PPPoE: DNS protocol

The internet is es­sen­tial­ly just a very large computer network and, in many aspects, does not differ from a local area network (LAN). But there are some important dif­fer­ences. Due to the size and function of internet providers and their servers, the global network also requires its own tech­nol­o­gy. This tech­nol­o­gy comes in the form of the so-called “Point-to-Point Protocol over Ethernet” (PPPoE). What exactly does this protocol do?

To establish an internet con­nec­tion, the local PC (or another similar end device) has to connect to the internet via the router. Access is provided by an internet service provider (ISP), which also needs to check whether the client actually has access au­tho­riza­tion. When the internet came to private house­holds, via ISDN at the time, the Point-to-Point Protocol (PPP) was used to perform this check. The dial-in medium (the modem or router) creates a direct con­nec­tion to the internet provider’s node during this process. The provider verifies the data and clears the way to the internet.

For internet service providers, PPP had the advantage that the protocol enabled them to not only check the access au­tho­riza­tion but also determine the trans­mit­ted volume of data and the dial-in time. Providers benefited from the protocol since back then it was normal to pay minute prices for internet usage. With the rise of DSL and due to the fact that more than one device per household started to use the internet at the same time, a new tech­nol­o­gy became necessary.

The PPPoE protocol offers the same ad­van­tages as PPP, but it allows the tech­nol­o­gy to run over Ethernet. Meanwhile, this network tech­nol­o­gy is the standard every­where, enabling complex and fast con­nec­tions. The familiar PPP portion of the data packet is in­te­grat­ed into the Ethernet frame.

PPPoE is part of the TCP/IP protocol stack – and is located in the lowest layer: network access. The network acts in two different phases, which in turn affect the setup. It starts with PPPoE discovery. In this step, the protocol de­ter­mines the MAC address of the node in order to use it to access the internet. This search occurs via a broadcast: The data packets are sent to the network without a specific des­ti­na­tion. The node – also known as Point of Presence (PoP) – then responds and creates a com­mu­ni­ca­tion layer between both network par­tic­i­pants.

Next, the second phase starts: the PPPoE session. Details are ne­go­ti­at­ed at this stage. For instance, the node checks the access au­tho­riza­tion of the client. Actual internet use follows – but this is still part of the PPPoE session phase.

You can tell which phase is active by the type field of the Ethernet frame. Here you’ll either find 0x8863 for discovery or 0x8864 for session. The type field is followed by the PPPoE frame, embedded in the data field of the Ethernet frame. The PPPoE portion can also be assigned to different sections. First, the PPPoE version is trans­mit­ted. However, since there is only one version of the protocol, the value 1 is always stated here. Next is the PPPoE type, which is also always rep­re­sent­ed by 1.

While the first two parts each only take up 4 bits, a code field of 1 byte (i.e. 8 bits) follows. This is primarily important for the PPPoE discovery phase and shows in which step both com­mu­ni­ca­tion par­tic­i­pants are located. If you’re already in the session phase, the field simply contains the value 0x00. However, five different values are possible in the discovery phase:

• 0x09: PPPoE Active Discovery Ini­ti­a­tion (PADI)
• 0x07: PPPoE Active Discovery Offer (PADO)
• 0x19: PPPoE Active Discovery Request (PADR)
• 0x65: PPPoE Active Discovery Session-con­fir­ma­tion (PADS)
• 0xa7: PPPoE Active Discovery Ter­mi­na­tion (PADT)

The discovery phase, therefore, begins with the broadcast (PADI). In this step, the client also sends its MAC address so that it can then receive a response. The following data packet from the PoP contains its own MAC address and name (PADO). It’s quite possible that multiple nodes respond to the client’s broadcast. Based on the name, the local computer or router must then decide which PoP it wishes to connect with. It com­mu­ni­cates this decision to the relevant node by means of another message (PADR). The PoP sub­se­quent­ly contacts the network par­tic­i­pant again, confirms the con­nec­tion, and assigns the device a session ID (PADS). The client is then connected to the internet. If one of the par­tic­i­pants wishes to terminate the con­nec­tion, it com­mu­ni­cates this to the other device with a final data packet (PADT).

After the con­nec­tion has been es­tab­lished and the Point of Presence has issued a session ID, the ad­di­tion­al fields within the frame play a role. First of all, the session ID is entered here. This allows all sub­se­quent data packets to be iden­ti­fied. Next, the length of the final payload field is indicated. This ensures that no in­for­ma­tion is lost during trans­mis­sion. The following protocol field provides in­for­ma­tion on which protocol is used for the payload, such as IPv4 or IPv6. These three fields each have a length of two bytes. The payload field finally contains the actual data intended for trans­mis­sion. The length of this section can vary (although it is com­mu­ni­cat­ed in advance) and concludes the PPPoE frame.

Point-to-Point over Ethernet is strongly linked to the de­vel­op­ment of DSL and the general spread of the internet. The pre­de­ces­sor protocol, PPP, was designed for dial-up lines like ISDN. The Ethernet standard also became es­tab­lished with DSL. As a result, the old and pre­vi­ous­ly suc­cess­ful protocol had to be adjusted. Moreover, Ethernet enables multiple devices to share the same con­nec­tion for accessing the internet. This also was not possible with the con­ven­tion­al Point-to-Point Protocol.

In most cases, the router is re­spon­si­ble for directly con­tact­ing the internet provider and therefore also es­tab­lish­es the internet con­nec­tion. However, with PPPoE it’s also possible for an in­di­vid­ual device to com­mu­ni­cate with the PoP. To do so, PPPoE passthrough needs to be activated in the router. The router will then allow the con­nec­tion request of the device directly through. The whole process, com­pris­ing the discovery and session phases, then takes place between the PC (for example) and the PoP.

What’s more, PPPoE has a benefit that PPP also offered: The protocol makes it rel­a­tive­ly easy to request the access au­tho­riza­tion of the client. Various methods are available for this purpose – the easiest being a password requested via the Password Au­then­ti­ca­tion Protocol (PAP). Here, the client is simply asked to provide a secret password. Although this technique works well, it’s no longer com­plete­ly secure. That’s because the password is not trans­mit­ted under en­cryp­tion and could therefore be read by third parties.

The Challenge Handshake Au­then­ti­ca­tion Protocol (CHAP) provides greater security. With this approach, an encrypted com­bi­na­tion of a password and a specific value is exchanged. As the server of the network operator knows the password, it is able to decrypt the com­bi­na­tion again and check the au­tho­riza­tion. The third method of au­then­ti­ca­tion is the Ex­ten­si­ble Au­then­ti­ca­tion Protocol (EAP). This is a kind of framework that offers different au­then­ti­ca­tion options.