It defines the format of the frame to be exchanged between devices. It defines how two devices can negotiate the establishment of the link and the exchanged of data. It defines how network layer data are encapsulated in the data link frame. It defines how two devices can authenticate each other. PPP is not a single protocol but a protocol suite and consists of: 1. Framing method (frame/packet delineation): Serial lines provide bit transport, thus a means for finding the start of packets is required. 2. Link control protocol (LCP): LCP is used for establishing a data link including options for the operation. 3. Network control protocol (NCP): Each network protocol, e.g. IP, has its own NCP for establishing and configuring the networklayer operation. 4. Authentication protocols (CHAP, PAP, EAP): Client (and optional server) authentication make sure the right communication partners talk to each other. 5. Encryption protocols (ECP, DES, AES etc.) for privacy. usually client) and the responder (R, usually server). 6. Bandwidth control (BACP): „Bonding“ of multiple channels (Multilink PPP-MLPPP) to provide more bandwidth. 7. Compression control (CCP). Serial lines are usually comparably slow. Compression provides more throughput. PPP affords error detection (checksum). PPP allows to dynamically assign an IP address (NCP). PPP provides authentication (PAP / CHAP) PPP is a symmetric protocol: the 2 parties in a PPP session are the initiator (I, PPP FRAME NCP (Network Control Protocol): Dynamic assignment of IP address. Dynamic assignment of DNS primary and secondary server. The host must set a default route to the PPP interface since there is no default gateway IP address (the link is point-to-point with no IP address = unnumbered). LCP (Link Control Protocol): Used for establishing the link. Allows to negotiate link options: Authentication protocol to b used. Header compression / address field compression. MRU (maximum receive unit). Periodically test the link (LCP Echo request / reply). Bring down the link gracefully when no longer in use. Transition states A PPP connection goes through different phases called transition sates. Idle state. The idle state means that the link is not being used. There is no active carrier, and the line is quiet. Establishing link. When one of the end point starts the communication, the connection goes into the establishing state. In this state, options are negotiated between the two parties. If the negotiation is successful, the system goes to the authenticating state (if authentication is required) or directly to the networking state. Authenticating state. The authenticating state is optional. If the result is successful , the connection goes to the networking state; otherwise, it goes to the terminating state. Networking State. When a connection reaches this state, the exchange of user control and data packets can be started. The connection remains in this state until one of the endpoints wants to terminate the connection. Terminating state. When the connection is in the terminating state, several packets are exchanged between the two ends for house cleaning and closing the link. PPP is a data-link layer protocol, PPP uses a stack of other protocols to establish the link, to authenticate the parties involved, and to carry the network layer data. Three sets of protocols are used by PPP: Link control protocol, authentication protocols, and network control protocol. Protocol stack LCP packet encapsulated in a frame Authentication plays a very important role in PPP because PPP is designed for use over dial-up links where verification of user identity is necessary. Authentication means validating the identity of a user who needs to access a set of resources. PPP uses two protocols for authentication: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) 1. 2. The PAP is a simple authentication procedure with two steps: The user who wants to access a system sends an ID (identification) and a password. The system checks the validity of the identification and password and either accepts or denies a connection. For those systems that require greater security, PAP is not enough. A third party with access to the link can easily pick up the password and access the system resources. PAP PAP packets The CHAP protocol is a three-way handshaking authentication protocol that provides greater security than PAP. In this method, the password is kept secret; it is never sent on-line. Steps The system sends to the user a challenge packet containing a challenge value, usually a few bytes. The user applies a predefined function that takes the challenge value and the user’s own password and creates a result. The user sends the result in the response packet to the system. The system does the same. It applies the same function to the password of the user and the challenge value to create a result. If the result created is the same as the result sent in the response packet, access is granted; otherwise, it is denied. CHAP CHAP packets An example