Roadmap WAN Basics Introduction to Point-to-Point protocol (PPP) Three Types of WAN Services Introduction to Point-to-Point protocol (PPP) Basic Components of PPP Frame Formats of PPP General Operation of PPP
Point-to-Point Links Introduction If two devices are directly connected to each other, then they are said to be in point-to-point configuration Point-to-point protocol is a data link layer protocol which is used to control the communication over such links
Point-to-Point Link
An Overview of Wide-Area Services Central Office (CO) CO Basic Telephone Service Time-Division Multiplexed Circuits (56/64 kbps or T1/E1) B C A E X.25/Frame Relay Networks Call Setup (SS7 or other) X.25 / Frame Relay A simplified look inside the WAN cloud The router also uses a WAN central office
WAN Basics Three Major types of WAN Services are: Leased Line Circuit Switching/dial lines Packet Switching
WAN Connection Types Term Description Leased lines A dedicated, always on circuit between two end points. The service provider just passes a constant rate bit stream. Generally is more expensive than packet switching today Circuit switched/dial Provide dedicated bandwidth between two points, but only for the duration of the call. Typically used as a cheaper alternative to leased lines, particularly when connectivity is not needed all the time. Also useful for backup when a leased line or packet-switched service fails Packet-switched Provides virtual circuits between pairs of sites, with contracted traffic rates for each VC. Each site’s physical connectivity consists of a leased line from the site to a device in the provider’s network. Generally cheaper than leased lines.
PPP over the Internet Today, million of Internet users who need to connect their home PCs to the server of an ISP use PPP The Internet needs a PPP for a variety of purposes, including router-to-router traffic (leased line) and home-user to ISP (dial-up) traffic. Majority users have a traditional modem, DSL modem or a cable modem which connects them to the Internet through a Telephone line or a TV cable connection. These lines provide a physical link, but to control and manage the transfer of data, there is a need of PPP For both connections, router-to-router (leased line connections) and home-user to ISP (dial-up connections) some data link protocol is required on the line for: Framing or encapsulation Error control and other data link layer functions
WAN Data-Link Protocols for Point-to-Point Links Leased line Circuit-switched Packet-switched
Definition - PPP PPP is defined in RFC 1661 and further elaborated in later RFCs. It originally emerged as an encapsulation protocol for transporting IP traffic over point-to-point links PPP also established a standard for assigning and managing IP addresses asynchronous and synchronous encapsulation network protocol multiplexing link configuration & link quality testing error detection, option negotiation
PPP Components Main components of PPP include: Encapsulation/Framing Link Control Protocol (LCP) Network Control Protocol (NCP) These components help PPP to define the frame formats to be exchanged, how the 2 devices will negotiate with each other to establish a link and for exchanging the data, how the link is configured and terminated.
1. Encapsulation It is a method for encapsulating datagrams of network layer over serial links A framing mechanism defines the boundaries of the start and end of the PPP frame It also helps in error detection
2. Link Control Protocol LCP is used to establish, configure and test the data link connections Its main purpose is: to bring the lines up test them negotiate options and bringing them gracefully down again when they are no longer needed It supports synchronous and asynchronous circuits LCP configuration options include: Maximum frame size or MTU (maximum transmission unit) Authentication protocol specifications (if any) Options to skip control and address fields of PPP frame PPP negotiates configuration parameters at the start of the connection using LCP.
Protocol Field of PPP Frame
LCP packet encapsulated in a frame
LCP Phase: Common Options Default Maximum receive unit 1500 Authentication protocol None Protocol field compression Off Address and control field compression
Link Control Protocol (LCP) LCP is responsible for establishing, maintaining, configuring, and terminating links. It also provides negotiation mechanisms to set options between the two endpoints. Both endpoints of the link must reach an agreement about the options before the link can be established. When PPP is carrying a LCP packet, it is either in establishing or terminating state No user data is exchanged during this state All LCP packets are carried in the data field of the PPP frame
LCP packets and their codes Packet Type Description 0116 Configure-request Contains the list of proposed options and their values 0216 Configure-ack Accepts all options proposed 0316 Configure-nak Announces that some options are not acceptable 0416 Configure-reject Announces that some options are not recognized 0516 Terminate-request Requests to shut down the line 0616 Terminate-ack Accepts the shut down request 0716 Code-reject Announces an unknown code 0816 Protocol-reject Announces an unknown protocol 0916 Echo-request A type of hello message to check if the other end is alive 0A16 Echo-reply The response to the echo-request message 0B16 Discard-request A request to discard the packet
PPP Authentication…
Authentication Protocols PPP use two authentication protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) PAP sends the username and password in clear text. The user who wants to access a system sends username and password The system checks the validity of the username and password and either accepts or denies connection. For those systems that require greater security, PAP is not enough; a third party with access to the link can easily pick up the password and access the system resources.
