Upload
nevaeh-bafford
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Datacenter
Phone Exchange Point of Presence
Customer Datacenter
The big picture
Core NetworkCore Network
Phone Network
Phone Network
Home Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
Datacenter
Phone Exchange Point of Presence
Customer Datacenter
Accessing the Net
Core NetworkCore Network
Home Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
ATM Circuit
DSL Connection
PPPoE Connection
RADIUSAuth. Request
IP Data
PPP – Point-to-Point Protocol
• Encapsulates other protocols (tunnel)
• Enables AAA (authentication, authorization, accounting)
• Supports auto-configuration
• We consider IP over PPPoE (PPP over Ethernet)
Phases of PPP
Link Dead
Establishedsuccessful?
LinkEstablishment
Phase
Needauthentication?
AuthenticationPhase
Authenticationsuccessful?
Network-LayerProtocol Phase
LinkTermination
Phase
No
No
No
Yes Yes
Yes
PPPoE Frame
Dst. Addr
Src. Addr
TypeData
PPPoE
Version
(4 Bit)
Type
(4 Bit)
Code
(1 Byte)
Session-ID
(2 Byte)
Length
(2 Byte)
PPP Protocol
(2 Byte)
Payload
(variable)
Ethernet Frame
Always 0x1
Always 0x1
0x00: Data0x07: PADO0x09: PADI0x19: PADR0x65: PADS0xa7: PADT
Announced in PADS Frame, before: 0x0000
Payload Length in Bytes
0x0021: IP0x8021: IP Control Prot. (IPCP)0xc021: Link Control Prot. (LCP)0xc023: Password Auth. Prot. (PAP)0xc223: Challenge Handshake
Auth. Prot. (CHAP)
0x8863: PPPoE Discovery0x8864: PPPoE Session
PPPoE Session
Client DSL-AC
PPPoE Active Discovery (AD) Initiation: PADIBroadcast Packet, optional: Service-Name
PPPoE AD Offer: PADOService-Name, AC-Name
PPPoE AD Request: PADRService-Name, AC-Name
PPPoE AD Session Confirmation: PADSSession-ID
PPPoE AD TerminationCan be sent by either side
If multiple PADO:
Choose one
PPP Session1) PPP Session handshake (LCP),
including authentication2) IP configuration (IPCP)3) IP Session (Payload)
Authenticate user andauthorize session
Record accounting data
Set local IP configuration
RADIUS
• “Remote Authentication Dial-In User Service”
• Central RADIUS Server• Provides authentication service for
Network Access Servers (NAS) • NAS: Every device that a user can use to
connect to a network, e.g: PPP-AC, WPA access-point,
802.1x switch
PPP Session with RADIUSPPP-AC/NAS Auth. Server
RADIUS: Access RequestUsername + Password
Write accountingrecord
Client
LCP: Conf RequestAuth. Proto: PAP
RADIUS: Access AcceptAttributes:• IP Address•….
RADIUS: Accounting StartAttributes:• IP Address• Session ID•….
PAP: Auth AckUsername + Password
IPCP: Conf Req.IP: 0.0.0.0
IPCP: Conf RejectIP: 1.2.3.4
LCP: Conf AckAuth. Proto: PAPPAP: Auth Request Username + Password
LCP: Terminate Link RADIUS: Accounting StopAttributes:•Session ID•Duration,Traffic Volume•…
Write accountingrecord
Datacenter
Phone Exchange Point of Presence
Customer Datacenter
Excurse: Other providers
Core NetworkCore Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
Datacenter
Core Network
Core Network
Point of Presence
PPP-AC Access Router
Point of Presence
Point of Presence
loadgen10X
Datacenter
Phone Exchange
Customer Datacenter
The smaller picture
Core NetworkCore Network
Phone Network
Phone Network
Home Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers