This appendix provides a brief overview of PPP link operation, including a phase diagram and a description of the various PPP frames transmitted during the life of a PPP link.
The process of establishing, maintaining, and terminating PPP links passes through several distinct phases, during which PPP frames are exchanged between the endpoints of the link.
Link establishment phase
Peer authentication phase (optional)
Network layer protocol phase
Link termination phase
Figure A-1 shows the transitions between these phases.
The Link Control Protocol (LCP) is used to configure the PPP link during the link establishment phase. The configuration parameters are negotiated by an exchange of LCP frames. If the negotiation converges, the link is established and either the authentication protocol or network layer protocol phase is started. If the endpoints fail to negotiate a common configuration for the link, it is closed immediately.
During the link establishment phase only LCP frames should be transmitted in the PPP frames. All other frames are discarded.
Optionally, one or both of the endpoints can request peer authentication. Solstice PPP supports peer authentication based on the Password Authentication Protocol (PAP) and the Challenge-Handshake Authentication Protocol (CHAP). If authentication is successful, the link remains up and the network layer protocol phase is started. If authentication fails, the link termination phase is started to close the link.
During the peer authentication phase only LCP and authentication frames should be transmitted in the PPP frames. All other frames are discarded.
The Network Control Protocols (NCP) are used to configure the appropriate network layer. Solstice PPP implements the Internet Protocol Control Protocol (IPCP) to configure IP over PPP.
Once the network layer is configured by an exchange of NCP frames, IP datagrams can be encapsulated for transmission across the link. LCP frames may be exchanged periodically to test and maintain the link.
During the network layer protocol phase, LCP, NPC, and IP frames should be transmitted in the PPP frames. All other frames are discarded.
The link may be terminated at any time, at the request of either endpoint. Termination may occur due to authentication failure, carrier loss, or the expiration of the inactivity timeout. Link control protocol (LCP) frames are exchanged to terminate the link.
During the link termination phase only LCP frames should be transmitted in the PPP frames. All other frames are discarded.
PPP frames encapsulate packets of information that contain either configuration information or data. The PPP frames have the general format shown in Figure A-2:
The address field is one octet in length, and is part of the HDLC-like framing for PPP defined by RFC 1662. It is always set to 0xff, which is the All-Stations address. Frames that contain any other address value are discarded silently.
Control Field
The control field is one octet in length, and is part of the HDLC-like framing for PPP defined by RFC 1662. It is always set to 0x03, which is the Unnumbered Information (UI) command with the Poll/Final bit set to zero. Frames that contain any other control value are silently discarded.
The protocol id is one or two octets in length, and its value identifies the type of information contained in the information field of the frame.
The following values are significant for Solstice PPP:
0x0001 Padding protocol
0x0021 Internet protocol
0x002d Van Jacobson Compressed TCP/IP
0x002f Van Jacobson Uncompressed TCP/IP
0x8021 Internet Protocol Control Protocol
0xc021 Link Control Protocol
0xc023 Password Authentication Protocol
0xc223 Challenge Handshake Authentication Protocol
The Information field is zero or more octets. The maximum length of the information field is determined by the maximum receive unit (MRU), which is a negotiated parameter. It is set to 1500 (for Ethernet networks) by default.
The information field can contain configuration information or data. In the case of Solstice PPP, the data represents compressed or uncompressed IP datagrams.
The link control protocol (LCP) frames are transmitted during the link establishment and termination phases, and periodically during the life of the link. They are used to negotiate the configuration of the PPP link, and to test and maintain the link, once it is established. LCP frames have the general form shown in Figure A-3.
The address field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0xff.
The control field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0x03.
The protocol id identifies the type of information contained in the information field of the frame, and is always 0xc021 for LCP frames.
The code field is one octet in length and identifies the type of LCP frame, based on the following codes:
0x01 Configure-request 0x07 Code-reject
0x02 Configure-ack 0x08 Protocol-reject
0x03 Configure-nak 0x09 Echo-request
0x04 Configure-reject 0x0a Echo-reply
0x05 Terminate-request 0x0b Discard-request
0x06 Terminate-ack
The id field is one octet in length, and carries an identifier that is used to match associated requests and replies.
