Transcript PPP
It defines the format of the frame to be exchanged
between devices.
It defines how two devices can negotiate the
establishment of the link and the exchanged of
data.
It defines how network layer data are encapsulated
in the data link frame.
It defines how two devices can authenticate each
other.
PPP is not a single protocol but a protocol suite
and consists of:
1. Framing method (frame/packet delineation):
Serial lines provide bit transport, thus a means
for finding the start of packets is required.
2. Link control protocol (LCP):
LCP is used for establishing a data link including
options for the operation.
3. Network control protocol (NCP):
Each network protocol, e.g. IP, has its own NCP
for establishing and configuring the networklayer operation.
4. Authentication protocols (CHAP, PAP, EAP):
Client (and optional server) authentication
make sure the right communication partners
talk to each other.
5. Encryption protocols (ECP, DES, AES etc.)
for privacy.
usually client) and the responder (R, usually
server).
6. Bandwidth control (BACP): „Bonding“ of
multiple channels (Multilink PPP-MLPPP) to
provide more bandwidth.
7. Compression control (CCP).
Serial lines are usually comparably slow.
Compression provides more throughput.
PPP affords error detection (checksum).
PPP allows to dynamically assign an IP address
(NCP).
PPP provides authentication (PAP / CHAP)
PPP is a symmetric protocol: the 2 parties in a
PPP session are the initiator (I,
PPP FRAME
NCP (Network Control Protocol):
Dynamic assignment of IP address.
Dynamic assignment of DNS primary and secondary
server.
The host must set a default route to the PPP interface
since there is no default gateway IP address (the link is
point-to-point with no IP address = unnumbered).
LCP (Link Control Protocol):
Used for establishing the link.
Allows to negotiate link options: Authentication protocol to b
used. Header compression / address field compression. MRU
(maximum receive unit).
Periodically test the link (LCP Echo request / reply).
Bring down the link gracefully when no longer in use.
Transition states
A PPP connection goes through different phases called transition sates.
Idle state. The idle state means that the link is not
being used. There is no active carrier, and the line
is quiet.
Establishing link. When one of the end point starts
the communication, the connection goes into the
establishing state. In this state, options are
negotiated between the two parties. If the
negotiation is successful, the system goes to the
authenticating state (if authentication is required)
or directly to the networking state.
Authenticating state. The authenticating state is
optional. If the result is successful , the connection
goes to the networking state; otherwise, it goes to
the terminating state.
Networking State. When a connection reaches this
state, the exchange of user control and data
packets can be started. The connection remains in
this state until one of the endpoints wants to
terminate the connection.
Terminating state. When the connection is in the
terminating state, several packets are exchanged
between the two ends for house cleaning and
closing the link.
PPP is a data-link layer protocol, PPP uses a stack
of other protocols to establish the link, to
authenticate the parties involved, and to carry the
network layer data.
Three sets of protocols are used by PPP: Link
control protocol, authentication protocols, and
network control protocol.
Protocol stack
LCP packet encapsulated in a frame
Authentication plays a very important role in PPP
because PPP is designed for use over dial-up links
where verification of user identity is necessary.
Authentication means validating the identity of a
user who needs to access a set of resources.
PPP uses two protocols for authentication:
Password Authentication Protocol (PAP) and
Challenge Handshake Authentication Protocol
(CHAP)
1.
2.
The PAP is a simple authentication procedure
with two steps:
The user who wants to access a system sends an
ID (identification) and a password.
The system checks the validity of the
identification and password and either accepts or
denies a connection.
For those systems that require greater security,
PAP is not enough. A third party with access to
the link can easily pick up the password and
access the system resources.
PAP
PAP packets
The CHAP protocol is a three-way handshaking
authentication protocol that provides greater
security than PAP.
In this method, the password is kept secret; it is
never sent on-line.
Steps
The system sends to the user a challenge packet
containing a challenge value, usually a few bytes.
The user applies a predefined function that takes
the challenge value and the user’s own password
and creates a result. The user sends the result in
the response packet to the system.
The system does the same. It applies the same
function to the password of the user and the
challenge value to create a result. If the result
created is the same as the result sent in the
response packet, access is granted; otherwise, it is
denied.
CHAP
CHAP packets
An example