Intergate Web Security

PPPoE

The arrival of low cost broadband technologies in general and DSL (Digital Subscriber Line) in particular has greatly increased the number of computer hosts that are permanently connected to the Internet. This has increased concerns on the part of DSL service providers about security. Computers connected to the Internet via DSL do so through an Ethernet link. As such, plain TCP/IP has been used, with no additional protocols. Modem dial-up connection, on the other hand, use PPP (Point to Point Protocol) which provides secure login, and traffic metering among other advanced features. PPPoE (PPP over Ethernet) was designed to bring the security and metering benefits of PPP to Ethernet connections such as DSL.

We are presenting this information in a Q&A (Questions and Answers) format that we hope will be useful. Our knowledge of this subject relates to Internet connectivity in general, and stems from our own TCP/IP routing technology. We welcome feedback and comments from any readers on the usefulness or content.

We are providing the best information available to us as of the date of this writing and intend to update it at frequent intervals as things change and/or more information becomes available. However we intend this Q&A as a guide only and recommend that users obtain specific information to determine applicability to their specific requirements. (This is another way of saying that we can't be held liable or responsible for the content.)

Download the PPPoE PDF

Introduction

Vicomsoft develops and provides Network Address Translation and TCP/IP routing technology, including PPP and PPPoE features. Our software allows users to connect whole LANs to the Internet, using single or multiple Internet connections.

Vicomsoft have gained significant experience in the domain of the TCP/IP protocol suite including PPP and PPPoE, and would like to make this information available to those interested in this subject.

For those who would like to study this subject in more detail useful links are listed at the end of this document.

Questions

  1. What is PPP?
  2. What is PPPoE?
  3. Who uses PPPoE?
  4. How do I know if I need PPPoE software?
  5. What does Vicomsoft recommend?

1. What is PPP?

PPP is an acronym for Point to Point Protocol. It is a member of the TCP/IP suite of network protocols.

PPP is an extension to TCP/IP that adds two additional sets of functionality:

  • it can transmit TCP/IP packets over a serial link
  • it has login security

TCP/IP by itself cannot be transmitted over a serial link. This makes it unsuitable for WANs (Wide Area Networks). At the time of this writing it is not feasible to extend an Ethernet network over many thousands of miles although this may soon change using 10 Gigabyte Ethernet over fibre optic. Telecommunications companies however offer serial communications links around the globe right now and have done so for many years. To make TCP/IP work over these serial links, it was necessary to create a protocol that could transmit TCP/IP packets over serial lines. The two protocols that do this are:

  • SLIP (Serial Line Internet Protocol)
  • PPP

PPP is more feature rich and has largely supplanted SLIP.

When serial links that are part of the public telephone system are used, care must be taken to ensure the authenticity of all communications. To this end PPP incorporates user name and password security. Thus, a router or server receiving a request via PPP where the origin of the request is not secure, would require authentication. This authentication is part of PPP. Because of its ability to route TCP/IP packets over serial links and its authentication capabilities, PPP is generally used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet.

Figure 1: PPP is used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet.

PPP is used by Internet Service Providers (ISPs) to allow dial-up users to connect to the Internet

2. What is PPPoE?

PPP, which was designed for serial communications, has now been adapted to Ethernet, and is appropriately called PPP over Ethernet (PPPoE). Since PPP was designed to do things that were either impossible or unnecessary with Ethernet, users are often confused as to why one would want to use PPP over Ethernet at all.

If we were to compare TCP/IP traffic to vehicle traffic, the basic TCP/IP protocol would be comparable to a network of city streets. Streets can serve many access points. It is easy to get on to and off of the street. Additional access points can be added with little disruption. It is hard to tell how many cars are actually using each street. PPP, on the other hand, would be comparable to a railway. Travel is generally between two well defined points. You can't get on and off anywhere. It is relatively easy to count and monitor passengers. You need a ticket to board.

If this is true, then isn't PPPoE like running railway tracks down main street? In fact, yes, it is. That is what tramways do. Without disturbing main street traffic, they bring the advantages of railways. They offer speedy access between two well defined points and allow you to count passengers. And you need a ticket to board.

Figure 2: PPPoE allows ISPs to monitor the volume of traffic that their users generate.

PPPoE allows ISPs to monitor the volume of traffic that their users generate.

PPP over Ethernet brings this sort of functionality to ISPs that do not use serial links to connect their users. Serial ISPs already use PPP over modem communications. DSL providers on the other hand use Ethernet, not serial communications. Because of this, many require the added functionality of PPP over Ethernet, which allows them to secure communications through the use of user logins and have the ability to measure the volume of traffic each user generates.

3. Who uses PPPoE?

To the best of our knowledge, only DSL providers are actually using PPPoE right now. It is likely, however, that cable modem providers will begin doing so in the near future.

4. How do I know if I need PPPoE software?

DSL providers that require the use of PPPoE generally supply their choice of PPPoE software to their subscribers. This is fine if you are connecting a single computer to the Internet via DSL. For users that connect an entire LAN to the Internet via DSL, the software supplied by the DSL provider may be insufficient. There may be compatibility problems with the router or Internet sharing software in use between the LAN and the DSL connection. You will need to consult your DSL provider about this.

Figure 3: PPPoE on a Local Network.

PPPoE on a Local Network

5. What does Vicomsoft recommend?

If you are connecting a single computer to the Internet via DSL with PPPoE, the software supplied by the DSL provider may be sufficient but there are alternatives. InterGate Policy Manager from Vicomsoft offers full support for PPPoE, and may optionally provide teaming of multiple Internet connections for increased bandwidth as well as parental controls. If you are connecting a LAN to the Internet via DSL with PPPoE, the most economical way to do so is to use a single public IP address allocated by your DSL ISP, and share it across your LAN with Internet sharing hardware or software. This is only practical if the Internet sharing hardware or software is PPPoE compatible. If your vendor's web site has a search function, use it to search "PPPoE" and you will quickly find out if they support it or not.

PPPoE is a standard, and you might assume that all solutions are therefore 'equal'. As in most things, some are more equal than others. The standard requires that PPPoE software add an additional header to the beginning of each TCP/IP packet. This may cause the packet to become larger than the maximum allowable size. Some software solutions handle this transparently, but some require you to modify the TCP/IP settings on all of the client computers on the LAN.

If you have any queries about internet security then please contact us.




Bookmark and Share
A Yammayap of