Point to Point Protocol (PPP) - Katedra informatiky, FEI ... · Point to Point Protocol (PPP) ......

© 2005 Petr Grygarek, Advanced Computer Networks Technologies 1

Point to Point ProtocolPoint to Point Protocol(PPP)(PPP)

Petr GrygPetr Grygáárekrek

2© 2005 Petr Grygarek, Advanced Computer Networks Technologies

Basic characteristicsBasic characteristics• Layer 2 encapsulation common on WAN links

• Permanent• Synchronous serial leased lines (various physical interfaces)• Router-to-router

• Dial-up• Host-to network (user to ISP)

• hunting groups commonly used at ISP site• dialup backup lines (POTS, ISDN)

• Can operate on both async and sync lines (full duplex)• Fully standardized (RFCs), interoperable• Extensible technology

• provides a lot of additional (optional) features


PPP FramePPP Frame• Similar toSimilar to HDLC (U HDLC (Unnumbered framesnnumbered frames):):

Flag(1),Address(1),Control(1),Protocol(2),Data(Flag(1),Address(1),Control(1),Protocol(2),Data(<<1500),FCS(2/41500),FCS(2/4)),Flag(1),Flag(1)

• Flag:Flag:on sync lines 01111110 (+ bit stuffing)on sync lines 01111110 (+ bit stuffing)on async lines reserved character 7Eh (+ ESC sequences)on async lines reserved character 7Eh (+ ESC sequences)

• AdAddressdress: : alwaysalways broadcast (11111111) broadcast (11111111)• Control: 3 (HDLC Control: 3 (HDLC frame type frame type Unnumbered)Unnumbered)• Protocol: Specifies layer 3 protocolProtocol: Specifies layer 3 protocol

• PPP may carry multiple L3 protocols simultaneously PPP may carry multiple L3 protocols simultaneously • compare with SLIP or nonstandard L3 encapsulations in HDLCcompare with SLIP or nonstandard L3 encapsulations in HDLC

• Address and Control fields carry fixed information – can be compressed if Address and Control fields carry fixed information – can be compressed if both sides negotiate to do thatboth sides negotiate to do that

• Frame format can vary according to options negotiated using LCPFrame format can vary according to options negotiated using LCP• (FCS,(FCS, length, length, MTU MTU, …, …))


PPP ArchitecturePPP Architecture


Link Control Protocol (LCP)Link Control Protocol (LCP)Handles features common for all network layer protocolsHandles features common for all network layer protocols• (Logical) link open and termination(Logical) link open and termination

• Logical link termination announced to physical layer Logical link termination announced to physical layer ==> physical connection > physical connection teardownteardown

• AutAuthentication hentication (one-way, two-way)(one-way, two-way)• Error rate testing (optional)Error rate testing (optional)

• Numbers of bytes transmitted/received exchanged between both sidesNumbers of bytes transmitted/received exchanged between both sides• Link termination in case of poor link qualityLink termination in case of poor link quality

• Routing algorithm may find alternative (more reliable) pathRouting algorithm may find alternative (more reliable) path• Takes place before NCP negotiation startsTakes place before NCP negotiation starts

• LLoopbackoopback detection detection• Device hears it’s own Device hears it’s own magic number magic number inin LCP LCP frames frames

• Negotiation of additional optional features and it’s parameters:Negotiation of additional optional features and it’s parameters:compressioncompression, callback, multilink, ..., callback, multilink, ...

