Nokia Internet Communications AN INTRODUCTION TO PPPOE Version 1.0 07-Mar-2001 DOCUMENT OWNER: Dave Lipowsky PHONE: (847) 867-8163 EMAIL: david.lipowsky@nokia.com
Revision History Version Date Author Description 1.0 07-Mar-2001 Dave Lipowsky Initial release
Table of Contents ABSTRACT...1 WHAT IS PPPOE...2 WHO USES PPPOE AND WHY...3 PPPOE NETWORK DIAGRAM...4 WHAT ABOUT PPPOA?...5 SUMMARY...6 GLOSSARY...7
Abstract Abstract This paper is intended to give the reader the basic understanding of PPPoE and why it is used. With the new product lines that Nokia acquired with the Ramp Networks purchase, and the likelihood of running into PPPoE with the Nokia VPN client, it is helpful to understand the basic reason for deploying PPPoE. Dave Lipowsky Page 1 08-Mar-2001
What is PPPoE What is PPPoE Point-to-Point Protocol over Ethernet (PPPoE) is described in RFC-2516. PPPoE was created as a means of encapsulating the PPP traffic over an Ethernet network, allowing the use of LCP and other PPP related functionality in a network that is not of a point-to-point design. PPPoE acts as a bump in the stack, much like an IPSec client like the Nokia VPN client. When implemented on a router, it is typically only implemented on the WAN interface pointing towards the service provider's network. PPPoE uses specific ether-types to identify that a 8 octet PPPoE header follows the DLC header in an Ethernet frame. There are two ether-types associated with PPPoE. The discovery process is identified by 0x8863, while the PPP session is defined by 0x8864. PPPoE is a non-routable protocol, and therefore is only installed on subscriber computers when a DSL bridge is in place, a DSL router in bridging mode, or installed on a DSL router s WAN interface. By installing the PPPoE shim on the WAN interface, the subscriber doesn t need to install the shim on their computer(s). The LAC discovery stage is used to identify the LAC and determine the session-id. Once the session-id is determined, the PPP session state begins. The PPP session state is essentially the same with PPPoE as it is without. The session goes thorough the Link Establishment Phase, Authentication Phase, etc., before establishing the session for user traffic. Note: PPPoE adds an 8-octet header between the PPP and DLC layers of the frame, which can require adjustments to MTU sizes. This adjustment would be in addition to any adjustment made to accommodate IPSec headers, etc. Dave Lipowsky Page 2 08-Mar-2001
Who Uses PPPoE and Why Who Uses PPPoE and Why Many DSL service providers are using PPPoE because it provides many features that they find desirable over bridged/routed 1483 encapsulation. It allows the service provider or ISP to easily monitor DSL activity statistics, and provides an easy method for policing inactivity be forcing the PPP session to disconnect after specified inactivity or absolute periods if they chose. PPPoE is easily integrated to their existing RADIUS architecture for user authentication. Dynamic addressing is implemented without the use of DHCP, and can easily be integrated into the RADIUS Framed_IP_Address attribute for assigning a static IP address as well. In this case, the provider would be able to dynamically assign the same IP address each time a user authenticates to the network. The DSL carrier that I was employed with was using this to placate the users that wished to have static IP addresses along with the PPPoE service. The single biggest reason for implementing PPPoE at the DSL carrier I was employed with was the ability to reduce the amount of provisioning required for each DSL subscriber. By using the ability to select services on a userid/domain combination, all PVCs could be terminated on a router that determines how to forward the frames based on this information. As you will see later, this reduces the number of VCs required to each ISP, and can negate any provisioning that would need to occur if a subscriber decided to change ISPs. Dave Lipowsky Page 3 08-Mar-2001
