE Tunnel Created: The PPTP daemon (pppd) begins working, establishing a GRE tunnel.
PPP Negotiates…: This is where the actual negotiation happens.
LCP (Link Control Protocol) options: (Initial settings of LCP)
Authentication (CHAP/MS-CHAPv2): A cryptographic authentication method for secure communication.
Compression (CCP): Used to compress data for faster transmission.
IP Configuration via IPCP/IPv6CP: This is a crucial step – PPTP configures the IP address and DNS/WINS settings for the remote client.
Encryption & Compression: MPPE, Stateless or Stateful Compression:
MPPE (Multiplexed Packet Encryption): Used for encrypting the data. It's an encryption protocol optimized for PPTP.
Stateless or Stateful Compression: PPTP offers both. Stateless compression allows the server to compress data in advance, improving performance, while Stateful compression builds upon this.
IP Configuration:
IPCP/IPv6CP: PPTP sets up IP addresses and DNS/WINS records.
Unsupported Options Rejected/NAked: The server's system rejects any IP addresses or DNS settings that don’t conform to the required format.
Tunnel Fully Operational:
GRE Accepts Packets: The GRE tunnel is established and ready to handle incoming packets.
PPP Interface (ppp0) Assigned Addresses: The PPTP daemon assigns a specific IP address and port to the PPP interface.
Remote Client Behaving as if Directly Connected: The remote client's operating system behaves as if it is directly connected to the LAN.
In essence, the key takeaway is that PPTP leverages a TCP connection but utilizes a GRE protocol with configurable stream control and security features to provide a fast and secure connection.
WHAT ARE UDLS?
Essentially, they're links that operate only one way. Think of them like a one-way street for data – they’re designed to send information in a single direction.
Satellite internet is a classic example of a unidirectional link. The signal travels in one direction: it is transmitted from a ground station up to the satellite, and then the satellite beams that signal down to a receiver on the ground.
In a standard satellite internet connection, the data flow is one-way. It goes from the broadcaster, up to the satellite, and then down to your dish.
The Challenge: Traditional protocols like PPP (Point-to-Point Protocol) rely on bidirectional communication – they need to negotiate and acknowledge messages back and forth. This complexity makes them less efficient for satellite connections.
I. RFC 3077 Solution – The Tunneling Approach
The Solution: Combining UDLs with Tunneling. RFC 3077 proposed a clever way to overcome this challenge.
Tunneling – Creating a Bridge: They used a secondary internet interface (a tunnel) to wrap the UDL connection.
GRE (Generic Routing Encapsulation): This is the key technology. It’s like a transparent layer that encapsulates the UDL traffic, making it look like it's going through a regular IP packet.
Dynamic Tunnel Configuration Protocol (DTCP): This is the smart part. It automates the tunnel setup process:
Downstream Traffic: When data is sent downstream (from the satellite to the receiver), DTCP automatically sends it through the tunnel.
Learned Addresses: It figures out the MAC and IP addresses of the tunnel endpoints.
User Selection: The user selects a tunnel endpoint, and DTCP configures the GRE tunnel for the upstream traffic.
II. Impact on Protocols
Hiding Asymmetry: UDLS hides the fact that the communication is unidirectional. It makes it appear like the data is flowing in two directions.
Asymmetric Performance – The Cost: This apparent bidirectionalness has a significant impact on how other protocols work.
Downstream (Satellite): High bandwidth, high latency – this is faster data transfer.
Upstream (Dial-up/Tunnel): Low bandwidth, lower latency – this is slower data transfer.
TCP & Other Protocols Problem: This mismatch can disrupt the proper functioning of protocols like TCP (which uses bidirectional handshakes for reliability).
III. Related Tunnel Autoconfiguration (6to4 & Teredo)
6to4: This is a technique that lets IPv6 packets tunnel over IPv4. It’s like a shortcut for sending IPv6 data through IPv4.
Teredo: Another technique that’s designed to work through NAT (Network Address Translation) – NATs are a common security mechanism that hides the true origin of data. It’s a way to make sure data can still be tunneled even when NATs are in place.
IV. Key Takeaway
UDLs are a common pattern for satellite and hybrid connections.
RFC 3077 + DTCP is a way to make the UDL seem like a bidirectional connection.
It's a workaround, but the performance impact can be significant.
Tunnel autoconfiguration (6to4, Teredo) demonstrates how similar concepts are used in IPv6 transition scenarios.
In essence, UDLS is a technique that uses tunneling to create a virtual, bidirectional connection for satellite internet, but it comes at a performance cost due to the inherent asymmetry in data flow.
ATTACKS ON THE LINK LAYER
Attacking the link layer is a popular move because it sits below TCP/IP. That means higher layers often don’t see what’s going wrong, making these attacks harder to detect and stop.
Even though many of these attacks are well known today, they still matter because link-layer problems ripple upward and can seriously affect network behavior.
Let’s walk through the big ones.
I. Ethernet Sniffing (Promiscuous Mode)
What’s going on?
Ethernet interfaces can be placed in promiscuous mode, meaning they accept all frames, not just ones addressed to them.
Why this used to be dangerous?
Back in the day:
Ethernet was literally a shared cable
Anyone on the wire could sniff traffic
Protocols often sent passwords in plain text
Attackers could just read packet contents like a book
Why it’s harder now?
