PPPoE

Point-to-Point Protocol over Ethernet (PPPoE) refers to the system used in connecting multiple devices, such as computers, laptops, smartphones, etc., on an Ethernet LAN (local area network).[1] As its main purpose, PPPoE is usually used in a building or office to allow users to be able to share a common Digital Subscriber Line (DSL), wireless connection or even cable modem connection for the internet. This helps promote a steady free-flow of information for the group so that data and information can be utilized in an organized way. The PPP (point-to-point protocol) in PPPoE is commonly used in dial-up connections. In most cases in PPP, data and information reside within an Ethernet frame.[2] PPPoE was mainly designed for managing data which has been transmitted over Ethernet networks.

There are many advantages that PPPoE connections are able to provide. However, Internets Service Providers would still need to provide a special type of connection support since PPPoE basec connections are unlike DSL, Dial-up, or Cable connections which are always connected. Also, a number of different users and participants are sharing the same connection to the remote ISP. Thus, a work-around is needed in order to keep track of the traffic that goes through. In this case, PPPoE provides for each of the user-remote sessions so that it can learn from the other network’s addresses. The initial exchange before the PPPoE is able to cache a request into its memory is actually called a "discovery".[3]

Currently, most apartments, hotels, and corporations are providing shared internet access through DSL lines which go through Ethernet and PPPoE.1 Simply put, PPPoE is a modern replacement of the old methods of establishing internet connection.

PPPoE also offers the following features which will be paramount on the flow of data and security:

  • Authentication
  • Encryption
  • Data Compression

Functionality

PPPoE has significantly changed the way that voice communication and video conferences work. As an example, imagine that you are using a dial-up connection to establish a conversation with someone over the phone. However, this only means there can only be a two-way form of communication. When the need to conduct a team call arises, this would not be possible since a dial-up connection would limit such options. PPPoE would help remedy this problem, as it allowed a lot more client devices to be able to use the same network which would connect to a single server. Now, a multitude of other users can speak to each other through a call conference.

PPPoE Discovery

There are several steps during a PPPoE discovery.[4]

Initiation

The client device or software send a PPPoE Active Device Initiation (PADI) in the form of a packet to the server so that it will initiate the session.

Offer

The network or server then responds with a PPPoE Active Discovery Offer (PADO) which is also in the form of a packet.

Request

Once it has received the PADO packet, the client then replies by sending PPPoE Active Discovery Request (PADR) packet towards the server.

Confirmation

Once it has received the PADR packet, the network then replies by generating an identification for the PPP session which it will then send to the PPPoE Active Discovery Session (PADS) to confirm with the client device.

When a PPPoE session is first initiated, the destination IP address is used solely when the activity or session is active. The IP address is then released when the session is over. This means that after the session the IP address can be re-used for future purposes.

Other Features

Moreover, PPPoE is also a networking protocol, which refers to a set of rules and guidelines that the system follows which offers essential security features:[5]

Authentication

Authenticating the data helps keep the network secure as it transfers the data to the other receiving end. Data authentication pertains to a process which involves checking the source of the data packets received. The main purpose is to ensure that the correct files have been received from the correct source device or server.

Data Encryption

Data encryption involves the use of a wide range of characters to relay a message to which only the sending and receiving end are able to understand. By encrypting the data, this helps protect the user and the networks from malicious third-party programs and users.

Data Compression

By compressing the data, the information that is being streamed from one user to another will become "lighter". This means that the transfer of data would become faster and more efficient.

Since PPPoE provides encryption and authentication towards a network, most internet service providers (ISPs) can manipulate and manage several different internet subscription plans. Additionally, all that ISPs have to do so that they can impose a bandwidth limitation and filter the traffic that goes in and out of the network is to give their customers a username (ID) and a password. By doing so, they will be able to monitor and identify the customer.

User Authentication Protocols

PPP supports 3 different types of user authentication protocols that provide various levels of security:[2:1]

Password Authentication Protocol (PAP)

This is used to authenticate a user’s password on a network. Instead of just requesting a password, the network would send a challenge message which consists of a random value to the device. The device, which is sometimes called the client machine, would then encrypt the message with the user’s password which it will then send back to the server. PAP is considered to be the least secure protocol since the password isn’t encrypted while in transit.

Challenge Handshake Authentication Protocol (CHAP)

This is quite similar to PAP but has several unique characteristics. Unlike the process used in PAP, process involved in CHAP incorporates a model for a "shared secret" to verify the user. CHAP is considered to be moderately secure as compared to PAP.

Extensible Authentication Protocol (EAP)

This is considered to be a framework used by numerous secure protocols. EAP is commonly used for authenticating wireless networks since it is one the strongest protocols.


  1. https://searchnetworking.techtarget.com/definition/PPPoE ↩︎

  2. https://whatismyipaddress.com/ppp-pppoe ↩︎ ↩︎

  3. https://www.juniper.net/documentation/en_US/junos/topics/concept/pppoe-security-understanding.html ↩︎

  4. https://kb.ic.uk/article/pppoe-discovery-stages-125.html ↩︎

  5. https://www.digitalcitizen.life/simple-questions-what-pppoe-and-what-does-it-do ↩︎