The length field is two octets in length, and indicates the total length of the LCP frame including the Code, Id, length, and data fields. The length must not exceed the maximum receive unit (MRU).
The data field is zero or more octets in length, as indicated by the length field. It contains the information associated with the frame, which may be configuration options, frame information, or simple data.
In some cases, the data field includes a magic number, which is four octets in length, and which is used to detect a looped-back condition and other link level anomalies. The magic number is a negotiated parameter, and is set to zero by default. When set, it contains a unique, randomly-generated sequence of digits that identifies the initial source of the frame. If two frames of the same type with the same magic number are received, there is a high probability that the link is looped back, and that the second frame is a reflection of the original.
Link configuration frames are transmitted during the link establishment phase. The data field of a link configuration frame carries information used to negotiate the configuration options for the link. The Link configuration frames are:
Configure-request
Code 0x01. Request the establishment of a link with a particular configuration. Represents the start of the link establishment phase. Terminate-request frames are transmitted periodically until either a valid response is received, or the number of frames sent exceeds the value of the lcp_max_restart parameter in the file ppp.conf.
Configure-ack
C ode 0x02. Acknowledge the receipt of a recognizable Configure-request frame, and accept the requested configuration. Represents the end of the link establishment phase.
Configure-nak
Code 0x03. Acknowledge the receipt of a recognizable Configure-request frame, but reject some or all of the requested configuration.
Configure-reject
Code 0x03. Reject a Configure-request frame because it is not recognizable or because the requested configuration is not acceptable.
Link termination frames are transmitted during the link termination phase. The link termination frames are:
Terminate-request
Code 0x05. Request the termination of a link. Represents the start of the link termination phase.
Terminate-ack
Code 0x06. Acknowledge the receipt of a recognizable Terminate-request frame, and accept the termination request. Represents the end of the link termination phase.
Link maintenance frames are transmitted periodically to test and maintain the link. The link termination frames are:
Code-reject
Code 0x07. Rejects an LCP frame that has an invalid code field.
Protocol-reject
Code 0x08. Rejects a PPP frame that has an invalid protocol id.
Echo-request
Code 0x09. Requests a response, in the form of an Echo-reply frame, from the remote end-point. Used to test that the link is still up.
Echo-reply
Code 0x10. Responds to a valid Echo-request frame. Used to test that the link is still up.
Discard-request
Code 0x11. Sends a frame which is silently discarded at the remote endpoint. Used as a debugging mechanism.
PAP frames are exchanged during the peer authentication phase, when peer authentication based on the Password Authentication Protocol (PAP) is requested as one of the configuration options during the link establishment phase. They have the general form shown in Figure A-4.
The address field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0xff.
The control field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0x03.
The protocol id identifies the type of information contained in the information field of the frame, and is always 0xc023 for PAP frames.
The code field is one octet in length and identifies the type of PAP frame, based on the following codes:
0x01 Authenticate-request
0x02 Authenticate-ack
0x03 Authenticate-nak
The id field is one octet in length, and carries an identifier that is used to match associated requests and replies.
The length field is two octets in length, and indicates the total length of the PAP frame including the code, id, length, and data fields. The length must not exceed the maximum receive unit (MRU).
The data field is zero or more octets in length, as indicated by the length field. It contains information associated with the authentication negotiation, in a format determined by the code field.
PAP Authenticate-request frames (code 0x01) are transmitted to start the authentication phase, and contain the PAP id and PAP password sent for authentication. Up to ten PAP Authenticate-request frames are transmitted without receiving a response before the authentication phase fails. PAP Authenticate-request frames have the format shown in Figure A-5:
The PAP id is zero or more octets in length, as indicated by the PAP id length field, and contains the character string specified by the send_pap_id parameter in the file ppp.conf.
The PAP password is zero or more octets in length, as indicated by the PAP password length field, and contains the character string specified by the send_pap_passwd parameter in the file ppp.conf.
A PAP Authenticate-ack frame (code 0x02) is transmitted by the authenticator when it receives a recognizable PAP Authenticate-request frame that contains an acceptable PAP id and PAP password.
