Point to point protocol over Ethernet

Original rationale

In late 1998 the DSL service model had a chicken-and-egg problem. ADSL technology had been proposed a decade earlier. Potential equipment vendors and carriers alike recognized that broadband such as cable modem or DSL would eventually replace dialup service, but the hardware (both customer premises and LEC) faced a significant low-quantity cost barrier. Initial estimates for low-quantity deployment of DSL showed costs in the $300–$500 range for a DSL modem and $300/mo access fee from the telco which was well beyond what a home user would pay. Thus the initial focus was on small & home business customers for whom a T1 line (at the time $800–$1500 per month) was not economical, but who needed more than dialup or ISDN could deliver. If enough of these customers paved the way, quantities would drive the prices down to where the home-use dialup user might be interested: more like $50 for the modem and $50/mo for the access.

Different usage profile

The problem was that small business customers had a different usage profile than a home-use dialup user, including: connecting an entire LAN to the internet; Providing services on a local LAN accessible from the far side of the connection; Simultaneous access to multiple external data sources, such as a company VPN and a general purpose ISP; Continuous usage throughout the workday, or even around the clock.

These requirements didn't lend themselves to the connection establishment lag of a dialup process nor its one-computer-to-one-ISP model, nor even the many-to-one that NAT + dialup provided. A new model was required.

PPPoE is used mainly either:

with PPPoE-speaking Internet DSL services where a PPPoE-speaking modem-router (residential gateway) connects to the DSL service. Here both ISP and modem-router need to speak PPPoE. (Note that in this case, the PPPoE-over-DSL side of things is occasionally referred to as PPPoEoA, for ‘PPPoE over ATM’.)

or when a PPPoE-speaking DSL modem is connected to a PPPoE-speaking Ethernet-only router using an Ethernet cable.

Time to market: simpler is better

A problem with creating a completely new protocol to fill these needs was time. The equipment was available immediately, as was the service, and a whole new protocol stack (Microsoft at the time was advocating fiber-based atm-cells-to-the-desktop, and L2TP was brewing as well, but was not near completion) would take so long to implement that the window of opportunity might slip by. Several decisions were made to simplify implementation and standardization in an effort to deliver a complete solution quickly.

Reuse existing software stacks

PPPoE hoped to merge the widespread Ethernet infrastructure with the ubiquitous PPP, allowing vendors to reuse their existing software and deliver products in the very near term. Essentially all operating systems at the time had a PPP stack, and the design of PPPoE allowed for a simple shim at the line-encoding stage to convert from PPP to PPPoE.

Simplify hardware requirements

Competing WAN technologies (T1, ISDN) required a router on the customer premises. PPPoE used a different Ethernet frame type, which allowed the DSL hardware to function as simply a bridge, passing some frames to the WAN and ignoring the others. Implementation of such a bridge is multiple orders of magnitude simpler than a router.

Informational RFC

RFC 2516 was initially released as an informational (rather than standards-track) RFC for the same reason: the adoption period for a standards-track RFC was prohibitively long.

Success

PPPoE was initially designed to provide a small LAN with individual independent connections to the internet at large, but also such that the protocol itself would be lightweight enough that it wouldn't impinge on the hoped-for home usage market when it finally arrived. While success on the second matter may be debated (some complain that 8 bytes per packet is too much) PPPoE clearly succeeded in bringing sufficient volume to drive the price for service down to what a home user would pay. It remains the dominant DSL connectivity mechanism as of 2011, more than a decade later.

PPPoE stages

The PPPoE has two distinct stages:

PPPoE discovery

Since traditional PPP connections are established between two end points over a serial link or over an ATM virtual circuit that has already been established during dial-up, all PPP frames sent on the wire are sure to reach the other end. But Ethernet networks are multi-access where each node in the network can access every other node. An Ethernet frame contains the hardware address of the destination node (MAC address). This helps the frame reach the intended destination.

Hence before exchanging PPP control packets to establish the connection over Ethernet, the MAC address of the two end points should be known to each other so that they can be encoded in these control packets. The PPPoE Discovery stage does exactly this. In addition it also helps establish a Session ID that can be used for further exchange of packets.

