What is PPPoE (Point-to-Point Protocol over Ethernet)?

PPPoE (Point-to-Point Protocol over Ethernet) is a widely used networking protocol, especially in DSL and certain fiber broadband deployments. It allows multiple users to establish individual sessions over a shared Ethernet infrastructure, while enabling ISPs to authenticate subscribers, assign IP addresses, and monitor usage for billing and management.

This guide explains what PPPoE is, how it works, its key components, pros and cons, and how it compares with DHCP and other IP allocation methods.

>> Contents

• What is PPPoE
• How Does PPPoE Work
• Key Components of a PPPoE Setup
• PPPoE vs. DHCP: Key Differences
• Pros and Cons of PPPoE
• Common Applications of PPPoE
• Example of PPPoE-CHAP
• FAQs About PPPoE

What is PPPoE

PPPoE (Point-to-Point Protocol over Ethernet) is a network protocol defined in RFC 2516. It encapsulates Point-to-Point Protocol (PPP) frames within Ethernet frames to establish individual authenticated sessions for multiple users over a shared Ethernet network. Its primary function is to enable Internet Service Provides (ISPs) to manage and authenticate user connections, assign IP addresses, and track usage for billing purposes in a controlled and secure manner.

By combining the session-based authentication and network configuration features of PPP with the widespread use of Ethernet, PPPoE allows ISPs to deliver broadband access while maintaining secure, manageable connections for each user.

Understanding PPP: The Foundation Behind PPPoE

To better understand PPPoE, it’s important to recognize the role of PPP (Point-to-Point Protocol), which handles:

• Authentication via PAP or CHAP
• Link management through Link Control Protocol (LCP)
• Network configuration using Network Control Protocols (NCPs), such as IPCP for IP settings.

How Does PPPoE Work

The PPPoE process operates in two main stages: the Discovery Stage and the Session Stage.

The Discovery Stage – Establishing the Session

Before data can be transferred, a PPPoE client (such as a home router or computer) must locate and establish a connection with a PPPoE server, known as the Access Concentrator (AC). This process uses MAC addresses because no IP addresses exist yet. The process involves four steps:

Once the PADS packet is received, both the client and the AC know the Session ID and the peer’s MAC address, marking the end of the Discovery Stage.

The Session Stage – Transmitting Data

With the Discovery Stage complete and a unique Session ID established, the PPPoE session begins. All communication from this point onwards uses this Session ID.

During the Session Stage:

1. PPP Negotiation: Standard PPP communication occurs over the PPPoE session. This includes authentication (PAP or CHAP, where credentials are exchanged and verified via a RADIUS server) and NCP negotiations, especially IPCP, which provides the client with an IP address and related parameters.
2. Data Encapsulation: User data (IP packets) is first encapsulated within PPP frames. These PPP frames are then encapsulated within PPPoE frames (which include the Session ID), and finally, these PPPoE frames are encapsulated within standard Ethernet frames for transmission over the physical network. The encapsulation looks like this: [Ethernet Header [PPPoE Header [PPP Header [IP Packet] PPP Trailer] Ethernet Trailer].
3. Data Transfer: Encapsulated data flows between the client and the AC over the Ethernet link.
4. Session Termination: Either the client or the AC can terminate the session by sending a PADT (PPPoE Active Discovery Terminate) packet.

Key Components of a PPPoE Setup

A typical PPPoE environment involves three main components:

1. PPPoE Client: The software or hardware on the user’s end (e.g., a computer’s operating system, a DSL modem/router) that initiates the PPPoE connection.
2. Access Concentrator (AC): A device, usually located at the ISP’s point of presence (PoP), that terminates the PPPoE sessions from multiple clients. It authenticates users and manages their connections.
3. RADIUS Server (Remote Authentication Dial-In User Service): Not part of PPPoE itself, but essential in most ISP deployments. The AC forwards PPP authentication requests to the RADIUS server, which verifies credentials, returns IP configuration, and enforces policies such as session limits or bandwidth.

PPPoE vs. DHCP: Key Differences

PPPoE and DHCP (Dynamic Host Configuration Protocol) are sometimes confused, but they serve fundamentally different purposes:

Feature	PPPoE	DHCP
Purpose	Authenticated point-to-point connection	Auto IP configuration
Authentication	Yes (via PPP: PAP/CHAP)	No built-in authentication
Layer	Layer 2 (with PPP for Layer 3 support)	Application Layer (Layer 7)
Connection Type	Logical session between client and AC	Stateless, one-time IP assignment
Common Use	WAN access over DSL/fiber	LAN device IP assignment
IP Assignment	After successful authentication	Immediate IP lease

In essence, PPPoE is about creating an authenticated session before network access is granted, while DHCP is primarily about simplifying IP address management within an already trusted network.

Pros and Cons of PPPoE

Like any network protocol, PPPoE comes with its advantages and limitations. Understanding both sides helps determine whether it’s the right fit for specific deployment scenarios.

