PPPoE, Point-to-Point Protocol over Ethernet, is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It is used mainly with ADSL services where individual users connect to the ADSL transceiver (modem) over Ethernet and in plain Metro Ethernet networks. It was developed by UUNET, Redback Networks, and RouterWare and is available as an informational RFC 2516.
Ethernet networks are packet-based and have no concept of a connection or circuit and also lack basic security features to protect against IP and MAC conflicts and rogue DHCP servers. By using PPPoE, users can virtually "dial" from one machine to another over an Ethernet network, establish a point to point connection between them and then securely transport data packets over the connection.
Traditional Internet access methods like dial-up were so slow that host computers were connected to the dial-up modem at the customer premises over slow serial ports. PPP was designed to run directly over these serial links. But with the advent of broadband internet access technologies such as ADSL and cable modems, there was a considerable increase in the bandwidth delivered to the end users. This meant that the host computers at the customer's premises were connected to the ADSL or cable modem over a much faster medium such as Ethernet. It also meant that multiple hosts could connect to the Internet through a single access device, which alone had the actual Internet connection, in the form of a WAN link. The simplest and most cost-effective method to connect multiple machines together is Ethernet. Hence typical scenarios involved multiple host PCs connected to each other and to an Internet access device by Ethernet. Unfortunately Ethernet networks are not connection-oriented and lack the basic features provided by the original PPP protocol - such as user authentication, per-user service/control, usage metering, billing, etc. Once the packets from different users reached the access device, they were sent out on the single WAN link and individual user information was lost. It would have been possible to build a protocol newly on top of Ethernet, but then the Access device would have become very complex as it maintains all user information. Instead, running PPP over Ethernet in the host PCs itself was much simpler and just required updating the software in the PC. The PPPoE session terminates at the service provider's equipment thus giving complete control to the service provider. Hence PPPoE was devised to achieve the best of both worlds - the ability to connect a network of hosts to a service provider at higher speeds, and the use of an existing connection mechanism for establishing sessions while presenting a familiar user interface. A RADIUS server is commonly responsible for handling these.
This figure shows how PPPoE fits into the ADSL broadband internet access architecture.
|Host PC||Remote access server|
The transport protocol used inside the telephone network is still Asynchronous Transfer Mode (ATM). Hence the PPPoE packets must be encapsulated inside ATM frames while entering the telephone network at the Wide area network (WAN) end of the ADSL modem. One way of doing this is to bridge the Ethernet packets containing the PPPoE packets over ATM, using the mechanism specified in RFC 2684; this is sometimes called PPPoEoE (PPP-over-Ethernet-over-Ethernet). Another is to directly encapsulate the PPPoE packets inside ATM AAL5 frames using RFC 2684 and SNAP encapsulation of PPPoE; this is termed PPPoEoA (PPP-over-Ethernet-over-ATM).
Hence before exchanging PPP control packets to establish the connection over Ethernet, the MAC address of the two end points should be known to each other so that they can be encoded in these control packets. The PPPoE Discovery stage does exactly this. In addition it also helps establish a Session Id that can be used for further exchange of packets.
The Discovery process consists of four steps between the host computer which acts as the client and the access concentrator at the internet service provider's end. They are outlined below. The fifth and last step is the way to close an existing session.
Example of a PADI-packet:
Frame 1 (44 bytes on wire, 44 bytes captured) Ethernet II, Src: 00:50:da:42:d7:df, Dst: ff:ff:ff:ff:ff:ff PPP-over-Ethernet DiscoverySrc. (=source) holds the MAC address of the computer sending the PADI.Version: 1Type 1Code Active Discovery Initiation (PADI)Session ID: 0000Payload Length: 24PPPoE TagsTag: Service-NameTag: Host-UniqBinary Data: (16 bytes)
Here is an example of a PADO packet:
Frame 2 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:0e:40:7b:f3:8a, Dst: 00:50:da:42:d7:df PPP-over-Ethernet DiscoveryAC-Name -> String data holds the AC name, in this case “Ipzbr001” (the Arcor DSL-AC in Leipzig)Version: 1Type 1Code Active Discovery Offer (PADO)Session ID: 0000Payload Length: 36PPPoE TagsTag: AC-NameString Data: IpzbrOOlTag: Host-UniqBinary Data: (16 bytes)
Since the point to point connection established has an MTU lower than that of standard Ethernet (typically 1492 vs Ethernet's 1500), it can sometimes cause problems when Path MTU discovery is defeated by poorly configured firewalls.
Some vendors (Cisco and Juniper, for example) refer to PPPoEoE (PPPoE over Ethernet), which is PPPoE running directly over Ethernet or other IEEE 802 networks or over Ethernet bridged over ATM, in order to distinguish it from PPPoEoA (PPPoE over ATM), which is PPPoE running over an ATM virtual circuit using RFC 2684 and SNAP encapsulation of PPPoE. (PPPoEoA is not the same as Point-to-Point Protocol over ATM (PPPoA), which doesn't use SNAP).