Skip to content

Instantly share code, notes, and snippets.

@ajithbh

ajithbh/pppoe.txt

Last active December 20, 2015 08:39
Show Gist options
  • Save ajithbh/6102213 to your computer and use it in GitHub Desktop.
Save ajithbh/6102213 to your computer and use it in GitHub Desktop.
Download ZIP
Gist of PPPoE
Raw
pppoe.txt
PPPoE
provides the ability to connect a network of hosts over a simple bridging access device to a remote access concentrator.
Each PPP session must learn the ethernet address of the remote per, as well as establish a unique session identifier.
2 Stages -
1. Discovery stage
2. PPP session stage
Discovery is a client-server relationship
PPP defines a peer-to-peer relationship
In Discovery, a Host (the client) discovers an Access Concentrator (the server).
A network can have multiple Access Concentrators.
Discovery allows host to discover all and select one.
Discovery stage remains stateless until a PPP session is established. Once PPP session is established, both Host and AC MUST allocate the resources for a PPP virtual interface.
Ethernet Frame -
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DESTINATION_ADDR |
| (6 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SOURCE_ADDR |
| (6 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ETHER_TYPE (2 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ ~
~ payload ~
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| CHECKSUM |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ETHER_TYPE
Discovery stage : 0x8863
PPP session stage : 0x8864
DESTINATION_ADDR
Contains either unicast Ethernet destination address or Ethernet broadcast address (0xffff ffff)
For PPP session, MUST contain the peer's unicast address as determined from Discovery.
SOURCE_ADDR
source MAC address.
Ethernet payload for PPPoE
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VER | TYPE | CODE | SESSION_ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LENGTH | payload ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
VER : 0x1
TYPE : 0x1
LENGTH : network byte order, indicates the length of payload, does not include the length of the Ethernet or PPPoE headers.
SESSION_ID : Fixed for a given PPP session
Discovery Stage
Four Steps
1. Host broadcast initiation packet - PPPoE Active Discovery Initiation (PADI)
2. One or more Acces Concentrators sending Offer packets - PPPoE Active Discovery Offer (PADO)
3. Host sending a unicast Session Request packet - PPPoE Active Discovery Request (PADR)
4. Selected Access Concentrator sending a confirmation packet - PPPoE Active Discovery Session-confirmation (PADS)
Termination Step - Either end to other end - PPPoE Active Discovery Termination (PADT)
When Host receives confirmation packet it may proceed to the PPP session stage.
When AC sends confirmation packet it may proceed to the PPP session stage.
in Discovery, PPPoE payload contains zero or more TAGS. A TAG is a Type-Length-Value (TLV) construct
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TAG_TYPE | TAG_LENGTH |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TAG_VALUE ... ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TAG_TYPES TAG_VALUES
0x0000 End-Of-List
0x0101 Service-Name
0x0102 AC-Name
0x0103 Host-Uniq
0x0104 AC-Cookie
0x0105 Vendor-Specific
0x0110 Relay-Session-Id
0x0201 Service-Name-Error
0x0202 AC-System-Error
0x0203 Generic-Error
TAG_LENGTH - Length of TAG_VALUE in Octets
If TAG_TYPE is unknown TAG MUST be ignored
If new TAGs are added version number will be incremented
1 - PPPoE Active Discovery Initiation (PADI)
DESTINATION_ADDR set to broadcast address
CODE is set to 0x09
SESSION_ID MUST be set to 0x0000
contains exactly one TAG of TAG_TYPE Service-Name
Entire PADI packet (including PPPoE header) MUST NOT exceed 1484 octets, to allow relay agent to add a Relay-Session-ID TAG.
2 - PPPoE Active Discovery Offer (PADO)
When AC receives a PADI it can serve, it replies by sending PADO packet.
DESTINATION_ADDR is unicast address of the Host that sent the PADI
CODE field is set to 0x07
SESSION_ID MUST be set to 0x0000
contains one AC-Name TAG, a Service-Name TAG identical to the one in PADI, and any No. of Service-Name TAG's
3 - PPPoE Active Discovery Request (PADR)
Host may receive more than one PADO, it chooses one based on the AC-Name or the Services offered. Host sends one PADR packet to the AC it has chosen.
DESTINATION_ADDR field is set to unicast ethernet address of the AC that sent the PADO.
CODE filed is set to 0x19
SESSION_ID MUST be 0x0000
must contain exactly one TAG of TAG_TYPE Service-Name and any no of other TAG types.
4 - PPPoE Active Discovery Session-Confirmation (PADS)
When AC receives a PADR packet, it prepares to begin a PPP session. It generates a unique SESSION_ID for the PPPoE session and replies to the Host with a PADS packet.
DESTINATION_ADDR is unicast address of the Host that sent the PADR.
CODE field is 0x65
SESSION_ID MUST be set to unique value generated for this PPPoE session.
contains exactly one TAG of TAG_TYPE Service-Name, and any number of other TAG types.
If AC does like the Service-Name in the PADR, it MUST reply with a PADS containing a TAG of TAG_TYPE Service-Name-Error. In this case SESSION_ID MUST be 0x0000
5 - PPPoE Active Discovery Terminate (PADT)
sent any time after PPPoE session is established to indicate the session is Terminated. sent by either Host or AC.
DESTINATION_ADDR is unicast ethernet address of Host or AC
CODE is set to 0xa7
SESSION_ID MUST be set to id of session to be terminated.
No TAGS required.
When PADT is received, no further PPP traffic is allowed to be sent using that session.
Even normal PPP termination must not be sent after sending or receiving a PADT.
A PPP peer SHOULD use the PPP itself to bring down a PPPoE session, but PADT may be used when PPP can not be used.
PPP Session Stage
PPP data is sent as in any other PPP encapsulation. Al ethernet packets are unicast.
ETHER_TYPE set to 0x8864
CODE MUST be 0x00
SESSION_ID MUST NOT change for that session
The PPPoE payload contains a PPP frame.
Frame begins with PPP Protocol-ID.
LCP Considerations
Magic Number LCP configuration option is RECOMMENDED
Protocol Field Compression (PFC) is NOT RECOMMENDED
implementation MUST NOT request any of the following options, and MUST reject request for such.
Field Check Sequence (FCS) Alternatives
Address-and-Control-Field-Compression (ACFC)
Asynchronous-Control-Character-Map (ACCM)
MRU must be negotiated to only sizes < 1492 since max payload in ethernet is 1500 octets
Header 6, protocol id 2 octets.
RECOMMENDED that AC occasionally send Echo-Request packets to Host to determine state of the session.
Otherwise, if the Host terminates a session without sending a Terminate-Request packet, the AC will not be able to determine that the session has gone away.
When LCP terminates, Host and AC MUST stop using that PPPoE session.
If Host wishes to start another PPP session, it MUST return to the PPPoE Discovery stage.
Other Considerations
When host does not receive a PADO packet within a specified amount of time, it SHOULD resend its PADI packet and double the waiting period.
If Host is waiting to receive a PADS packet, a similar timeout mechanism SHOULD be used, with Host resending the PADR.
Security Considerations
to protect against Denial of Service attacks, the AC can employ the AC-Cookie TAG. The AC SHOULD be able to uniquely regenerate the TAG_VALUE based on the PADR SOURCE_ADDR.
AC can ensure that PADI SOURCE_ADDR is indeed reachable and can then limit concurrent sessions for that address.
What algorithm to use for this is not defined in the RFC.
Eg. HMAC over the Host MAC address using a key known only to the AC.
AC-Cookie is only useful against soem DoS attacks, not all.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment