PPPoE verification method and its utilization

                  In recent years, network data services have developed rapidly, and broadband users have experienced explosive growth. Operators are adopting multiple access methods such as xDSL, LAN, HFC, and wireless, in order to build an operational, manageable, and profitable broadband. The network is very concerned about how to effectively manage users. PPPoE (PPP over Ethernet) is one of the various authentication technologies that come with it.

I. Preface

In recent years, network data services have developed rapidly, and broadband users have experienced explosive growth. Operators are adopting multiple access methods such as xDSL, LAN, HFC, and wireless. Building an operational, manageable, and profitable broadband network is very concerned about how to effectively manage users. PPPoE (PPP over Ethernet) is one of the various authentication technologies that come with it.

1, PPP over Ethernet

The PPP over Ethernet technology introduced in late 1998 was developed by Redback Networks, a client software developer, RouterWare. The company and UcomNET Technologies, a subsidiary of Worldcom, jointly developed on the basis of the IETF RFC system. By combining the most economical LAN technology—the scalability and management control of Ethernet and point-to-point protocols—network service providers and service providers can take advantage of reliable and familiar technologies to accelerate the deployment of high-speed Internet services. It makes it easier for service providers to offer multi-user broadband access services via digital subscriber lines, cable modems or wireless connectivity. At the same time, the technology also simplifies the operation of end users when dynamically selecting these services.

PPPoE Ethernet-based point-to-point protocol, the current PPPOE is mainly used by ISPs for xDSL and cable modems to connect with the client, they are almost the same as Ethernet. PPPoE is a standard point-to-point protocol (PPP), and there is only a difference in transmission between them: PPPoE uses a modem connection instead of a normal Ethernet. In general, PPPoE is based on authentication with the user and by distributing the IP address to the client. A PPPoE connection consists of a client and an access hub server, which can be a Windows computer with the PPPoE protocol installed. PPPoE client and server can work on any Ethernet level router interface

2. Netcom's broadband access method

Netcom's broadband access method is usually LAN mode, ie all The users are all located in a large LAN. If the client wants to access the Internet, you need to use the corresponding account to dial the PPPoE. After the authentication, you can obtain the public IP address before you can access the Internet.

Second, PPPoE verification process

1, PPPoE verification process

First understand the PPPoE verification process:

If the client To authenticate with a remote PPPoE server over a local area network, they will have two different session phases, the Discovery phase and the PPP session phase. When a client wants to start a PPPoE session, it must first perform the discovery phase to identify the peer's Ethernet MAC address and establish a PPPoESESSON_ID. In the discovery phase, based on the network topology, the client can discover multiple PPPoE servers and then choose one of them, but usually the one that chooses the fastest response.

The Discovery phase is a stateless phase, which is mainly to select the access server, determine the PPP session identifier Session ID to be established, and obtain the peer-to-peer connection information; PPP session phase execution standard The PPP process. When this phase is completed, both ends of the communication know the PPPoESESSON_ID and the Ethernet address of the peer, which together define a unique PPPoE session. These steps include the client broadcasting an Initiation Packet (PASI), one or more PPPoE Server Send Response Packets (PADO), the client sending a request packet (PADR) to the selected server, and the selected PPPoE server sending an acknowledgement packet (PADS) To the client. When the client receives the acknowledgment packet, it can begin the PPP session phase. When the PPPoE server sends out an acknowledgment packet, it can start a PPP session.

When the client does not receive PADO within the specified time, it should resend its PADI packet and double the wait time, which is repeated the expected number of times. If the client is waiting to receive PADS, a similar timeout mechanism with the client resending PADR should be used. After retrying the specified number of times, the host should resend the PADI packet. PPPOE also has a PADT packet that can be sent at any time after the session is established to terminate the PPPOE session. It can be sent by the client or PPPOE server. When a PADT is received, the session is no longer allowed to use to send PPP services. After the PADT is sent or received, that is, the normal PPP cannot be used, the PADT can be used. Once the PPPOE session starts, the PPP data can be encapsulated in any other PPP. The form is sent. All Ethernet frames are unicast, and authentication occurs during the session phase. The SESSION_ID of the PPPoE session must not be changed and must be the value assigned during the discovery phase.