Two major improvements shut this down:
Switch
Switches only send traffic to the correct port
Attackers usually see only their own traffic + broadcasts
Encryption at higher layers - Even if packets are captured, the contents are unreadable
👉 Bottom line: sniffing still exists, but it’s far less useful today.
II. Switch Attacks (MAC Table Abuse & STP Attacks)
MAC Table Flooding
Switches keep a table mapping MAC addresses → ports.
An attacker can pretend to be thousands of fake devices
The switch’s table fills up
Legitimate entries get pushed out
Result: traffic gets dropped or broadcast everywhere
This can lead to service interruptions or enable further sniffing.
Spanning Tree Protocol (STP) Attacks
STP decides which switch becomes the root bridge.
An attacker pretends to be a switch
Claims it has a low-cost path to the root
Traffic gets redirected toward the attacker
🔥 This is worse than table flooding because it can redirect large volumes of traffic directly to the attacker.
III. Wi Fi Attacks (Eavesdropping Gets Easier)
Wi Fi makes things even easier for attackers because:
The medium is shared air
Anyone nearby can listen
Packet Sniffing
Wireless interfaces can enter monitor mode
This allows capturing packets from the air
Slightly harder than Ethernet promiscuous mode, but still doable
War Driving
Early attacks involved:
Driving around
Scanning for open Wi Fi networks
Connecting to unsecured access points
Some networks were completely open and used captive portals (registration pages)
Captive Portal Hijacking
Attackers could:
Watch a legitimate user register
Copy their MAC address
Impersonate them
Hijack the connection
No password cracking needed, just timing and observation.
IV. Wi Fi Cryptography Attacks (WEP Disaster)
Early Wi Fi security used WEP encryption.
WEP was fundamentally broken
Attacks were so effective that:
Keys could be recovered quickly
Encryption was basically useless
This forced the IEEE to act:
WPA improved things somewhat
WPA2 became the real fix
WEP is now officially unsafe and not recommended
V. Attacks on PPP Links
If an attacker can access the PPP communication channel, several problems arise:
Weak Authentication
With PAP, passwords are sent in clear text
Sniffing the link = stealing the password
Attacker can reuse it later
Higher-Layer Side Effects
If PPP carries routing or control traffic
Attackers can inject or manipulate that traffic
This can destabilize the entire network
VI. Tunneling: Target and Tool
Tunnels are interesting because they can be attacked themselves, or used to attack others.
Tunnels as a Target
Tunnels pass through public networks (like the Internet)
Attackers can:
Intercept and analyze tunnel traffic
Launch DoS attacks by opening too many tunnels
Attack tunnel configuration directly
If configuration is compromised, an attacker might open an unauthorized tunnel
Tunnels as a Tool
Once compromised, tunnels become weapons:
Protocols like L2TP or GRE can:
Inject traffic directly into private networks
Bypass higher-layer security controls
🔥 Example GRE attack:
Traffic is injected into a non encrypted tunnel
Appears at the tunnel endpoint
Gets forwarded as if it originated inside the private network
VII. Big Picture Takeaways
Link-layer attacks are dangerous because they’re hard to see from above
Modern defenses (switches, encryption, WPA2) help a lot — but misconfigurations still kill
Wi Fi increases exposure because the medium is open
Weak authentication (PAP, WEP) is basically an invitation to attackers
Tunnels must be secured properly or they become backdoors
SUMMARY: LINK LAYER IN TCP/IP 📜
This chapter explored the link layer, the lowest layer of the Internet protocol suite relevant to TCP/IP, and how it supports communication across diverse physical networks.
🔑 Key Points
Ethernet Evolution
Grew from 10 Mb/s to 10 Gb/s and beyond.
Added features like VLANs, priorities, link aggregation, and envelope frame formats.
Full-duplex operation replaced half-duplex, improving efficiency.
Switches surpassed bridges by creating direct paths between stations.
Wi-Fi (IEEE 802.11)
Operates in 2.4 GHz and 5 GHz bands.
Became one of the most widely used IEEE standards.
Security evolved from weak WEP → transitional WPA → strong WPA2.
Point-to-Point Protocol (PPP)
Encapsulates IP and non-IP packets using an HDLC-like frame format.
Used from dial-up modems to fiber links.
Includes LCP (link setup), NCPs (network-layer configuration), authentication, compression, and encryption.
Simplified by supporting only two parties (no shared medium access).
Loopback Interface
Special addresses: 127.0.0.1 for IPv4, ::1 for IPv6.
Used for internal testing and communication within a host.
MTU & Path MTU
Maximum Transmission Unit defines the largest frame size per link.
Path MTU ensures packets fit across all links in a route.
Tunneling
Encapsulates lower-layer protocols inside higher-layer packets.
Enables overlays like IPv6 over IPv4 or VPNs.
Link-Layer Attacks
Range from simple traffic interception to complex manipulations.
Examples: masquerading endpoints, altering STP, hijacking tunnel endpoints, or DoS via jamming.
✅ Key Takeaway
The link layer’s strength lies in flexibility: TCP/IP can run over almost any link technology, from Ethernet and Wi-Fi to PPP and tunnels.
This adaptability is a major reason for the Internet’s success.
While vulnerabilities exist, the ability to abstract diverse physical networks into a unified IP layer ensures global connectivity.
We're done with chapter 3.
Page updated
Google Sites
Report abuse