Advantages of PPPoE

PPPoE offers several benefits, particularly for ISPs:

• Authentication & Access Control: Its core strength. PPPoE enforces user authentication (via PPP) before granting network access, ensuring only subscribed users connect.
• Session Management: Each user connection is a distinct session, making it easier for ISPs to manage individual connections, apply policies, and track usage.
• Billing/Accounting Support: Because each connection is a separate, authenticated session, ISPs can easily track connection time or data usage for billing purposes.
• IP Address Assignment: Allows ISPs to dynamically assign public IP addresses to users only when they are actively connected.
• Flexibility: Theoretically allows multiple logical PPP sessions over a single physical Ethernet connection (though less common in typical home setups).
• ISP Control: Provides ISPs with greater control over network access parameters and user policies compared to simple bridging or DHCP-only setups on the WAN side.

Disadvantages of PPPoE

Despite its advantages, PPPoE also has some drawbacks:

• MTU Overhead: PPPoE introduces an 8-byte header overhead, reducing the Maximum Transmission Unit (MTU) from 1500 bytes (standard Ethernet) to 1492 bytes. If unadjusted, this can cause packet fragmentation and affect applications sensitive to MTU size. This can sometimes issues with applications sensitive to MTU size and may require adjustments or fragmentation.
• Configuration Complexity: Setting up PPPoE on the client side requires entering credentials (username/password), which is slightly more complex for end-users than the automatic configuration provided by DHCP in LANs.
• Potential Single Point of Failure: The Access Concentrator (AC) handles many user sessions. If the AC fails, all connected users lose connectivity, making it a potential bottleneck or single point of failure.
• Minor Performance Overhead: The encapsulation and decapsulation process adds a small amount of processing overhead on both the client and AC equipment compared to simpler Ethernet bridging.
• Discovery Overhead: The initial discovery process adds slight latency to connection establishment.

Common Applications of PPPoE

The most widespread application of PPPoE is broadband Internet access, especially in DSL networks where each subscriber requires authentication. It is also used in:

• Fiber-to-the-Home (FTTH) deployments requiring per-user sessions
• Ethernet Metropolitan Area Networks (MANs)
• Enterprise setups needing authenticated access over Ethernet

Example of PPPoE-CHAP

Generally, a single user or a home user uses PPPoE to access the Internet. After passing RADIUS authentication, the user obtains an IP address from the BRAS.

1. The client sends a PADI packet to the server to start PPPoE access.
2. The server sends a PADO packet to the client.
3. The client sends a PADR packet to the server.
4. The server generates a session ID and sends it to the client through PADS.
5. The client and the server perform PPP LCP negotiation to establish a link-layer connection. In addition, CHAP authentication is used.
6. The server sends a 128-bit Challenge packet to the authentication client.
7. After receiving the challenge packet, the client applies the MD5 algorithm on the password and challenge, then sends the response to the server. The server forwards this to the RADIUS server, which validates the credentials. If successful, the RADIUS returns authorization attributes (such as IP assignment and service policies).
8. The server sends the challenge and user name to the RADIUS server for authentication.
9. The RADIUS server determines whether the user is authorized based on the user information and sends an authentication success/failure packet to the server. If the authentication is successful, the AAA server sends a message carrying negotiation parameters and service attributes to authorize the subscriber. If the authentication fails the process ends.
10. The server returns the authentication result to the client.
11. The user performs NCP(such as IPCP) negotiation and obtains the planned parameters such as the IP address through the server.

FAQs About PPPoE

Can PPPoE be used over fiber networks?

Yes. PPPoE is widely deployed in FTTH (Fiber-to-the-Home) networks as it integrates well with existing authentication and billing systems that were originally developed for DSL. Many ISPs prefer PPPoE because it allows them to continue using centralized RADIUS servers for subscriber management. However, some fiber deployments also use DHCP for its efficiency, especially in environments where per-user authentication is not as critical.

Does PPPoE affect MTU?

Yes. Because PPPoE adds an 8-byte header, it reduces the default Maximum Transmission Unit (MTU) from 1500 bytes to 1492 bytes. If the MTU is not adjusted, packets may be fragmented, leading to reduced performance and latency issues. For this reason, many ISPs recommend setting the MTU to 1492 on routers configured for PPPoE. Advanced users may also adjust related settings such as MSS (Maximum Segment Size) to optimize throughput and avoid fragmentation in high-speed connections.

What is PPPoE on a router?

On a router, PPPoE is the mode that connects to the ISP using a username and password. The router authenticates once, receives an IP, and shares the connection with all local devices.

Why do some ISPs still use PPPoE instead of DHCP?

ISPs use PPPoE for per-user authentication and usage tracking. It integrates with RADIUS systems for billing and control, making it cost-efficient and reliable for large-scale networks.

Conclusion

PPPoE has played a central role in broadband connectivity, balancing authentication, accounting, and access control in a single protocol. While it introduces some overhead and has limitations in terms of security and scalability compared with newer technologies, it remains a practical choice for ISPs who require session-based billing, user management, and compatibility with legacy infrastructure.

As networks evolve to fiber and multi-gigabit speeds, PPPoE continues to coexist with modern protocols, ensuring backward compatibility and flexibility for service providers. Optimizing MTU settings, combining PPPoE with higher-level security measures, and deploying it alongside robust network equipment are key to maintaining performance and reliability.

At VSOL, we provide a full range of GPON, XGS-PON, and CPE solutions that support PPPoE and other access protocols. This enables ISPs to deliver secure, scalable, and cost-effective broadband services while preparing for next-generation fiber deployments.