PPPoE and TCP/IP protocol stack
应用层 FTP SMTP HTTP DNS
传输层 TCP UDP
网络层 IP IPv6
网络访问 PPP
PPPoE
Ethernet

PPPoE(Point-to-Point Protocol over Ethernet), 以太网上的点对点协议, is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It is used mainly with ADSL services where individual users connect to the ADSL transceiver (modem) over Ethernet and in plain Metro Ethernet networks. It was developed by UUNET, Redback Networks, and RouterWare and is available as an informational RFC 2516.

PPPoE(Point-to-Point Protocol over Ethernet),以太网上的点对点协议,是将点对点协议(PPP)封装在以太网(Ethernet)框架中的一种网络协议。主要用于有线电视调制解调器(cable modem)和数字用户线路(DSL)服务程序。它提供标准PPP特征例如身份验证加密、以及压缩

本质上,它是一个允许在两个以太网端口连接上建立IP层的隧道协议,但是有PPP的软件特征,所以它被用于对另一部以太网机器进行虚拟“拨号”,并且和这台机器进行“串行”连接,此连接被用于传输基于PPP特征的IP包。

它使用传统的基于PPP的软件来管理一个不是使用串行线路而是使用类似于以太网的有向分组网络的连接。这种有登陆和口令的标准连接,方便了因特网连接的纪录。并且,连接的另一端仅当PPPoE连接打开时才分配IP地址,所以这里允许IP地址的动态复用。

PPPoE是由UUNET、Redback Networks和RouterWare所开发的。发表于RFC 2516说明中。

Ethernet networks are packet-based and have no concept of a connection or circuit and also lack basic security features to protect against IP and MAC conflicts and rogue DHCP servers. By using PPPoE, users can virtually "dial" from one machine to another over an Ethernet network, establish a point to point connection between them and then securely transport data packets over the connection.

Why PPPoE

Traditional Internet access methods like dial-up were so slow that host computers were connected to the dial-up modem at the customer premises over slow serial ports. PPP was designed to run directly over these serial links. But with the advent of broadband internet access technologies such as ADSL and cable modems, there was a considerable increase in the bandwidth delivered to the end users. This meant that the host computers at the customer's premises were connected to the ADSL or cable modem over a much faster medium such as Ethernet. It also meant that multiple hosts could connect to the Internet through a single access device, which alone had the actual Internet connection, in the form of a WAN link. The simplest and most cost-effective method to connect multiple machines together is Ethernet. Hence typical scenarios involved multiple host PCs connected to each other and to an Internet access device by Ethernet.

Unfortunately Ethernet networks are not connection-oriented and lack the basic features provided by the original PPP protocol - such as user authentication, per-user service/control, usage metering, billing, etc. Once the packets from different users reached the access device, they were sent out on the single WAN link and individual user information was lost. It would have been possible to build a protocol newly on top of Ethernet, but then the Access device would have become very complex as it maintains all user information. Instead, running PPP over Ethernet in the host PCs itself was much simpler and just required updating the software in the PC. The PPPoE session terminates at the service provider's equipment thus giving complete control to the service provider. Hence PPPoE was devised to achieve the best of both worlds - the ability to connect a network of hosts to a service provider at higher speeds, and the use of an existing connection mechanism for establishing sessions while presenting a familiar user interface. A RADIUS server is commonly responsible for handling these.

How PPPoE fits in

This figure shows how PPPoE fits into the ADSL broadband internet access architecture.

ADSL internet access architecture
Host PC Remote access server
IP IP
PPP PPP
PPPoE ADSL modem PPPoE
Ethernet Ethernet Ethernet Ethernet
ATM DSLAM ATM
ADSL ADSL SDH SDH

The transport protocol used inside the telephone network is still Asynchronous Transfer Mode (ATM). Hence the PPPoE packets must be encapsulated inside ATM frames while entering the telephone network at the Wide area network (WAN) end of the ADSL modem. One way of doing this is to bridge the Ethernet packets containing the PPPoE packets over ATM, using the mechanism specified in RFC 2684; this is sometimes called PPPoEoE (PPP-over-Ethernet-over-Ethernet). Another is to directly encapsulate the PPPoE packets inside ATM AAL5 frames using RFC 2684 and SNAP encapsulation of PPPoE; this is termed PPPoEoA (PPP-over-Ethernet-over-ATM).

PPPoE stages

The PPPoE has two distinct stages:

PPPoE discovery

Since traditional PPP connections are established between two end points over a serial link or over an ATM virtual circuit that has already been established during dial-up, all PPP frames sent on the wire are sure to reach the other end. But Ethernet networks are multi-access where each node in the network can access every other node. Ethernet packets contain the hardware address of the destination node (MAC address) encoded in the packet. This helps the packet reach the intended destination.

Hence before exchanging PPP control packets to establish the connection over Ethernet, the MAC address of the two end points should be known to each other so that they can be encoded in these control packets. The PPPoE Discovery stage does exactly this. In addition it also helps establish a Session Id that can be used for further exchange of packets.

PPP session

Once the MAC address of the peer is known and a session has been established, the two end points have all the information needed to start building a point-to-point connection over Ethernet and exchange packets over the connection. This next stage after Discovery is called the Session stage.