2, PPP over Ethernet basic frame format

Establishing an Ethernet point-to-point protocol session consists of two phases: 1. Discovery stage. During the Discovery process, the user host broadcasts all the access hubs that can be connected and obtains its Ethernet MAC address. Then select the host to connect to and determine the PPP session identification number to be established. 2. PPP session phase. The user host and the access hub perform a PPP session based on the PPP session connection parameters negotiated during the discovery phase. Therefore, corresponding to these two processes, the point-to-point protocol frame format on the Ethernet (as shown in Figure 2) also includes two types: the type field in the Ethernet frame of the discovery phase is 0x8863; the type field in the Ethernet frame of the PPP session phase is 0x8864, they have all been recognized by the IEEE. The version (VER) field and type (TYPE) field in the PPPoE packet are both 4 bits long. In the current version of the PPPoE recommendation, the values ​​of these two fields are fixed to 0x1. The code (CODE) field has a length of 8 bits and differs depending on the different functions of the various data packets in the two phases. In the PPP session phase, the CODE field is 0x00, and the various packet formats in the discovery phase will be given in the following section when the discovery phase is described in detail. The version identification number (SESSION_ID) field is 16 bits long and is fixed during a given PPP session. The value 0xffffff is a reserved value. The length (LENGTH) field is 16 bits long, indicating the PPPoE payload length. The discovery phase PPPoE payload can be empty or consist of multiple tags (TAG), each tag is a TLV (type-length-value) structure; the PPP session phase PPPoE payload is a standard point-to-point protocol packet.

3, Discovery stage details

A typical discovery (Discovery) stage consists of 4 steps:

1, the host sends PPPoE effective discovery start (PADI) package. The Ethernet destination address is broadcast address 0xffffffffffff, the CODE field is 0x09, and the SESSION_ID is 0x0000. The PADI package must contain at least one tag of the service name type (label type field 0x0101) to present the requested service to the access hub.

2. After receiving the PADI packet in the service range, the access hub sends a PPPoE Valid Discovery Offer (PADO) packet in response to the request. Its CODE field is 0x07 and the SESSION_ID is still 0x0000. The PADO package must contain a tag for the access hub name type (the tag type field is 0x0102) and one or more service name type tags indicating the type of service that can be provided to the host.

3. The host selects one of the plurality of PADO packets that may be received, and then sends a PPPoE Valid Discovery Request (PADR) packet to the selected access hub. Its CODE field is 0x19 and the SESSION_ID is still 0x0000. The PADR package must include a service name type tag to determine the type of service requested to the access hub.

4. After receiving the PADR packet, the access hub prepares to start the PPP session, and it sends a PPPoE Valid Discovery Session Confirmation (PADS) packet. Its CODE field is 0x65, and SESSION_ID is a unique PPPoE session identification number generated by the access hub. The PADS package must also contain a tag that accesses the hub name type to confirm the service provided to the host. After the host receives the PADS packet confirmation, both parties enter the PPP session phase.

Third, the use of PPPoE verification

From the above process we need to pay attention to two points: the discovery phase is broadcast. The session phase is unicast; the client usually chooses the most reactive PPPOE server for authentication and access. What is fast response? We can understand that the client will authenticate with the nearest PPPOE server.

Use ideas: This is the key to today. If we set up a PPPOE server, users with the same switch or hub (usually one floor) will choose this server for access and identity. Verify without looking for a distant PPPOE server.

Let's talk about the use process:

1. Set up the PPPOE server. The PPPOE server was set up. The original author used the Windows Server 2003 "Routing and Remote Access" service to install the PPPoE driver, which added the PPPOE service to the routing and remote access service. Of course, you can also use the Linux system. There is an article on the Linux+PPPoE server.

2, PPPOE authentication is set to unencrypted mode (the specific situation depends on the PPPOE server), needless to say, this is mainly to facilitate plaintext sniffing.

3, use Sniffer for sniffing.