PPPoE (Point-to-Point Protocol over Ethernet) is a widely used networking protocol, especially in DSL and some fiber broadband connections. It allows multiple users to connect individually to a remote network over a shared Ethernet infrastructure—while enabling ISPs to authenticate users, assign ID addresses, and monitor usage.
This comprehensive guide explains what PPPoE is, how it works, its key components, pros and cons, and how it compares to other protocols like DHCP.
>> Contents
What is PPPoE
PPPoE (Point-to-Point Protocol over Ethernet) is a network protocol, defined in RFC 2516, that encapsulates Point-to-Point Protocol (PPP) frames within Ethernet frames to establish individual authenticated sessions for multiple users over a shared Ethernet network. Its primary function is to enable Internet Service Provides (ISPs) to manage and authenticate user connections, assign IP addresses, and track usage for billing purposes in a controlled and secure manner.
By combining the session-based authentication and network configuration features of PPP with the widespread use of Ethernet, PPPoE allows ISPs to deliver broadband access while maintaining secure, manageable connections for each user.
Understanding PPP: The Foundation Behind PPPoE
To better understand PPPoE, it’s important to recognize the role of PPP (Point-to-Point Protocol), which handles:
- Authentication via PAP or CHAP
- Link management through Link Control Protocol (LCP)
- Network configuration using Network Control Protocols (NCPs), such as IPCP for IP settings.
How Does PPPoE Work
The PPPoE process operates in two main stages: the Discovery Stage and the Session Stage.
The Discovery Stage – Establishing the Session
Before data can be transferred, a PPPoE client (your router or computer) needs to locate and establish a connection with a PPPoE server, known as an Access Concentrator (AC). This stage uses specific control packets and relies on MAC addresses for communication, as IP addresses haven’t been assigned yet. The process involves four steps:
1. PADI (PPPoE Active Discovery Initiation)
The client broadcasts a PADI packet onto the network. This packet essentially asks, “Are there any Access Concentrators available?”
2. PADO (PPPoE Active Discovery Offer)
One or more Access Concentrators on the network may respond with a PADO packet. This packet signifies, “I am an AC, and I can offer you a connection.” It contains the AC’s name and the services it offers.
3. PADR (PPPoE Active Discovery Request)
The client selects one AC (usually the first one to respond) and sends a unicast PADR packet directly to that AC’s MAC address. This packet requests a connection from the chosen AC.
4. PADS (PPPoE Active Discovery Session-confirmation)
If the AC accepts the request, it generates a unique Session ID for this specific point-to-point connection and sends a PADS packet back to the client. This packet confirms the establishment of the session.
Once the PADS packet is received, both the client and the AC know the Session ID and the peer’s MAC address, marking the end of the Discovery Stage.
The Session Stage – Transmitting Data
With the Discovery Stage complete and a unique Session ID established, the PPPoE session begins. All communication from this point onwards uses this Session ID.
During the Session Stage:
- PPP Negotiation: Standard PPP communication takes place over the established PPPoE connection. This typically involves authentication (using protocols like PAP or CHAP, where the client sends username/password credentials) and network control protocol (NCP) negotiations to configure network-layer parameters, most importantly, the assignment of an IP address to the client.
- Data Encapsulation: User data (IP packets) is first encapsulated within PPP frames. These PPP frames are then encapsulated within PPPoE frames (which include the Session ID), and finally, these PPPoE frames are encapsulated within standard Ethernet frames for transmission over the physical network. The encapsulation looks like this: [Ethernet Header [PPPoE Header [PPP Header [IP Packet] PPP Trailer] Ethernet Trailer].
- Data Transfer: Encapsulated data flows between the client and the AC over the Ethernet link.
- Session Termination: Either the client or the AC can terminate the session by sending a PADT (PPPoE Active Discovery Terminate) packet.
Key Components of a PPPoE Setup
A typical PPPoE environment involves three main components:
- PPPoE Client: The software or hardware on the user’s end (e.g., a computer’s operating system, a DSL modem/router) that initiates the PPPoE connection.
- Access Concentrator (AC): A device, usually located at the ISP’s point of presence (PoP), that terminates the PPPoE sessions from multiple clients. It authenticates users and manages their connections.
- RADIUS Server (Remote Authentication Dial-In User Service): While not strictly part of the PPPoE protocol itself, ACs commonly interact with a backend RADIUS server. The AC forwards the user credentials (received via PPP authentication within the PPPoE session) to the RADIUS server for verification. The RADIUS server checks the credentials against a user database and tells the AC whether to grant or deny access, often also providing configuration parameters like the assigned IP address.
