PPPoE is part of the TCP/IP protocol stack – and is located in the lowest layer: network access. The network acts in two different phases, which in turn affect the setup. It starts with PPPoE discovery. In this step, the protocol determines the MAC address of the node in order to use it to access the internet. This search occurs via a broadcast: The data packets are sent to the network without a specific destination. The node – also known as Point of Presence (PoP) – then responds and creates a communication layer between both network participants.
Next, the second phase starts: the PPPoE session. Details are negotiated at this stage. For instance, the node checks the access authorization of the client. Actual internet use follows – but this is still part of the PPPoE session phase.
You can tell which phase is active by the type field of the Ethernet frame. Here you’ll either find 0x8863 for discovery or 0x8864 for session. The type field is followed by the PPPoE frame, embedded in the data field of the Ethernet frame. The PPPoE portion can also be assigned to different sections. First, the PPPoE version is transmitted. However, since there is only one version of the protocol, the value 1 is always stated here. Next is the PPPoE type, which is also always represented by 1.
While the first two parts each only take up 4 bits, a code field of 1 byte (i.e. 8 bits) follows. This is primarily important for the PPPoE discovery phase and shows in which step both communication participants are located. If you’re already in the session phase, the field simply contains the value 0x00. However, five different values are possible in the discovery phase:
- 0x09: PPPoE Active Discovery Initiation (PADI)
- 0x07: PPPoE Active Discovery Offer (PADO)
- 0x19: PPPoE Active Discovery Request (PADR)
- 0x65: PPPoE Active Discovery Session-confirmation (PADS)
- 0xa7: PPPoE Active Discovery Termination (PADT)
The discovery phase, therefore, begins with the broadcast (PADI). In this step, the client also sends its MAC address so that it can then receive a response. The following data packet from the PoP contains its own MAC address and name (PADO). It’s quite possible that multiple nodes respond to the client’s broadcast. Based on the name, the local computer or router must then decide which PoP it wishes to connect with. It communicates this decision to the relevant node by means of another message (PADR). The PoP subsequently contacts the network participant again, confirms the connection, and assigns the device a session ID (PADS). The client is then connected to the internet. If one of the participants wishes to terminate the connection, it communicates this to the other device with a final data packet (PADT).
After the connection has been established and the Point of Presence has issued a session ID, the additional fields within the frame play a role. First of all, the session ID is entered here. This allows all subsequent data packets to be identified. Next, the length of the final payload field is indicated. This ensures that no information is lost during transmission. The following protocol field provides information on which protocol is used for the payload, such as IPv4 or IPv6. These three fields each have a length of two bytes. The payload field finally contains the actual data intended for transmission. The length of this section can vary (although it is communicated in advance) and concludes the PPPoE frame.