A PAP Authenticate-nak frame (code 0x03) is transmitted by the authenticator when it receives a PAP Authenticate-request frame that is not recognizable, or that contains an unacceptable PAP id and PAP password pair. The link is always terminated.
CHAP frames are exchanged during the peer authentication phase, when peer authentication based on the Challenge-Handshake Authentication Protocol (CHAP) is requested as one of the configuration options during the link establishment phase. They have the general form shown in Figure A-6.
The address field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0xff.
The control field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0x03.
The protocol id identifies the type of information contained in the information field of the frame, and is always 0xc223 for CHAP frames.
The code field is one octet in length and identifies the type of CHAP frame, based on the following codes:
0x01 Challenge
0x02 Response
0x03 Success
0x04 Failure
The id field is one octet in length, and carries an identifier that is used to match associated requests and replies.
The length field is two octets in length, and indicates the total length of the CHAP frame including the code, id, length, and data fields. The length must not exceed the maximum receive unit (MRU).
The data field is zero or more octets in length, as indicated by the length field. It contains information associated with the authentication negotiation, in a format determined by the code field.
CHAP Challenge frames (code 0x01) are used to start the authentication negotiation, and are transmitted by the authenticator. They contain the CHAP name and a challenge value, which is calculated from the CHAP secret using a one-way hash algorithm. Up to ten CHAP Challenge frames are sent without receiving a Response frame before the authentication phase fails.
A CHAP Response frame (code 0x02) is sent on receipt of a recognized CHAP Challenge frame. It contains a response value, which is calculated using the CHAP secret, the challenge value received, and the same one-way hash algorithm.
CHAP Challenge and Response frames have the format shown in Figure A-7:
The CHAP name is one or more octets in length and contains the character string specified by the send_chap_name parameter in the file ppp.conf.
A CHAP Success frame (code 0x03) is transmitted by the authenticator when it receives a recognizable CHAP response frame that contains an acceptable CHAP name and response value.
A CHAP Failure frame (code 0x04) is transmitted by the authenticator when it receives a CHAP response frame that is not recognizable, or that contains an unacceptable PAP id and PAP password pair. The link is always terminated.
The Internet Protocol Control Protocol (IPCP) is used to configure, enable, and disable IP over PPP links. It uses the same frame exchange mechanism as the link control protocol (LCP).
IPCP frames have the general form shown in Figure A-8.
The address field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0xff.
The control field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0x03.
The protocol id identifies the type of information contained in the information field of the frame, and is always 0x8021 for IPCP frames.
The code field is one octet in length and identifies the type of IPCP frame, based on the following codes:
0x01 Configure-request 0x05 Terminate-request
0x02 Configure-ack 0x06 Terminate-ack
0x03 Configure-nak 0x07 Code-reject
0x04 Configure-reject
The id field is one octet in length, and carries an identifier that is used to match associated requests and replies.
The length field is two octets in length, and indicates the total length of the IPCP frame including the code, id, length, and data fields. The length must not exceed the maximum receive unit (MRU).
The data field is zero or more octets in length, as indicated by the length field. It contains the information associated with the frame, which may be configuration options, frame information, or simple data, in a format determined by the code field.
Internet Protocol (IP) frames contain encapsulated IP datagrams for transmission across PPP links. A single IP datagram is contained in the information field of a PPP frame. Large IP datagrams may be fragmented for transmission, if necessary. IP frames have the general form shown in Figure A-9.
The address field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0xff.
The control field is one octet in length, and is part of the HDLC-like framing for PPP. It is always set to 0x03.
The protocol id identifies the type of information contained in the information field of the frame. It can have the following values for IP frames:
0x0021 Internet protocol
0x002d Van Jacobson Compressed TCP/IP
0x002f Van Jacobson Uncompressed TCP/IP
The id field is one octet in length, and carries an identifier that is used to match associated requests and replies.
The length field is two octets in length, and indicates the total length of the IPCP frame including the code, id, length, and data fields. The length must not exceed the maximum receive unit (MRU).
The data field is zero or more octets in length, as indicated by the length field. It contains the IP datagram for transmission over the PPP link.