Point-to-Point Access: PPP
In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by the two devices at any time. We refer to this type of access as point-to-point access. In the second case, the link is shared between pairs of devices that need to use the link. We refer to this type of access as multiple access. One of the most common protocols for point-to-point access is the Point-to-Point Protocol (PPP).
PPP services It defines the format of the frame to be exchanged between devices. It defines how two devices can negotiate the establishment of the link and the exchanged of data. It defines how network layer data are encapsulated in the data link frame. It defines how two devices can authenticate each other.
PPP FRAME
Flag field. The flag fields identify the boundaries of a PPP frame. Its value is Address field. Because PPP is used for a point-to-point connection, it uses the broadcast address of HDCL, , to avoid a data link address in the protocol. Control field. The control field uses the format of the U- frame in HDCL. See pages Protocol field. The protocol field defines what is being carried in the data field: user data or other information. Data field. This field carries either the user data or other information. Frame check sequence (FCS) field. This field is used for error detection.
Transition states A PPP connection goes through different phases called transition sates.
Transition States Idle state. The idle state means that the link is not being used. There is no active carrier, and the line is quiet. Establishing link. When one of the end point starts the communication, the connection goes into the establishing state. In this state, options are negotiated between the two parties. If the negotiation is successful, the system goes to the authenticating state (if authentication is required) or directly to the networking state. Authenticating state. The authenticating state is optional. If the result is successful, the connection goes to the networking state; otherwise, it goes to the terminating state.
Transition States Networking State. When a connection reaches this state, the exchange of user control and data packets can be started. The connection remains in this state until one of the endpoints wants to terminate the connection. Terminating state. When the connection is in the terminating state, several packets are exchanged between the two ends for house cleaning and closing the link.
PPP Stack PPP is a data-link layer protocol, PPP uses a stack of other protocols to establish the link, to authenticate the parties involved, and to carry the network layer data. Three sets of protocols are used by PPP: Link control protocol, authentication protocols, and network control protocol.
Protocol stack
Link Control Protocol (LCP) It is responsible for establishing, maintaining, configuring, and terminating links. It also provides negotiation mechanisms to set options between endpoints. Both endpoints of the link must reach an agreement about the options before the link can be established. When PPP is carrying an LCP packet, it is either in the establishing state or in the terminating state. All LCP packets are carried in the data field of the PPP frame. What defines the frame as one carrying an LCP packet is the value of the protocol field, which is set to C021 (base 16).
LCP packet encapsulated in a frame
Link Control Protocol (LCP) Code. This field defines the type of LCP packet. ID. This field holds a value used to match a request with reply. One endpoint inserts a value in this field, which will be copied in the reply packet. Length. This field defines the length of the entire LCP packet. Information. This field contains extra information needed for some LCP packets.
Link Control Protocol (LCP) Configuration packets are used to negotiate the options between the two ends. There are four different types of packets for this purpose: configure-request, configure- ack, configure-nak, and configure-reject. Link termination packets. The link termination packets are used to disconnect the link between two endpoints. There are two types: terminate-request and terminate- ack. Link monitoring and debugging packets. These packets are used for monitoring and debugging the link. There are five types: code-reject, protocol-reject, echo- reply, discard-request.
LCP packets and their codes CodePacket TypeDescription Configure-request Contains the list of proposed options and their values Configure-ack Accepts all options proposed Configure-nak Announces that some options are not acceptable Configure-reject Announces that some options are not recognized Terminate-request Requests to shut down the line Terminate-ack Accepts the shut down request Code-reject Announces an unknown code Protocol-reject Announces an unknown protocol Echo-request A type of hello message to check if the other end is alive 0A 16 Echo-reply The response to the echo-request message 0B 16 Discard-request A request to discard the packet
Authentication Protocols Authentication plays a very important role in PPP because PPP is designed for use over dial-up links where verification of user identity is necessary. Authentication means validating the identity of a user who needs to access a set of resources. PPP uses two protocols for authentication: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP)
PAP The PAP is a simple authentication procedure with two steps: 1. The user who wants to access a system sends an ID (identification) and a password. 2. The system checks the validity of the identification and password and either accepts or denies a connection. For those systems that require greater security, PAP is not enough. A third party with access to the link can easily pick up the password and access the system resources.
PAP
PAP packets
CHAP The CHAP protocol is a three-way handshaking authentication protocol that provides greater security than PAP. In this method, the password is kept secret; it is never sent on-line. Steps The system sends to the user a challenge packet containing a challenge value, usually a few bytes. The user applies a predefined function that takes the challenge value and the user’s own password and creates a result. The user sends the result in the response packet to the system.
CHAP The system does the same. It applies the same function to the password of the user and the challenge value to create a result. If the result created is the same as the result sent in the response packet, access is granted; otherwise, it is denied.
CHAP
CHAP packets
Network Control Protocol (NCP) After the link is established and authentication (if any) is successful, the connection goes on the networking state. NCP is a set of control protocols to allow the encapsulation of data coming from network layer protocols into the PPP frame. The set of packets that establish and terminate a network layer connection is called Internetwork Protocol Control Protocol (IPCP).
IPCP packet encapsulated in PPP frame
Table 12.3 Code value for IPCP packets CodeIPCP Packet 01Configure-request 02Configure-ack 03Configure-nak 04Configure-reject 05Terminate-request 06Terminate-ack 07Code-reject
An example