APTER 15 _ Point-to-Point Protocol _ (PPP) Today, millions of Internet users need to connect their home computers to the comput- ers of an Internet provider to access the Internet. There are also a lot of individuals who need to connect t0 a computer from home, but they do not want to go through the Inter- net. The majority of these users have either a dialup or leased telephone line. The tele- phone line provides a physical link, but to control and manage the transfer of data, there is a need for a point-to-point link protocol, Figure 15.1 shows a physical point-to-point connection, Figure 18.1 Point-to-point link Point-to-point physical link End point End point u The first protocol devised for this purpose was Serial Line Internet Protocol (SLIP). However, SLIP has some deficiencies: it does not support protocols other than Internet Protocol (IP), it does not allow the IP addresses to be assigned dynamically, and it does not support authentication of the user. The Point-to-Point Protocol (PPP) is a protocol designed to respond to these deficiencies. 15.1 TRANSITION STATES The different phases through which a PPP connection goes cari be described using a transition state diagram as shown in Figure 15.2, Idle state. The idle state means that the link is not being used. There is no active carrier and the line is quiet. = Establishing state. When one of the end points starts the communication, the con- nection goes into the establishing state, In th's state, options are negotiated 485456 CHAPTER 15 POINT-TO-POINT PROTOCOL (PPP) Figure 15.2. Transition stares Detect carier Drop cartier Terminating mina Success | Finish | Success Networking [exchanging user data ad contro) between the two parties. If the negotiation is successful, the system goes to the authenticating state (if authentication is required) or directly to the networking state, The LCP packets, discussed shortly, are used for this purpose. Several pack- ets may be exchanged during this state, = Authenticating state, The authenticating state.is optional; the two end points may decide, during the establishing state, not to go through this state. However, if they decide to proceed with authentication, they send several authentication pack- cts, discussed in a later section, If the result is successful, the connection goes to the networking state; otherwise, it goes to the terminating state. m Networking state. The networking state is the heart of the transition states. When | connection reaches this state, the.exchange of user control and data packets ean be started. The connection remains in this state until one of the end points wants to terminate the connection, = Terminating state. When the connection is in the terminating state, several pack- ets are exchanged between the two ends for house cleaning and closing the link. 15.2. PPP LAYERS Figure 15.3 shows the PPP layers. PPP has only physical and data link layers. This means that a protocol that wants to use the services of PPP should have other layers (network, transport, and so on), PPP operates only at the physical and data link layers, Physical Layer : No specific protocol is defined for the physical layer in PPP. Instead, it is left to the implementer to use whatever is available, PPP supports any of the protocols recognized by ANSI.SECTION 15.2. PPP LAYERS 457 Figure 15.3 PPP layers AA variation of HDLC ANSI standards Physical Data At the data link layer, PPP employs a version of HDLC. Figure 15.4 shows the format of a PPP frame. k Layer Figure 15.4 PPP frame Flag Data and padding Hbyte byte Lor2 bytes Variable 2ord bytes I byte Tbyte The descriptions of the fields are as follows: m Flag field. The flag field, like the one in HDLC, identifies the boundaries of a PPP frame. Its value is 01111110. Address field. Because PPP is used for a point-to-point connection, it uses the broadcast address of HDLC, 11111111, to avoid a data link address in the protocol. ™ = Control field. The control field uses the format of the U-frame in HDLC. The value is 11000000 to show that the frame does not contain any sequence numbers and that there is no flow and error control. ™ Protocol field. The protocol field defines what is being carried in the data field: user data or other information, We will discuss this field in detail shortly. m Data field. This field carries discuss shortly. ither the user data or other information that we will m= FCS. The frame check sequence field, as in HDLC, is simply a two-byte or four-byte CRC,458 CHAPTER 15 POINT-TO-POINT PROTOCOL (PPP) 15.3 LINK CONTROL PROTOCOL (LCP) The Link Control Protocol (LCP) is responsible for establishing, maintaining, config- uring, and terminating links, It also provides negotiation mechanisms to set options between the two end points. Both end points of the link must reach an agreement about the options before the link can be established, AILLCP packets are carried in the payload field of the PPP frame. What defines the frame as one carrying an LCP packet is the value of the protocol field, which should be set to CO21,,. Figure 15.5 shows the format of the LCP packet. Figure 