PPPoE Discovery (PPPoED)

Although traditional PPP is a peer-to-peer protocol, PPPoE is inherently a client-server relationship since multiple hosts can connect to a service provider over a single physical connection.

The Discovery process consists of four steps between the host computer which acts as the client and the access concentrator at the internet service provider's end. They are outlined below. The fifth and last step is the way to close an existing session.

PADI

PADI stands for PPPoE Active Discovery Initiation.
If a user wants to dial up to the Internet using DSL, then his computer first must find the DSL access concentrator (DSL-AC) at the user's Internet service provider's point of presence (POP). Communication over Ethernet is only possible via MAC addresses. As the computer does not know the MAC address of the DSL-AC, it sends out a PADI packet via an Ethernet broadcast (MAC: ff:ff:ff:ff:ff:ff). This PADI packet contains the MAC address of the computer sending it.

Example of a PADI-packet:

Frame 1 (44 bytes on wire, 44 bytes captured)
Ethernet II, Src: 00:50:da:42:d7:df, Dst: ff:ff:ff:ff:ff:ff 
PPP-over-Ethernet Discovery
  Version: 1 
  Type 1
  Code Active Discovery Initiation (PADI)
  Session ID: 0000
  Payload Length: 24
PPPoE Tags
  Tag: Service-Name 
  Tag: Host-Uniq
    Binary Data: (16 bytes)

Src. (=source) holds the MAC address of the computer sending the PADI.
Dst. (=destination) is the Ethernet broadcast address.
The PADI packet can be received by more than one DSL-AC.

PADO

PADO stands for PPPoE Active Discovery Offer.
Once the user's computer has sent the PADI packet, the DSL-AC replies with a PADO packet, using the MAC address supplied in the PADI. The PADO packet contains the MAC address of the DSL-AC, its name (e.g. LEIX11-erx for the T-Com DSL-AC in Leipzig) and the name of the service. If more than one POP's DSL-AC replies with a PADO packet, the user's computer selects the DSL-AC for a particular POP using the supplied name or service.

Here is an example of a PADO packet:

Frame 2 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:0e:40:7b:f3:8a, Dst: 00:50:da:42:d7:df 
PPP-over-Ethernet Discovery
  Version: 1 
  Type 1
  Code Active Discovery Offer (PADO)
  Session ID: 0000
  Payload Length: 36
PPPoE Tags
  Tag: AC-Name
    String Data: IpzbrOOl 
  Tag: Host-Uniq
    Binary Data: (16 bytes)

AC-Name -> String data holds the AC name, in this case “Ipzbr001” (the Arcor DSL-AC in Leipzig)
Src. holds the MAC address of the DSL-AC.
The MAC address of the DSL-AC also reveals the manufacturer of the DSL-AC (in this case Nortel Networks).

PADR

PADR stands for PPPoE Active Discovery Request.
As said above, the computer has to select a POP – it does this using the PADR packet, which is sent to the MAC address of the selected POP's DSL.

PADS

PADS stands for PPPoE Active Discovery Session-confirmation.
The PADR packet above is confirmed by the DSL-AC with a PADS packet, and a Session ID is given out with it. The connection with the DSL-AC for that POP has now been fully established.

PADT

PADT stands for PPPoE Active Discovery Termination.
This packet terminates the connection to the POP. It may be sent from either the user's computer or from the DSL-AC.

Quirks

Since the point to point connection established has an MTU lower than that of standard Ethernet (typically 1492 vs Ethernet's 1500), it can sometimes cause problems when Path MTU discovery is defeated by poorly configured firewalls.

Some vendors (Cisco and Juniper, for example) refer to PPPoEoE (PPPoE over Ethernet), which is PPPoE running directly over Ethernet or other IEEE 802 networks or over Ethernet bridged over ATM, in order to distinguish it from PPPoEoA (PPPoE over ATM), which is PPPoE running over an ATM virtual circuit using RFC 2684 and SNAP encapsulation of PPPoE. (PPPoEoA is not the same as Point-to-Point Protocol over ATM (PPPoA), which doesn't use SNAP).

See also

  • RFC 2516 - A Method for Transmitting PPP Over Ethernet (PPPoE)
  • RFC 3817 - Layer 2 Tunneling Protocol (L2TP) Active Discovery Relay for PPP over Ethernet (PPPoE)
  • Carrick Solutions PPPoE FAQ Largest FAQ Site for all PPPoE Related Items
  • RP-PPPoE - GPL PPPoE implementation
  • pfSense Open source firewall with PPPoE Server

de:PPP over Ethernet et:PPPoE es:PPPoE fr:PPPoE ko:PPPoE it:PPPoE pl:PPPoE pt:PPPoE ro:PPPoE ru:PPPoE fi:PPPoE sv:Pppoe uk:PPPoE zh:PPPoE





---------------

de:PPP over Ethernet en:Point-to-Point Protocol over Ethernet es:PPPoE et:PPPoE fi:PPPoE fr:PPPoE it:PPPoE ko:PPPoE pl:PPPoE pt:PPPoE ro:PPPoE ru:PPPoE sv:Pppoe uk:PPPoE