Carried in standard PPP frames (protocol type 0xc021)Carried in standard PPP frames (protocol type 0xc021)


LCP frameLCP frameCarried in PPP frame (protocol type 0xc021)Carried in PPP frame (protocol type 0xc021)• CodeCode

• Configure-request, Configure-Ack, Configure-NakConfigure-request, Configure-Ack, Configure-Nak• Terminate-Request, terminate-AckTerminate-Request, terminate-Ack• Echo-request, Echo-replyEcho-request, Echo-reply• ……

• IDID• allows to match replies with requestsallows to match replies with requests

• Length – total options lengthLength – total options length• OptionsOptions

• <option_code, length, data> triples<option_code, length, data> triples• option_code examples:option_code examples:

Maximum_receive_unit, Authentication_protocol, Maximum_receive_unit, Authentication_protocol, Address_amd_Control_Compression, …Address_amd_Control_Compression, …


Network Control Protocol (NCP)Network Control Protocol (NCP)• Whole protocol suiteWhole protocol suite

• Every network protocol has it’s own associated NCP protocolEvery network protocol has it’s own associated NCP protocol• IPCP IPCP for IPfor IP• IPXCP IPXCP forfor IPX IPX • ……

• Supports negotiation of parameters specific for individual network layer Supports negotiation of parameters specific for individual network layer protocolsprotocols

• Link must be explicitly open/closed for every network protocol in useLink must be explicitly open/closed for every network protocol in use

• Control protocols for negotiation of various link options also existsControl protocols for negotiation of various link options also exists• e.g. e.g. CCP-Compression Control ProtocolCCP-Compression Control Protocol

• Every specific NCP protocol is described in separate RFCEvery specific NCP protocol is described in separate RFC


IPCPIPCP

• NCP NCP forfor IP IP• Supports assignment of the IP address to the Supports assignment of the IP address to the

remote device (client)remote device (client)• fixed address, address from pool, address from fixed address, address from pool, address from

DHCP server, prompt user for IP addressDHCP server, prompt user for IP address

• Support for Support for Van JacobsonVan Jacobson TCP header TCP header compression negotiationcompression negotiation• active negotiation / passive supportactive negotiation / passive support


Common LCP additional featuresCommon LCP additional features

• AuthenticationAuthentication• CallbackCallback• CompressionCompression• MultilinkMultilink


AuthenticationAuthentication• each side tries to negotiate preferred each side tries to negotiate preferred

authentication algorithmauthentication algorithm• may offer multiple algorithms in decreasing may offer multiple algorithms in decreasing

preference orderpreference order• PAP and CHAP are most commonPAP and CHAP are most common

• authenticates users or neighboring devicesauthenticates users or neighboring devices• one-way or mutual authenticationone-way or mutual authentication• required for some optional featuresrequired for some optional features

• (e.g. callback)(e.g. callback)


Password Authentication Protocol Password Authentication Protocol (PAP)(PAP)


CHallenge Authentication Protocol CHallenge Authentication Protocol (CHAP)(CHAP)

• Both sides use the same secred password and (publicly Both sides use the same secred password and (publicly known) hash function to transform known) hash function to transform (challenge_string+password) to hash value(challenge_string+password) to hash value


Example: Example: Cisco CHAP implementationCisco CHAP implementation

• username corresponds to remote side’s nameusername corresponds to remote side’s name• passwords must be the same on both sidespasswords must be the same on both sides


CHAP advantagesCHAP advantages

• password never sent over the network as password never sent over the network as cleartextcleartext

• authentication requests controlled by serverauthentication requests controlled by server• server may request periodic re-authenticationserver may request periodic re-authentication• more resistant against brute-force attacksmore resistant against brute-force attacks


Terminal dialogTerminal dialog

• used on async linesused on async lines• text-oriented interactive dialog (prompt for text-oriented interactive dialog (prompt for

username and password) before PPP frame username and password) before PPP frame interchange startsinterchange starts• after successful authentication, NAS starts PPP after successful authentication, NAS starts PPP

process for authenticated lineprocess for authenticated line

• can be automated using Chat scriptscan be automated using Chat scripts


Authentication servers (protocols)Authentication servers (protocols)

• Centralized user database common for many Centralized user database common for many NASsNASs

• TACACS (TCP)TACACS (TCP)• supports also authorization and accountingsupports also authorization and accounting

