PPP Overview

Point-to-Point Protocol ( PPP ) encapsulates Network layer information for transmission over point-to-point links. It was designed by developers on the Internet and is described by a series of documents called Request for Comments (RFCs) namely, 1661, 1331, and 2153.

PPP consists of two main components : Link Control Protocol (LCP) Establishes, configures, and tests the connection Network Control Program (NCP) Configures many different Network layer protocols

PPP Physical Layer

PPP can operate on a variety of DTE/DCE physical interfaces, including

• Asynchronous serial

• Synchronous serial

• High-Speed Serial Interface (HSSI)

• ISDN

Other than what is required by a particular physical interface, PPP makes no special transmission rate requirements.

PPP Connections

It is the responsibility of the Link Control Protocol (LCP) within PPP to establish, configure, test, maintain, and terminate the point-to-point connection. Four phases occur during the LCP process:

• Link establishment

• Link quality determination

• Network layer protocol negotiation

• Link termination

During link establishment, LCP opens the connection and negotiates configuration parameters. Acknowledgment frames must be sent and received before this phase can be considered completed successfully.

The link quality determination phase involves testing the connection to determine whether the line quality is sufficient to support the Network layer protocols. Although this phase seems very important, it is optional.

In the third phase, the appropriate Network layer protocols are configured. Network control programs (NCPs) configure PPP to support different Network layer protocols, including Internet Protocol (IP), Internetwork Packet Exchange (IPX), and AppleTalk. The PPP devices transmit NCP packets to select and configure one or more Network layer protocols. After each selected Network layer protocol has been configured, data can begin to be transmitted across the link. If the LCP terminates a link, it notifies the NCP, which takes appropriate action.

The link termination phase can be initiated by the LCP at any time. Link termination can occur from events such as a user request, a loss of carrier, or the expiration of a timeout parameter.

PPP Authentication

PPP authentication occurs during the link quality determination phase; therefore, authentication is optional. The calling side of the link must transmit information to ensure that the sender is authorized to establish the connection. This is accomplished by a series of authentication messages being sent between the routers. PPP supports two types of authentication: Password Authentication Protocol ( PAP ) and Challenge Handshake Authentication Protocol ( CHAP ) .

PAP

PAP uses a two-way handshake to allow remote hosts to identify themselves . After the link has been established and the link establishment phase is complete, PAP performs the following steps:

1. The remote host initiates the call, sends a username and password to the local host, and continues to send the information until it is accepted or rejected.

2. The local host receives the call and accepts or rejects the username and password information. If the local host rejects the information, the connection is terminated .

CHAP

CHAP uses a three-way handshake to force remote hosts to identify themselves after the link establishment phase. CHAP performs the following steps after the link establishment phase is complete:

1. The local router that received the call sends a challenge packet to the remote host that initiated the call. The challenge packet consists of an ID, a random number, and either the name of the local host performing the authentication or a username on the remote host.

2. The remote host must respond with its encrypted unique ID, a one-way encrypted password, the remote hostname or a username, and a random number.

3. The local router performs its own calculation on the response values. It accepts or rejects the authentication request based on whether the value it received from the remote host matches the value it calculated.

Like PAP, CHAP terminates the connection immediately if the local host rejects the authentication request.

During the PAP process, the username and password information is sent from the remote host in clear text, so PAP is not a recommended protocol. It offers no protection from a network analyzer capturing the information and using it. Because CHAP uses secret, encrypted passwords and unique IDs, it is a much stronger protocol than PAP. You can choose only one type of authentication, so CHAP is definitely recommended; however, PAP is better than no authentication at all.