Password Authentication Protocol (PAP)
Selecting a PPP Authentication Protocol
Challenge Handshake Authentication Protocol (CHAP) It is a three handshaking authentication protocol that provides greater security that PAP. In this method the password is kept secret, it is never sent online. The system sends to the user a challenge packet containing a challenge value, usually a few byte. The user applies a predefined function (Message Digest-5, one way hash function) that takes the challenge value and the user’s own password and creates a result. The user sends the result in the response packet to the system
CHAP… Challenge Handshake Authentication Protocol (CHAP)… The system does the same. It applies the same function to the password of the user (known to the system) and the challenge value to create a result. If the result created the same as the result in the response packet, access is granted; otherwise it is denied CHAP is more secure than PAP, especially if the system continuously changes the challenge value. Even if the intruder learns the challenge value and the result, the password is still secret.
CHAP…
Selecting a PPP Authentication Protocol
3. Network Control Protocol NCP allows the encapsulation of data coming from the network layer protocols into PPP frame PPP is designed to allow simultaneous use of multiple network layer protocols PPP provides a way to negotiate network layer options independent to the network layer protocol to be used
Network Control Protocol (NCP) After the link is established and authentication (if any) is successful, the connection goes to the networking state. In this state, PPP uses another protocol called Network Control Protocol (NCP). NCP is a set of control protocols to allow the encapsulation of data coming from network layer protocols into PPP frame. PPP requires two parties to negotiate not only at the data link layer, but also at the network layer. Before user data can be sent, a connection must be established at this level. The set of packets that establish and terminate a network layer connection for IP packets is called IP control protocol (IPCP).
PPP- A data link protocol with network layer services Layering PPP Elements PPP- A data link protocol with network layer services
PPP Frame Format
PPP Frame Format (2) Flag Address One byte field It identifies the start and end of the PPP frame Contains the binary sequence: 0111 1110 Address As the PPP is used for point-to-point connections, not for multipoint connections like LANs, it does not assign individual station addresses Uses the standard broadcast address value to avoid data link layer addressing (MAC) It uses the fixed binary sequence: 1111 1111
One may wonder.? As both the address and control fields an currently take only fixed values, one wonders why these fields are even defined in the first place? The PPP specifications as mentioned in RFC 1662 states that other values “may be defined at a later time” Although None has been defined to date
PPP Frame Format (3) Control protocol One byte field It specifies that there is no flow and error control It uses the fixed binary sequence: 0000 0011 protocol Two byte field It tells the PPP receiver the upper layer protocol to which the received encapsulated data belongs Whether the PPP frame carries user data or other information Codes are defined to identify different protocols
Protocol Field Codes Protocol Field Code Protocol Description C02116 LCP C02316 PAP (for authentication) C22316 CHAP (for authentication) 802116 NCP IPCP (IP Datagram for Data)
PPP Frame Format (4) Protocol … It indicates the protocol encapsulated in the data field of PPP frame e.g. LCP When PPP is carrying a LCP packet, it is either in establishing or terminating state No user data is exchanged during this state Authentication protocol These protocols are used for authentication
PPP Frame Format (5) Protocol … NCP It allows network layer data encapsulation into PPP frames User data is exchanged during this state Thus PPP is a multi-protocol framing method suitable for use over modems
PPP Frame Format (6) Data FCS Maximum 1500 bytes Contains the datagrams for protocol specified in the protocol field FCS 2 byte or 4 byte field Used for error detection using CRC code
General Operation of PPP Let us see how the three components of PPP fit together i.e. Encapsulation LCP NCP
PPP – A scenario
A typical Scenario (1) A typical scenario of a home user calling an ISP P.C calls the ISP router via modem After receiving the answer, the physical connection is established between two modems PC sends the router a series of LCP packets in the data portion of PPP frames to configure and (optionally) test the data link connection 4. These LCP packets and their responses select the PPP parameters to be used 5. Then a series of NCP packets are used to configure network layer . 6. NCP frames are used to choose and configure one or more network layer protocols
A typical Scenario … (2) 7. Typically, a PC wants to run a TCP/IP protocol stack, so it needs an IP address 8. ISPs keep a block of IP addresses to be assigned dynamically to each newly attached PC for the duration of its login session 9. The NCP for IP assigns the IP address 10. At this point the PC is now an Internet host and can send and receive IP packets 11. The link will remain configure for communication until explicit LCP or NCP frames close the link or some external event (inactivity timer expires etc.)
A typical Scenario … (3) 12. When the user is finished, the NCP tears down the network layer connection, and frees up the IP address 13. Then LCP shut down the data link layer connection 14. Finally the computer tell the modem to hang-up the phone, releasing the physical connection.
Simplified PPP Phase Diagram
PPP Features/Services Main services of PPP include: Encapsulation/Framing Error Detection and Correction Support Multiple Network Layer Protocols Authentication Link Establishment, Termination, and Maintenance
PPP Services… Encapsulation/Framing The PPP protocol take a network layer packet and Encapsulate it within the PPP data link layer frame such that the receiver will be able to identify the start and end of the both data link frame and network layer packet within the frame.
PPP Services… Error Detection and Correction All data link protocols like PPP and HDLC perform error detection. All these protocols use a field in the trailer usually called frame check sequence (FCS), FCS verifies whether bit errors occurred during transmission of the frame, if so frame is discarded. Error recovery is the process that causes retransmission of lost or erred frames. PPP can perform error correction but by default it is not enabled.