PPP session

Once the MAC address of the peer is known and a session has been established, the Session stage will start.

PPPoE Discovery (PPPoED)

Although traditional PPP is a peer-to-peer protocol, PPPoE is inherently a client-server relationship since multiple hosts can connect to a service provider over a single physical connection.

The Discovery process consists of four steps between the host computer which acts as the client and the access concentrator at the internet service provider's end acts as the server. They are outlined below. The fifth and last step is the way to close an existing session.

Client to server: Initiation (PADI)

PADI stands for PPPoE Active Discovery Initiation.

If a user wants to "dial up" to the Internet using DSL, then their computer first must find the DSL access concentrator (DSL-AC) at the user's Internet service provider's point of presence (POP). Communication over Ethernet is only possible via MAC addresses. As the computer does not know the MAC address of the DSL-AC, it sends out a PADI packet via an Ethernet broadcast (MAC: ff:ff:ff:ff:ff:ff). This PADI packet contains the MAC address of the computer sending it.

Example of a PADI-packet:

Frame 1 (44 bytes on wire, 44 bytes captured) Ethernet II, Src: 00:50:da:42:d7:df, Dst: ff:ff:ff:ff:ff:ff PPP-over-Ethernet Discovery Version: 1 Type 1 Code Active Discovery Initiation (PADI) Session ID: 0000 Payload Length: 24 PPPoE Tags Tag: Service-Name Tag: Host-Uniq Binary Data: (16 bytes)

Src. (=source) holds the MAC address of the computer sending the PADI.
Dst. (=destination) is the Ethernet broadcast address.
The PADI packet can be received by more than one DSL-AC. Only DSL-AC equipment that can serve the "Service-Name" tag should reply.

Server to client: Offer (PADO)

PADO stands for PPPoE Active Discovery Offer.

Once the user's computer has sent the PADI packet, the DSL-AC replies with a PADO packet, using the MAC address supplied in the PADI. The PADO packet contains the MAC address of the DSL-AC, its name (e.g. LEIX11-erx for the T-Com DSL-AC in Leipzig) and the name of the service. If more than one POP's DSL-AC replies with a PADO packet, the user's computer selects the DSL-AC for a particular POP using the supplied name or service.

Here is an example of a PADO packet:

Frame 2 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:0e:40:7b:f3:8a, Dst: 00:50:da:42:d7:df PPP-over-Ethernet Discovery Version: 1 Type 1 Code Active Discovery Offer (PADO) Session ID: 0000 Payload Length: 36 PPPoE Tags Tag: AC-Name String Data: IpzbrOOl Tag: Host-Uniq Binary Data: (16 bytes)

AC-Name -> String data holds the AC name, in this case “Ipzbr001” (the Arcor DSL-AC in Leipzig)
Src. holds the MAC address of the DSL-AC.
The MAC address of the DSL-AC also reveals the manufacturer of the DSL-AC (in this case Nortel Networks).

Client to server: request (PADR)

PADR stands for PPPoE active discovery request.

A PADR packet is sent by the user's computer to the DSL-AC following receipt of an acceptable PADO packet from the DSL-AC. It confirms acceptance of the offer of a PPPoE connection made by the DSL-AC issuing the PADO packet.

Server to client: session-confirmation (PADS)

PADS stands for PPPoE Active Discovery Session-confirmation.

The PADR packet above is confirmed by the DSL-AC with a PADS packet, and a Session ID is given out with it. The connection with the DSL-AC for that POP has now been fully established.

Either end to other end: termination (PADT)

PADT stands for PPPoE Active Discovery Termination. This packet terminates the connection to the POP. It may be sent either from the user's computer or from the DSL-AC.

Protocol overhead

PPPoE over ATM has the highest overhead of the popular DSL delivery methods.