• RADIUS (UDP)RADIUS (UDP)• also supports accountingalso supports accounting


CallbackCallback• Callback serverCallback server

• typically corporate terminal server (network access server, NAS)typically corporate terminal server (network access server, NAS)• Callback clientCallback client

• typically corporate employeetypically corporate employee• Fees for Telco paid by corporationFees for Telco paid by corporation• Client authentication is mandatoryClient authentication is mandatory

• only listed users are allowed to request callbackonly listed users are allowed to request callback• If nonlisted user requires callback, server can ignore request or hang upIf nonlisted user requires callback, server can ignore request or hang up

• client may optionally pass number to call back to the server (LCP option)client may optionally pass number to call back to the server (LCP option)• server can use number preconfigured for (an authenticated) userserver can use number preconfigured for (an authenticated) user

• After client initiates call and waits for callback, packets for server After client initiates call and waits for callback, packets for server side are stored to hold queueside are stored to hold queue

• Callback connection are also authenticatedCallback connection are also authenticated


CompressionCompression• Multiple compression algorithms supportedMultiple compression algorithms supported

• commonly Stacker, Predictor, and Microsoft Point to Point commonly Stacker, Predictor, and Microsoft Point to Point Compression (MPPC)Compression (MPPC)• some require more CPU cycles, others more memorysome require more CPU cycles, others more memory

• negotiated using Compression Control Protocol (CCP)negotiated using Compression Control Protocol (CCP)• compression by software or special hardware modulecompression by software or special hardware module

• Not recommended on fast linksNot recommended on fast links• CPU time required will not leverage bandwidth savedCPU time required will not leverage bandwidth saved

• Real compression ratios should be checked at runtimeReal compression ratios should be checked at runtime• problem if data are already compressedproblem if data are already compressed• 2:1 or 3:1 compression ratios are considered reasonable2:1 or 3:1 compression ratios are considered reasonable

• Check for CPU load ! Check for CPU load ! • Cisco recommendation: should be <65%Cisco recommendation: should be <65%


Compression typesCompression types• Link compression (including header)Link compression (including header)

• applicable only on point-to-point linksapplicable only on point-to-point links• not applicable on switching infrastructure like Frame Relay, which not applicable on switching infrastructure like Frame Relay, which

uses frame headers for switching decisionsuses frame headers for switching decisions

• Payload compression (payload only)Payload compression (payload only)• Hop-by-Hop, End-to-EndHop-by-Hop, End-to-End• TCP header compression (Van Jacobson, RFC 1144)TCP header compression (Van Jacobson, RFC 1144)

• effective for interactive applications with short TCP segments effective for interactive applications with short TCP segments (Telnet etc.)(Telnet etc.)

• stateful – every connection is assigned an unique IDstateful – every connection is assigned an unique ID• no more than 255 sessions are supportedno more than 255 sessions are supported• not suitable for backbone linksnot suitable for backbone links

• Sends only changed TCP header fields and bitmap identifying Sends only changed TCP header fields and bitmap identifying these changed fieldsthese changed fields


PPP MultilinkPPP Multilink

• RFC 1717,1990 RFC 1717,1990 • for environments with variable bandwidth requirementsfor environments with variable bandwidth requirements• dynamically allocates/deallocates bearer channels according to dynamically allocates/deallocates bearer channels according to

current transfer ratecurrent transfer rate• (channel bundling)(channel bundling)• based on load thresholdsbased on load thresholds

• negotiated using LCPnegotiated using LCP• utilizesutilizes PPP PPP frame fragmentationframe fragmentation

• frame fragments transmitted in parallelframe fragments transmitted in parallel• lower latencylower latency

• Sometimes utilized on parallel permanent links to improve QoS Sometimes utilized on parallel permanent links to improve QoS (latency)(latency)

Point to Point Protocol (PPP) - Katedra informatiky, FEI ... · Point to Point Protocol (PPP) ......

Documents

Transcript of Point to Point Protocol (PPP) - Katedra informatiky, FEI ... · Point to Point Protocol (PPP) ......