PPP Services… Support Multiple Network Layer Protocols Authentication PPP supports multiple protocol suites like TCP/IP (IP), Novell’s (IPS), Appletalk etc running over same physical link at the same time. PPP multiplex different network layer protocols over a single point-to-point connection Authentication PPP defines how two devices can authenticate each other. PPP is designed for use over dial-up links where verification of user identify is necessary. Authentication means validating the identity of a user who needs to access a set of resources IT-5302-3 Internet Architecture and Protocols, PUCIT, University of the Punjab, Pakistan
PPP Services… Link Establishment, Termination, and Maintenance PPP defines how two devices can negotiate the establishment of a link, the exchange of data, and termination of a link.
Phases of PPP Connection… A PPP connection goes through different phases which are shown in transition state. Idle State Establishing State Authenticating State Networking State Terminating State
Phases of PPP Connection… Idle State The idle state means that the link is not being used. There is no active carrier, and the link is quiet. Establishing State When one of the endpoints starts the communication, the connection goes into establishing state. In this state, options are negotiated between two parties. If the negotiation is successful, the system goes to the authenticating state (if authentication is required) or directly to the networking state. The Link Control Protocol packets are used for this purpose. Several packets may exchanged during this phase.
Phases of PPP Connection… Authenticating State The authenticating state is optional. The two endpoints may decide, during the establishing state, not to go through this state. However, if they decide to proceed with authentication, they send several authentication packets. If the result is successful, the connection goes to the networking state; otherwise it goes to the terminating state. Networking State The networking state is heart of the transition states. When a connection reaches this state, the exchange of user control and data packets can be started. The connection remains in this state until one of the endpoints wants to terminate the connection.
Phases of PPP Connection… Terminating State When the connection is in the terminating state, several packets are exchanged between the two endpoints for closing the link.
HDLC vs. PPP High Level Data Link Control Protocol It is both point to point and multipoint protocol It delivers data on synchronous links only It provides error detection but does not provide error correction It does not have protocol type field, so it does not support multiple protocols Point to Point Protocol It point to point protocol It delivers data on both synchronous and asynchronous links It provides both error detection and error correction It has a protocol type field so it supports multiple protocols
SLIP vs. PPP Serial Line Internet Protocol Point-to-Point Protocol Older protocol Require no addressing No authentication No error checking Supports only IP No compression is supported in original Version Point-to-Point Protocol New protocol Supports dynamic IP address assignment LCP Error checking NCP , Carries multiple protocols: IP, IPX, AppleTalk, NetBIOS Inherently supports compression
PPP Automatic Login PPP provides two methods with which logins can be automated – PAP (Password Authentication Protocol) CHAP (Challenge-Handshake Authentication Protocol). Both provide the means for your system to automatically send your login userid/password information to the remote system.
PPP LCP Configuration Options Feature How It Operates Protocol Require a password PAP Authentication Perform Challenge Handshake CHAP Compress data at source; reproduce data at destination Stacker or Predictor Compression Purpose: The figure presents an overview of the most popular PPP features. Emphasize: The table in the figure lists and describes the various LCP options. PPP compression is offered in Cisco’s Compression Control Protocol (CCP). RFC 1548 covers the Internet Engineering Task Force (IETF) approved PPP options in detail. RFC 1717 defines Multilink Protocol. RFC 1990, The PPP Multilink Protocol (MP), obsoletes RFC 1717. Note: To further enhance security, Cisco IOS Release 11.1 offers callback over PPP. With this LCP option, a Cisco router can act as a callback client or as a callback server. The client makes the initial DDR call requests that it be called back, and terminates its initial call. The callback server answers the initial call and makes the return call to the client based on its configuration statements. This option is described in RFC 1570. Reference: Students will only learn how to configure PAP and CHAP authentication in this course. To learn how to configure the other LCP options, students should attend the Building Cisco Remote Access (BCRAN) course. Error Detection Monitor data dropped on link Quality Magic Number Avoid frame looping Load balancing across multiple links Multilink Protocol (MP) Multilink
Sample pap/chap configuration hostname RouterA hostname RouterB username RouterB password mustmat username RouterA password mustmat ppp encapsulation ppp encapsulation ppp authentication pap ppp authentication pap PSTN/ISDN RouterA RouterB “RouterA, mustmat” Accept
Verifying PPP P1R1#show interfaces s1 Serial1 is up, line protocol is up Hardware is HD64570 Internet address is 10.1.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open Open: IPCP, CDP, ATALKCP, IPXCP Last input 00:00:04, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/64/0 (size/threshold/drops) Conversations 0/4 (active/max active) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 51938 packets input, 1634908 bytes, 0 no buffer --More--
References Computer Networks CCNA ICND Exam Study Guide 4th Edition, Chapter 3, Andrew S. Tanenbaum CCNA ICND Exam Study Guide 9th Chapter, Cisco Press 2004 Computer Networking; A Top Down Approach Featuring the Internet 3rd Edition: Chapter 5, Jim Kurose and Keith Ross Data Communications and Networking 3rd Edition, Behrouz A. Forouzan