15.5 LCP packet encapsulated in a frame Lbyte byte 2 bytes Variable Lep. packet Code Length | Information for some LCP packets Payload (and padding) The descriptions of the fields are as follows: Code. This field defines the type of LCP packet. We will discuss these packets and : their purpose in the next section. MID. This field holds a value used to match a request with the reply. One end point inserts a value in this field, which will be copied in the reply packet. Length. This field defines the length of the whole LCP packet. Information. This field contains extra information needed for some LCP packets LCP Packets ‘Table 15.1 lists some LCP packets Table 15.1 LCP packets and their codes [Code Packet Type 7 Description [01,6 | Configure-request | Contains the list of proposed options and their values | 02,, | Configure-ack ‘Accepts all options proposed 034 _| Configure-nak ‘Announces that some options are not acceptable 04,, | Configure-reject ‘Announces that some options are not recognized 05,6 | Terminate-request | Requests to shut the line down [ +06, | Terminate-ack ‘Accepts the shut-down requestSECTION 15,3 LINK CONTROL PROTOCOL (LCP) 459 ‘Table 18.1 (continued) LCP packets and their codes Code Packet Type Description O7;¢ | Code-reject ‘Announces an unknown code 08,, | Protocol-reject ‘Announces an unknown protocol | O%¢_ | Echo-request A type of hello message to check ifthe other end is alive. 0A,, | Echo-reply The response to the echo-request message | 0B,, | Discard-request ‘A request to discard the packet ~ Configuration Packets Configuration packets are used to negotiate the options between two ends. Four differ- ent packets are used for this purpose: configure-request, configure-ack, configure-nak, and configure-reject. = Configure-request. The end point that wishes to start a connection sends a configure-request message with a list of zero or more options to the other end point. Note that all of the options should be negotiated in one packet. = Configure-ack. If all of the options listed in the configure-request packet are accepted by the receiving end, it will send a configure-ack, which repeats all of the options requested. = Configure-nak. If the receiver of the configure-request packet recognizes all of the options but finds that some should be omitted or revised (the values should be changed), it sends a configure-nak packet to the sender. The sender should then omit or revise the options and send a totally new configure-request packet. = Configure-reject. If some of the options are not recognized by the receiving party, it responds with a configure-reject packet, marking those options that are not rec- ognized. The sender of the request should revise the configyre-request message and send a totally new one. Link Termination Packets The link termination packets are used to disconnect the link between two end points. m= Terminate-request. Either party can terminate the link by sending a terminate- request packet. m= Terminate-ack. The party that receives the te answer with a terminate-ack packet ninate-reque: packet should Link Monitoring and Debugging Packets These packets are used for monitoring and debugging the link = Code-reject. If the end point receives a packet with an unrecognized code in the packet, it sends a code-reject packet. m Protocol-reject. If the end point receives a packs with an unrecognized protocol in the frame, it sends a protocol-reject packet.460 CHAPTER 15 POINT-TO-POINT PROTOCOL (PPP) ™ Echo-request. This packet is sent to monitor the link. Its purpose is to see if the Link is functioning, The sender expects to receive an echo-teply packet from the other side as proof. = Echo-reply. This packet is sent in response to an echo-request. The information field in the echo-request packet is exactly duplicated and sent back to the sender of the echo-request packet, = Discard-request. This is a kind of loopback test packet. It is used by the sender to check its own loopback condition, The receiver of the packet just discards it Options ‘There are many options that can be negotiated between the two end points. Options are inserted in the information field of the configuration packets, We list some of the most common options in Table 15.2. Table 15.2 Common options — Option Default ‘Maximum receive unit 1500 Authentication protocol | None | Protocol field compression Z off Address and control field compression “Of | 15.4 AUTHENTICATION Authentication plays a very important role in PPP because PPP is designed for use over dial-up links where verification of user identity is necessary, Authentication mesns validating the identity of a user who needs to access a set of resources. PPP has created {Wo protocols for authentication: Password Authentication Protocol (PAP) and Chal- Jenge Handshake Authentication Protocol (CHAP). PAP The Password Authentication Protocol (PAP) is a simple authentication procedure with a two-step process: = The user who wants to access a system sends an authentication identification (usu« ally the user name) and a password. ™ The system checks the validity of the