PPPoE Network Diagram PPPoE Network Diagram Much of the features of PPPoE are provided by the use of a device such as Redback s SMS, Nortel s Shasta, or Cisco s 6400, among others. These devices terminate the individual PVCs that begin at the Customer Premise Equipment (CPE) in the DSL subscriber s property. The devices are then used to aggregate the traffic onto different L2TP tunnels to the individual ISPs based on the domain portion of the userid/domain information that was provided at logon. This allows the service provider to provision all CPEs to terminate at a single point in the network, instead of mapping the VCs completely through the network to the ISP. An example of this is easier understood with a simple diagram. UNEs purchased from the ILEC DSLAM terminates the UNEs from the subscribers Redback or similar router terminates PVCs but not PPP sessions. Acts as a LAC ISP A ATM Network DSLAM ISP B ILEC's Central Office Service Provider's Network DSL Subscribers DS3 or greater trunk into service provider ATM network L2TP tunnels from LAC in service provider network to LNS at ISP Redback or similar router terminates PPP sessions. Acts as an LNS In this case, the service provider has two ISP customers, both have implemented an LNS in their network to terminate the PPP sessions. All subscriber PVCs are terminated at the Redback SMS's LAC, with a single PVC from the Redback SMS to each ISP's LNS. The LAC (L2TP Access Concentrator) implemented in the Redback SMS acts as a concentrator of all PPP traffic destined for the ISPs, and aggregates the PVCs traffic into the appropriate L2TP tunnel. The LAC makes this tunnel decision based on the userid/domain information that was submitted during the authentication portion of the session establishment. While this Redback SMS terminates the PVC, it does not terminate the PPP session. This is left to the LNS at the ISP. This allows two people from the same house to have different ISPs on the same DSL line, and use them at the same time. Also, if a user decides that ISP-B gives better service than ISP-A, the service provider doesn't need to make any provisioning changes as long as ISP-B is part of their network. This saves considerable time and resources for the service provider. Note: In many cases the device terminating the PVCs will feed the L2TP tunnels back into the ATM network, with a PVC to the ISP. Also, many service providers will assume the task of providing the LNS for an additional fee to the ISP, passing simple IP traffic to the ISP network. Dave Lipowsky Page 4 08-Mar-2001
What About PPPoA? What About PPPoA? Some providers like Ameritech were implementing PPP over ATM (PPPoA) in the past, and some may still be doing so today. PPPoA is essentially the same as PPPoE with the distinct difference being that the subscriber's computer doesn't have an Ethernet NIC, but an ATM NIC instead (usually ATM-25). This NIC was connected to a DSL bridge that had an ATM port on the LAN side, and the DSL port (usually ATM as well) on the WAN side. Another method of implementing PPPoA was within the DSL router WAN interface, just like with PPPoE. Needless to say, installing an ATM NIC into a subscribers computer(s) is more expensive and more difficult to troubleshoot than an Ethernet NIC. In the years since implementing PPPoA in their test markets in Michigan, Ameritech (SBC) has decided to deploy PPPoE instead. Much of this was due to cost and complexity, with a portion being due to customer complaints as well. Dave Lipowsky Page 5 08-Mar-2001
Summary Summary Whether you like it or not, PPPoE is probably here to stay. The DSL service providers have been using it successfully for a while, and the cable industry will probably follow when they are forced to open their networks to other ISPs as AOL Time Warner is finding out. Things to keep in mind are that the Ramp acquisition brings PPPoE to our product line with the IP55 and IP71, and you may be asked to implement the Nokia VPN client on a network that uses PPPoE. The PPPoE RFC is not a tough read, and can shed a lot more light on the topic. http://www.ietf.org/rfc/rfc2516.txt?number=2516 Dave Lipowsky Page 6 08-Mar-2001
Glossary Glossary CPE Customer Premise Equipment Equipment installed at customer location to provide Telco services. Examples include DSL bridge/router, CSU/DSU. DSLAM ILEC Digital Subscriber Line Access Multiplexer Incumbent Local Exchange Carrier Terminates the DSL circuit from the subscriber, aggregating them onto the service provider network (ATM or Frame Relay). Original Telco provider serving the area before competition. LAC L2TP Access Concentrator Aggregates many PPP sessions into one or more L2TP tunnels for transfer to a LNS. LNS L2TP Network Server Terminates the L2TP tunnels from the LAC, and terminates the individual PPP sessions within these tunnels, before passing traffic to ISP network. PVC Permanent Virtual Circuit Pre-configured (non-dynamic) connection between two endpoints on an ATM or Frame Relay network. UNE Unbundled Network Element Copper pairs a CLEC purchases from ILEC to provide DSL services. No dial-tone is provided to the pair. A UNE is not purchased for line-sharing purposes where CLEC adds DSL services to the existing voice circuits the subscriber uses. Dave Lipowsky Page 7 08-Mar-2001