Over ATM/DSL (aka PPPoEoA): The amount of overhead added by PPPoEoA on a DSL link depends on the packet size because of (i) the absorbing effect of ATM cell-padding (discussed below), which completely cancels out additional overhead of PPPoEoA in some cases, (ii) PPPoEoA + AAL5 overhead which can cause an entire additional 53-byte ATM cell to be required, and (iii) in the case of IP packets, PPPoE overhead added to packets that are near maximum length (‘MRU’) may cause IP fragmentation, which also involves the first two considerations for both of the resulting IP fragments. However ignoring ATM and IP fragmentation for the moment, the basic additional protocol header overheads for AAL5 payload due to choosing PPP + PPPoEoA are: 2 bytes (for PPP) + 6 (for PPPoE) + 18 (Ethernet MAC, variable) + 10 (RFC 2684 LLC, variable) = 36 bytes. This figure of 36 bytes can be slightly reduced by choosing the RFC 2684 option of discarding the 4-byte Ethernet MAC FCS, which reduces the figure of 18 bytes above to 14, bringing the total of 36 down to 32.

Compare this with a vastly more header-efficient protocol, PPP + PPPoA RFC 2364 VC-MUX over ATM+DSL, which has a mere 2-byte overhead within the AAL5 payload. (In fact, just simply 2 bytes for PPP + zero for RFC 2364.)

Returning to PPPoEoA, when calculating the total number of ATM cells needed to carry our PPP frame, in addition to the overheads already mentioned we must also append an 8-byte long ‘CPCS’ trailer required by AAL5, which must always be present at the end of the final cell. Including this gives us a (minimum) total ATM payload overhead of 36 + 8 = 44 bytes if the Ethernet MAC FCS is present, or 32 + 8 = 40 bytes if not. However the additional overhead in terms of ATM payload due to the choice of PPPoEoA is in fact not fixed - it can be either zero or 48 bytes (leaving aside scenario (iii) mentioned earlier, IP fragmentation). This is because ATM cells have a fixed payload capacity of 48 bytes, and including 36 or 32 bytes more AAL5 payload may require one more whole ATM cell to be sent to contain the excess beyond 48 - 8 bytes. The last two cells will contain padding bytes as required to ensure that each cell's payload is 48 bytes long and then the last cell ends with the 8-byte AAL5 trailer.

An example: In the case of a 1500-byte IP packet sent over AAL5/ATM, neglecting final cell padding for the moment, we start with 1500 + 36 + 8 (AAL5 CPCS trailer) = 1544 bytes if the ethernet FCS is present, or else + 32 + 8 = 40 bytes otherwise. To send 1544 bytes over ATM requires 33 48-byte ATM cells since 32 × 48 = 1536 bytes is not quite enough. Compare this to the case of PPP + PPPoA which at 1500 + 2 (PPP) + 0 (PPPoA: RFC 2364 VC-MUX) + 8 (CPCS trailer) = 1510 bytes fits in 32 cells. So the real cost of choosing PPPoEoA for 1500-byte IP packets is one additional ATM cell per packet, a ratio of 33:32.

However, for some other packet lengths the additional DSL overhead due to choosing PPPoEoA would be zero if the 36-byte (or 32-byte) extra overhead does not push ATM into requiring an additional cell. For example a 1492-byte long packet sent with PPP + PPPoEoA + AAL5 overheads gives us a total ATM payload of 1492 + 36 + 8 = 1536 bytes = 32 cells exactly, and the overhead in this special case is no greater than if we were using the header-efficient PPPoA protocol, which would require 1492 + 2 + 0 + 8 = 1502 bytes ATM payload = 32 cells also. The case where the packet length is 1492 represents the optimum efficiency for PPPoEoA in ratio terms (unless even longer packets are allowed).

Over Ethernet: On an Ethernet LAN, overhead for PPP + PPPoE is a fixed 2 + 6 = 8 bytes, unless IP fragmentation is produced.

MTU/MRU

When a PPPoE-speaking DSL modem sends or receives Ethernet frames containing PPP + PPPoE payload across the Ethernet link to a router (or PPPoE-speaking single PC), PPP + PPPoE contributes an additional overhead of 8 bytes = 2 (PPP) + 6 (PPPoE) included within the payload of each Ethernet frame. This added overhead can mean that a reduced maximum length limit (so-called ‘MTU’ or ‘MRU’) of 1500 - 8 = 1492 bytes is imposed on (for example) IP packets sent or received, as opposed to the usual 1500-byte Ethernet frame payload length limit which applies to standard Ethernet networks. Some devices support RFC 4638, which allows negotiation for the use of non-standard Ethernet frames with a 1508-byte Ethernet payload, sometimes called ‘baby jumbo frames’, so allowing a full 1500-byte PPPoE payload. This capability is advantageous for many users in cases where companies receiving IP packets have (incorrectly) chosen to block all ICMP responses from exiting their network, a bad practice which prevents path MTU discovery from working correctly and which can cause problems for users accessing such networks if they have an MTU of less than 1500 bytes.

