PPPoE: DNS protocol

The internet is essentially just a very large computer network and, in many aspects, does not differ from a local area network (LAN). But there are some important differences. Due to the size and function of internet providers and their servers, the global network also requires its own technology. This technology comes in the form of the so-called “Point-to-Point Protocol over Ethernet” (PPPoE). What exactly does this protocol do?

To establish an internet connection, the local PC (or another similar end device) has to connect to the internet via the router. Access is provided by an internet service provider (ISP), which also needs to check whether the client actually has access authorization. When the internet came to private households, via ISDN at the time, the Point-to-Point Protocol (PPP) was used to perform this check. The dial-in medium (the modem or router) creates a direct connection to the internet provider’s node during this process. The provider verifies the data and clears the way to the internet.

For internet service providers, PPP had the advantage that the protocol enabled them to not only check the access authorization but also determine the transmitted volume of data and the dial-in time. Providers benefited from the protocol since back then it was normal to pay minute prices for internet usage. With the rise of DSL and due to the fact that more than one device per household started to use the internet at the same time, a new technology became necessary.

The PPPoE protocol offers the same advantages as PPP, but it allows the technology to run over Ethernet. Meanwhile, this network technology is the standard everywhere, enabling complex and fast connections. The familiar PPP portion of the data packet is integrated into the Ethernet frame.

PPPoE is part of the TCP/IP protocol stack – and is located in the lowest layer: network access. The network acts in two different phases, which in turn affect the setup. It starts with PPPoE discovery. In this step, the protocol determines the MAC address of the node in order to use it to access the internet. This search occurs via a broadcast: The data packets are sent to the network without a specific destination. The node – also known as Point of Presence (PoP) – then responds and creates a communication layer between both network participants.

Next, the second phase starts: the PPPoE session. Details are negotiated at this stage. For instance, the node checks the access authorization of the client. Actual internet use follows – but this is still part of the PPPoE session phase.

You can tell which phase is active by the type field of the Ethernet frame. Here you’ll either find 0x8863 for discovery or 0x8864 for session. The type field is followed by the PPPoE frame, embedded in the data field of the Ethernet frame. The PPPoE portion can also be assigned to different sections. First, the PPPoE version is transmitted. However, since there is only one version of the protocol, the value 1 is always stated here. Next is the PPPoE type, which is also always represented by 1.

While the first two parts each only take up 4 bits, a code field of 1 byte (i.e. 8 bits) follows. This is primarily important for the PPPoE discovery phase and shows in which step both communication participants are located. If you’re already in the session phase, the field simply contains the value 0x00. However, five different values are possible in the discovery phase:

• 0x09: PPPoE Active Discovery Initiation (PADI)
• 0x07: PPPoE Active Discovery Offer (PADO)
• 0x19: PPPoE Active Discovery Request (PADR)
• 0x65: PPPoE Active Discovery Session-confirmation (PADS)
• 0xa7: PPPoE Active Discovery Termination (PADT)

The discovery phase, therefore, begins with the broadcast (PADI). In this step, the client also sends its MAC address so that it can then receive a response. The following data packet from the PoP contains its own MAC address and name (PADO). It’s quite possible that multiple nodes respond to the client’s broadcast. Based on the name, the local computer or router must then decide which PoP it wishes to connect with. It communicates this decision to the relevant node by means of another message (PADR). The PoP subsequently contacts the network participant again, confirms the connection, and assigns the device a session ID (PADS). The client is then connected to the internet. If one of the participants wishes to terminate the connection, it communicates this to the other device with a final data packet (PADT).

After the connection has been established and the Point of Presence has issued a session ID, the additional fields within the frame play a role. First of all, the session ID is entered here. This allows all subsequent data packets to be identified. Next, the length of the final payload field is indicated. This ensures that no information is lost during transmission. The following protocol field provides information on which protocol is used for the payload, such as IPv4 or IPv6. These three fields each have a length of two bytes. The payload field finally contains the actual data intended for transmission. The length of this section can vary (although it is communicated in advance) and concludes the PPPoE frame.

Point-to-Point over Ethernet is strongly linked to the development of DSL and the general spread of the internet. The predecessor protocol, PPP, was designed for dial-up lines like ISDN. The Ethernet standard also became established with DSL. As a result, the old and previously successful protocol had to be adjusted. Moreover, Ethernet enables multiple devices to share the same connection for accessing the internet. This also was not possible with the conventional Point-to-Point Protocol.

In most cases, the router is responsible for directly contacting the internet provider and therefore also establishes the internet connection. However, with PPPoE it’s also possible for an individual device to communicate with the PoP. To do so, PPPoE passthrough needs to be activated in the router. The router will then allow the connection request of the device directly through. The whole process, comprising the discovery and session phases, then takes place between the PC (for example) and the PoP.

What’s more, PPPoE has a benefit that PPP also offered: The protocol makes it relatively easy to request the access authorization of the client. Various methods are available for this purpose – the easiest being a password requested via the Password Authentication Protocol (PAP). Here, the client is simply asked to provide a secret password. Although this technique works well, it’s no longer completely secure. That’s because the password is not transmitted under encryption and could therefore be read by third parties.

The Challenge Handshake Authentication Protocol (CHAP) provides greater security. With this approach, an encrypted combination of a password and a specific value is exchanged. As the server of the network operator knows the password, it is able to decrypt the combination again and check the authorization. The third method of authentication is the Extensible Authentication Protocol (EAP). This is a kind of framework that offers different authentication options.