identification and password and either accepts or denies connection. For those systems that require mare security, PAP is not enough; a third party with access to the link can easily pick up the password and access the system resources, Figure 15.6 shows the idea of PAP.SECTION 15.4 AUTHENTICATION 461 Figure 15.6 PAP User System nt physical link Authenticate-request packet —| User name and password —- Authenticate-ack or authenticate-nak packet Accept or reject -—— PAP Packets PAP packets are encapsulated in a PPP frame. What distinguishes a PAP packet from other packets is the value of the protocol field, CO23,,. There are three PAP packets: authenticate-request, authenticate-ack, and authenticate-nak. The first packet is used by the user to send the user name and password. The second is used by the system to allow access. The third is used by the system to deny access. Figure 15.7 shows the format of the three packets, ure 15.7 PAP packets Ibyte Ibyte 2bytes I byte Variable I byte User Authenti west lc, eng ame | Username [P8SSW9rd) — Passwor : eaterequest (code i} 1D | tena — | pane |v ENR] Password Lbyte _Ibyte 2bytes I byte Variable Autienicae-ack —Feien 10 [tenn MSIE Username Ibyte Ibyte 2bytes I byte Variable i length Astoicsoat free] ao | tnem SST ert | ‘aessseee CHAP ‘The Challenge Handshake Authentication Protocol (CHAP) is a three-way hand- shaking authentication protocol that provides more security than PAP. In this method, the password is kept secret; it is never sent on-line.462 CHAPTER 15 POINT-TO-POINT PROTOCOL (PPP) The system sends to the user a challenge packet containing a challenge value, usu- ally a few bytes. m_ The user applies a predefined function that takes the challenge value and the user's own password and creates a result. The user sends the result in the response packet to the system. m The system does the same. It applies the same function to the password of the user (known to the system) and the challenge value to create a result. If the result cre- ated is the same as the result sent in the response packet, access is granted; other- wise, it is denied CHAP is more secure than PAP, especially if the system continuously changes the chal- lenge value. Even if the intruder learns the challenge value and the result, the password, is stil secret. Figure 15.8 shows the idea, Figure 15.8 CHAP User System Point-to-point physical link Challenge packet »_—__| 2 = Authenticatin; uments | a} ne | Contigure-reauest TT Configuresack —§ <5} me User data | Tr }>——_ 2 : : Networking. S| Userdata | |---| 2 Terminate-request | T—T_>——— Nerworking [_Terminateaek |p Terminate-request_- {T_T 7 >| ‘Terminating oe ‘tate EB] Terminate = Terminating. The user sends the terminate-request packet to terminate the link, With the receipt of the terminate-ack packet, the link is terminated 15.7, KEY TERMS AND CONCEPTS authenticating state idle state authentication Internetwork Protocol Control Protocol (apc) Challenge Handshake Authentication Protocol (CHAP) Link Control Protocol (LCP) establishing state Network Control Protocol (NCP)466 CHAPTER 15 POINT-TO-POINT PROTOCOL (PPP) networking state Serial Line Internet Protocol (SLIP) Password Authentication Protocol (PAP) —_terminating state Point-to-Point Protocol (PPP) transition state 15.8 SUMMARY The Point-to-Point Protocol (PPP) was designed for users who need to connect to a computer system through a telephone line. A PPP connection goes through various phases: idle, establishing, authenticating, networking, and terminating, : PPP operates at the physical and data link layers of the OSI model. At the data link layer, PPP employs a version of HDLC. The Link Control Protocol (LCP) is responsible for establishing, maintaining, con- figuring, and terminating links. Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) ate two protocols used for authentication in PPP. PAP is a two-step process. The user sends authentication identification and a pass- word. The system determines the validity of the information sent. CHAP is a three-step process. The system sends a value to the user. The user ‘manipulates the value and sends its result. The system verifies the result. Network Control Protocol (NCP) is a set of protocols; each set is specific for a net- work layer protocol that requires, the services of PPP. Internetwork Protocol Control Protocol (IPCP), an NCP protocol, establishes and terminates a network layer connection for IP packets, 15.9 PRACTICE SET Review Questions SIDHR YEO . Which type of user needs PPP? Describe each of the states of a PPP connection. Discuss the physical layer of PPP, Discuss the data link layer of PPP. Discuss the control field of the PPP frame, What is the purpose of the LCP? Discuss the relationship between the LCP packet and the PPP frame, ‘What are the categories of LCP packets? What is the fun What two protocols are used for authentication in PPP? n of each category?SECTION 15.9 PRACTICESET 467 10. How does PAP work? What is its primary deficiency? 