PPPoE vs. DHCP: Key Differences
PPPoE and DHCP (Dynamic Host Configuration Protocol) are sometimes confused, but they serve fundamentally different purposes:
| Feature | PPPoE | DHCP |
| Purpose | Authenticated point-to-point connection | Auto IP configuration |
| Authentication | Yes (via PPP: PAP/CHAP) | No built-in authentication |
| Layer | Layer 2 (with PPP for Layer 3 support) | Application Layer (Layer 7) |
| Connection Type | Logical session between client and AC | Stateless, one-time IP assignment |
| Common Use | WAN access over DSL/fiber | LAN device IP assignment |
| IP Assignment | After successful authentication | Immediate IP lease |
In essence, PPPoE is about creating an authenticated session before network access is granted, while DHCP is primarily about simplifying IP address management within an already trusted network.
Pros and Cons of PPPoE
Like any network protocol, PPPoE comes with its advantages and limitations. Understanding both sides helps determine whether it’s the right fit for specific deployment scenarios.
Advantages of PPPoE
PPPoE offers several benefits, particularly for ISPs:
- Authentication & Access Control: Its core strength. PPPoE enforces user authentication (via PPP) before granting network access, ensuring only subscribed users connect.
- Session Management: Each user connection is a distinct session, making it easier for ISPs to manage individual connections, apply policies, and track usage.
- Billing/Accounting Support: Because each connection is a separate, authenticated session, ISPs can easily track connection time or data usage for billing purposes.
- IP Address Assignment: Allows ISPs to dynamically assign public IP addresses to users only when they are actively connected.
- Flexibility: Theoretically allows multiple logical PPP sessions over a single physical Ethernet connection (though less common in typical home setups).
- ISP Control: Provides ISPs with greater control over network access parameters and user policies compared to simple bridging or DHCP-only setups on the WAN side.
Disadvantages of PPPoE
Despite its advantages, PPPoE also has some drawbacks:
- MTU Overhead: PPPoE adds overhead to each data packet. The PPPoE header (6 bytes) and PPP Protocol ID (2 bytes) reduce the Maximum Transmission Unit (MTU) available for IP data, typically from 1500 bytes (standard Ethernet) down to 1492 bytes. This can sometimes issues with applications sensitive to MTU size and may require adjustments or fragmentation.
- Configuration Complexity: Setting up PPPoE on the client side requires entering credentials (username/password), which is slightly more complex for end-users than the automatic configuration provided by DHCP in LANs.
- Potential Single Point of Failure: The Access Concentrator (AC) handles many user sessions. If the AC fails, all connected users lose connectivity, making it a potential bottleneck or single point of failure.
- Minor Performance Overhead: The encapsulation and decapsulation process adds a small amount of processing overhead on both the client and AC equipment compared to simpler Ethernet bridging.
- Discovery Overhead: The initial discovery process adds slight latency to connection establishment.
Common Applications of PPPoE
The most widespread application of PPPoE is for Broadband Internet Access, particularly with DSL technology. ISPs use it to manage thousands or millions of subscriber connections efficiently. It’s also sometimes used in:
- Ethernet Metropolitan Area Networks (MANs)
- Certain Fiber-to-the-Home (FTTH) deployments
- Some enterprise scenarios requiring authenticated network access over Ethernet.
Example of PPPoE-CHAP
Generally, a single user or a home user uses PPPoE to access the Internet. After passing RADIUS authentication, the user obtains an IP address from the BRAS.
- The client sends a PADI packet to the server to start PPPoE access.
- The server sends a PADO packet to the client.
- The client sends a PADR packet to the server.
- The server generates a session ID and sends it to the client through PADS.
- The client and the server perform PPP LCP negotiation to establish a link-layer connection. In addition, CHAP authentication is used.
- The server sends a 128-bit Challenge packet to the authentication client.
- After receiving the challenge packet, the client performs the MD5 algorithm on the password and challenge and sends the password and challenge to the server for the response packet.
- The server sends the challenge and user name to the RADIUS server for authentication.
- The RADIUS server determines whether the user is authorized based on the user information and sends an authentication success/failure packet to the server. If the authentication is successful, the AAA server sends a message carrying negotiation parameters and service attributes to authorize the subscriber. If the authentication fails the process ends.
- The server returns the authentication result to the client.
- The user performs NCP(such as IPCP) negotiation and obtains the planned parameters such as the IP address through the server.
Conclusion
PPPoE continues to be a critical protocol in broadband networking, bridging the control of PPP with the ubiquity of Ethernet. It empowers ISPs to authenticate, manage, and bill individual users while ensuring secure and controlled sessions over shared infrastructure. Despite newer technologies, PPPoE remains relevant where session-based control and authentication are necessary.
