120 likes | 139 Views
Explore the phases of PPPoE connection setup, authentication, and termination. Learn about PPP, RADIUS, and network-layer protocols involved in establishing and managing PPPoE connections.
E N D
Labcourse “Routerlab” Customer Access
The big picture Phone Network Phone Exchange Point of Presence Core Network ATM Network PPP-AC DSLAM Core Routers Access Router DSL Router Customer Datacenter Datacenter Modem Splitter Home Network
Accessing the Net PPPoE Connection ATM Circuit IP Data Phone Exchange Point of Presence Core Network ATM Network PPP-AC DSLAM Core Routers Access Router DSL Connection DSL Router Customer Datacenter Datacenter Modem Splitter RADIUS Auth. Request Home Network
PPP – Point-to-Point Protocol • Encapsulates other protocols (tunnel) • Enables AAA (authentication, authorization, accounting) • Supports auto-configuration • We consider IP over PPPoE (PPP over Ethernet)
Phases of PPP No Established successful? Need authentication? Link Establishment Phase Authentication Phase Yes Link Dead Yes No Authentication successful? Link Termination Phase Network-Layer Protocol Phase Yes No
PPPoE Frame 0x8863: PPPoE Discovery 0x8864: PPPoE Session Ethernet Frame Data Dst. Addr Src. Addr Type PPPoE 0x00: Data 0x07: PADO 0x09: PADI 0x19: PADR 0x65: PADS 0xa7: PADT Always 0x1 Always 0x1 Announced in PADS Frame, before: 0x0000 Version (4 Bit) Type (4 Bit) Code (1 Byte) Session-ID (2 Byte) Length (2 Byte) PPP Protocol (2 Byte) Payload Length in Bytes 0x0021: IP 0x8021: IP Control Prot. (IPCP) 0xc021: Link Control Prot. (LCP) 0xc023: Password Auth. Prot. (PAP) 0xc223: Challenge Handshake Auth. Prot. (CHAP) Payload (variable)
PPPoE Session DSL-AC Client PPPoE Active Discovery (AD) Initiation: PADI Broadcast Packet, optional: Service-Name PPPoE AD Offer: PADO Service-Name, AC-Name If multiple PADO: Choose one PPPoE AD Request: PADR Service-Name, AC-Name PPPoE AD Session Confirmation: PADS Session-ID • PPP Session • PPP Session handshake (LCP), including authentication • IP configuration (IPCP) • IP Session (Payload) Set local IP configuration Authenticate user and authorize session PPPoE AD Termination Can be sent by either side Record accounting data
RADIUS • “Remote Authentication Dial-In User Service” • Central RADIUS Server • Provides authentication service for Network Access Servers (NAS) • NAS: Every device that a user can use to connect to a network, e.g: PPP-AC, WPA access-point, 802.1x switch
PPP Session with RADIUS Client PPP-AC/NAS Auth. Server LCP: Conf Request Auth. Proto: PAP LCP: Conf Ack Auth. Proto: PAP RADIUS: Access Request Username + Password PAP: Auth Request Username + Password • RADIUS: Access Accept • Attributes: • IP Address • …. PAP: Auth Ack Username + Password IPCP: Conf Req. IP: 0.0.0.0 • RADIUS: Accounting Start • Attributes: • IP Address • Session ID • …. IPCP: Conf Reject IP: 1.2.3.4 Write accounting record • RADIUS: Accounting Stop • Attributes: • Session ID • Duration,Traffic Volume • … LCP: Terminate Link Write accounting record
Excurse: Other providers Point of Presence Datacenter Core Network PPP-AC Access Router Phone Exchange Point of Presence Core Network ATM Network PPP-AC DSLAM Core Routers Access Router DSL Router Customer Datacenter Datacenter Modem Splitter Home Network
The smaller picture Phone Network Point of Presence loadgen10X Phone Exchange Point of Presence Core Network ATM Network PPP-AC DSLAM Core Routers Access Router DSL Router Customer Datacenter Datacenter Modem Splitter Home Network
The smaller picture Point of Presence loadgen10X rj1 PPP-AC Access Router DSL Router Customer Datacenter Loadgen103 VLAN 102 Home Network