11. How does CHAP work? Why is it superior to PAP? 12. How does the PPP frame carry authentication packets from PAP and CHAP? 13. What is the purpose of NCP? 14. What is the relationship between IPCP and NCP? Multiple Chi 15. A protocol to allow the telephone line connection of a computer to another com- puter a. PPP b. SLIP ©. PLP d. aandb ¢ Questions 16. According to the PPP transition state diagram, exchange of user control and data packets occurs in the state, a, establishing b. authenticating c. networking terminating 17. According to the PPP transition state diagram, options are negotiated in the state. a. establishing b, authenticating c. networking terminating 18. According to the PPP transition state diagram, verification of user identification oceurs in the state. a. establishing b. authenticating c. networking d. terminating 19. According to the PPP transition state diagram, the link is disconnected in the _ state, a. establishing b. authenticating c. networking d. terminating 20. PPP is a layer protocol. a. physical b. data link468 CHAPTER 15 22. 24, 25. 26. POINT-TO-POINT PROTOCOL (PPP) c. physical and data link d. seven Which protocol(s) is (are) specified for the PPP physicul layer? a, LCP b. SLIP c. CHAP and PAP d. no protocol is specified In the PPP frame, the field defines the contents of the data field. a. flag b. control c. protocol a. FCS In the PPP frame, the a. flag b. control is similar to that of the U-frame in HDLC, ¢. protocol <. FCS In the PPP frame, the cast address of HDLC. a. address b. control field has a value of 11111111 to indicate the broad- ¢. protocol «FCS In the PPP frame, the ___fiekd is for error control. a. flag b. control c. protocol d. FCS What is the purpose of LCP packets?” a. configuration b. termination . option negotiation d. all of the above is a three-way handshake for user verification. a. PPP b. CHAP c. PAP d. band ¢SECTION 15.9 PRACTICE SET 469 28. A PAP packet and a CHAP packet can be distinguished by the value of the field of the PPP frame. address b. control €. protocol d. FCS 29. PAP requires ____and from the user. a. a password; a calculated value b. authentication identification; a password c. achallenge value; a password d. authentication identi ation; a calculated value 30. For CHAP authentication, the user takes the system's __ _ and its own _____ 10 create a result that is then sent to the system a. authentication identification; password b. password; challenge value ¢. password; authentication identification 4. challenge value; password . an (a) protocol, establishes and terminates a network layer con- nection for IP packets. a. NCP; IPCP b, CHAP; NCP c. IPCP; NCP d. SLIP; PPP 33. ‘What is the value of the flag, address, and control fields in hexadecimal? . Make a table to compare the PPP frame with the U-frame of HDLC, Which fields are the same? Which fields are different? 34. The value of the first few bytes of a frame is 7EFFCOCO2 105 ,,, What is the proto- col of the encapsulated payload? What is the type of packet’? The value of the first few bytes of a frame is TEFFCOCO21091 10014,,. What is the protocol of the encapsulated payload? What type of packet is being carried? How many bytes of information are in the packet? 36. Show the‘contents of a configure-nak packet in the LCP protocol. Encapsulate the packet in a PPP frame. 37. Show the contents of a configure-nak packet in the NCP protocol. Encapsulate the packet in a PPP frame. 38. Compare the results of Exercises 36 «nd 37. What differences do you see?470 CHAPTER 15 39, 40. 41 42. 43. 45. 46. 47, 48. 49. POINT-TO-POINT PROTOCOL (PPP) Show the contents of an echo-request packet with the message “Hello.” Write the whole packet in hexadecimal. Encapsulate the packet in a PPP frame and show the contents in hexadecimal. Show the contents of an echo-reply in response to the packet in Exercise 39. Write the whole packet in hexadecimal. Encapsulate the packet in a PPP frame and show the contents in hexadecimal. Show the contents of an authenticate-request packet using “Forouzan” as the user name and “797979” as the password. Encapsulate the packet in a PPP frame. Show the contents of the authenticate-ack that is received in response to the packet in Exercise 41 Show the contents of a challenge packet (CHAP) using A4253616,, as the chal- Jenge value. Encapsulate the packet in a PPP frame. + Show the contents of a response packet (CHAP) using 61635244 ,, as the response value. Encapsulate the packet in a PPP frame. A system sends the challenge value 2A2B1425,,. The password of the user is 22112211, The function to be used by the user adds the challenge value to the Password; the result should be split into two and swapped to get the response. Show the response of the user. If a user sends an LCP packet with code 02,,, what is the state of the connection after this event? . A connection is in the establishing state. If the user receives an LCP confi igure-nak packet, what is the new state? A connection is in the networking state. If the user receives an NCP configure-nak packet, what is the new state? Show the contents of all frames in Figure 15.11, What protocol (LCP, NCP, authentication, and so on) is involved in each transmission?