Friday, May 20, 2016

Point-to-Point Protocol

If not redirected, please click here https://www.thesecuritybuddy.com/vpn/what-is-point-to-point-protocol-and-how-does-it-work/

Point-to-Point Protocol or PPP is a layer 2 or data link layer protocol which is used to establish a direct connection between two nodes in a network. It can provide authentication, encryption and compression. This protocol is used to create a simple link between two peers in a network to transport packets.

PPP links are full duplex and deliver packets in order. This protocol can be used for communications between hosts, bridges, routers etc.



PPP Encapsulation


Data from different network layer protocols can be transferred using same PPP link. This becomes possible because of using encapsulation.

PPP puts the data in a frame and transfers it using a PPP link. A frame is a unit of transmission in the data link layer of the OSI protocol stack. PPP uses frames to mark the beginning and end of encapsulation.


A PPP frame contains the following three fields :


Protocol Field – Protocol field indicates the protocol used in the frame. The protocol can be a Link Control Protocol, Password Authentication Protocol, Challenge Handshake Authenication Protocol etc.


Information Field – It contains the datagram for the protocol specified in the protocol field. A datagram is a unit of transmission in the network layer and it is often encapsulated in one or more packets in the data link layer.


Padding – The information field may get padded by a number of octets in a frame.




How does PPP work




In a Point-to-Point Protocol, a PPP link is established for communication in five phases as mentioned below:



Link Dead Phase


A PPP link begins or ends with a Link Dead Phase. When the physical layer is ready to be used, PPP proceeds with this phase and then transits to the next phase Link Establishment Phase. On disconnection of a modem, the link returns back to this phase.



Link Establishment Phase

Configure packets are exchanged during this phase. These configuration options can be dependent on particular network layer protocol used or it can be independent of that. Two different protocols are used for that purpose :



Link Control Protocol

This protocol is used to agree upon the encapsulation format option, size of packets, misconfiguration errors etc. It can also negotiate parameters of authentication.


Network Control Protocol

This protocol is used to manage the specific needs of the network layer protocol being used. For example, assignment and management of IP addresses may be difficult for a circuit-switched point-to-point link. Network Control Protocol can be used to manage that.



In Link Establishment Phase, only Link Control Protocol packets are used to agree upon the configuration parameters. Configuration dependent on the network layer protcol is handled by Network Control Protocol packets in the Network Layer Protocol Phase.



Authentication Phase


If a peer needs to be authenticated, a PPP link needs to handle it before Network Control Protocol packets are exchanged. PPP uses Authentication Phase for that purpose.


There are two types of authentication protocols that can be used :

  • Password Authentication Protocol
  • Challenge Handshake Authentication Protocol


Password Authentication Protocol

In a Password Authentication Protocol or PAP, a peer is repeatedly requested for ID/password pair until authentication is accepted. On receiving invalid authentication parameters after multiple times, the link in terminated.

In PAP, passwords are transmitted in an unencrypted format over the PPP link. So, this protocol is not secure.



Challenge Handshake Authentication Protocol

A Challenge Handshake Authentication Protocol or CHAP relies on periodic peer validation, instead of relying on authentication only at the beginning of the link establishment.

It uses a challenge-response mechanism for authentication. The authenticator sends a challenge to the peer. The peer receives the challenge and calculates the response using a complex algorithm and the challenge. The response is then sent back to the authenticator. The authenticator receives the response and verifies it using the same algorithm and the input challenge.

In terms of security, CHAP is much more secure than PAP.



Network Layer Protocol Phase

Each network layer protocol like IP, IPX or AppleTalk must be separately configured by Network Control Protocol in a PPP link. Network Layer Protocol Phase takes care of that.



Link Termination Phase


This phase is used to terminate the PPP link. Upon closing the link, PPP informs the network layer protocol to take proper action.



Point-to-Point Protocol and Tunnels


A tunnel is created between two virtual network interfaces. PPP can assign IP addresses to these virtual network interfaces and these IP addresses are used to transfer data between the two networks on both sides of the tunnel.


Many protocols like SSH, SSL, L2TP, PPTP etc can be used to tunnel data over IP networks. PPTP or Point-to-Point Tunneling Protocol is a form of PPP between two hosts which use Microsoft Point-to-Point Encryption or MPPE for encryption and Microsoft Point-to-Point Compression or MPPC for compression.



This article gives some basic information on how Point-to-Point Protocol works. Hope it helped.

No comments:

Post a Comment