PPPoX -A Technology Primer

Agenda
\/

Introduction


\/

History

\/

Point to Point Protocol


The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components:
  1. A method for encapsulating multi-protocol datagrams.
  2. A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection.
  3. A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols.
PPP has support for:
\/

Phases of PPP



Fig1. PPP Phases

Capture of PPPoE Session (Summary)
\/

Types of Authentication

Password Authentication Protocol (PAP )
PAP works basically the same way as the normal login procedure. The client authenticates itself by sending a user name and an (optionally encrypted) password to the server, which the server compares to its secrets database. This technique is vulnerable to eavesdroppers who may try to obtain the password by listening in on the serial line, and to repeated trial and error attacks.

Fig. 2 PAP

Challenge Handshake Authentication Protocol (CHAP)
The authenticator (i.e. the server) sends a randomly generated ``challenge'' string to the client, along with its hostname. The client uses the hostname to look up the appropriate secret, combines it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the client's hostname. The server now performs the same computation, and acknowledges the client if it arrives at the same result.

Fig.3 CHAP
\/

New Use of PPP


\/

Types of PPP in Broadband


PPPoA

Fig. 4 PPPoA

PPPoEoA

Fig. 5 PPPoEoA


\/

Testing PPPoX

Service providers are all anxious to sell broadband Internet services. However, like all service provider business models, broadband services will only be financially successful if they can be deployed and accepted on a very large scale. Thousands of customers must be serviced at a single POP and expensive networking equipment must be amortized over tens of thousands (maybe even millions) of subscribers.
Network equipment manufacturers are consistently developing larger and more scalable equipment. Manufacturers are “leapfrogging” each other in a game of numbers – each claiming to support more subscribers on a single port or greater density within a single chassis. In fact, some vendors are now claiming to support more than 100,000 simultaneous PPPoE sessions or Subscribers on a single aggregation device.

The diagram shows test for a typical network equipment manufacturer. In this example, the manufacturer wants to test approximately 100,000 concurrent PPPoA sessions on a single  device, and run data and LCP Hellos (a.k.a. keep-alives) simultaneously on all of the sessions. Spirent’s AX/4000 PPPoX Emulation Suite allows the user to create 32000 sessions per port supporting ATM OC-3c, ATM OC-12c, Gigabit, and 10/100 Ethernet. This solution supports line rate data on each session with keep-alives and many other extensive features.

\/

Understanding how the Cisco Terminates PPPoE

  1. The Cisco initiates a Virtual Access interface (based on the Virtutal-Template configured) upon receipt of a PPPoE Discovery Initiaition (PADI). The Cisco will report (on the console) Interface Virtual-Access3, changed state to up
  2. Upon sucessful authentications, the Cisco will report (again on the console): Line protocol on Interface Virtual-Access3, changed state to up
  3. The Data Path follows as shown in figure 7.

Fig. 7
Capture of PPPoE Session

References


Craig Miller    January 2003