How PPPoE fits in the DSL Internet access architecture

The transport protocol used on the telephone network is ATM. The DSL modem encapsulates PPP packets inside ATM cells and sends them over the WAN. There are several encapsulation methods.

PPPoE to PPPoA

In this diagram, the scenario is the same as before with two exceptions: (i) A more efficient modem architecture is shown, the modem being a PPPoE-to-PPPoA protocol converter. (ii) The service provider offers a PPPoA service and does not understand PPPoE. There is no PPPoEoA in this protocol chain.

In this alternative topology, PPPoE is merely a means of connecting DSL-modems to an Ethernet-only router (again, or to a single host PC). Here it is not concerned with the mechanism employed by an ISP to offer broadband services.

When transmitting packets bound for the internet, the PPPoE-speaking Ethernet router sends Ethernet frames to the (also PPPoE-speaking) DSL modem. The modem extracts PPP frames from within the received PPPoE frames, and sends the PPP frames onwards to the DSLAM by encapsulating them according to RFC 2364 (PPPoA), thus converting PPPoE into PPPoA.

On the diagram, the area shown as ‘backbone’ could also be ATM on older networks, however its architecture is service provider-dependent. On a more detailed, more service-provider specific diagram there would be additional columns in this area.

Quirks

Since the point-to-point connection established has a MTU lower than that of standard Ethernet (typically 1492 vs Ethernet's 1500), it can sometimes cause problems when Path MTU Discovery is defeated by poorly configured firewalls. Although higher MTUs are becoming more common in providers' networks, usually the workaround is to use TCP MSS (Maximum Segment Size) "clamping" or "rewrite", whereby the access concentrator rewrites the MSS to ensure TCP peers send smaller datagrams. Although TCP MSS clamping solves the MTU issue for TCP, other protocols such as ICMP and UDP may still be affected.

RFC 4638 allows PPPoE devices to negotiate an MTU of greater than 1492 if the underlying Ethernet layer is capable of jumbo frames.

Some vendors (Cisco and Juniper, for example) distinguish PPPoE[oA] from PPPoEoE (PPPoE over Ethernet), which is PPPoE running directly over Ethernet or other IEEE 802 networks or over Ethernet bridged over ATM, in order to distinguish it from PPPoEoA (PPPoE over ATM), which is PPPoE running over an ATM virtual circuit using RFC 2684 and SNAP encapsulation of PPPoE. (PPPoEoA is not the same as Point-to-Point Protocol over ATM (PPPoA), which doesn't use SNAP).

According to a Cisco document "PPPoEoE is a variant of PPPoE where the Layer 2 transport protocol is now Ethernet or 802.1q VLAN instead of ATM. This encapsulation method is generally found in Metro Ethernet or Ethernet digital subscriber line access multiplexer (DSLAM) environments. The common deployment model is that this encapsulation method is typically found in multi-tenant buildings or hotels. By delivering Ethernet to the subscriber, the available bandwidth is much more abundant and the ease of further service delivery is increased."

It is possible to find DSL modems, such as the Draytek Vigor 120, where PPPoE is confined to the ethernet link between a DSL modem and a partnering router, and the ISP does not speak PPPoE at all (but rather PPPoA).

Post-DSL uses and some alternatives in these contexts

A certain method of using PPPoE in conjunction with GPON (which involves creating a VLAN via OMCI) has been patented by ZTE.

PPPoE over GPON is reportedly used by retail service providers such as Internode of Australia's National Broadband Network, Romania's RCS & RDS (for their "Fiberlink" customers — GPON is sold as Ethernet ports in MDUs)., Orange France and Philippines' Globe Telecom. Verizon's FIOS product uses DHCP in some states and PPPoE in others.

RFC 6934 "Applicability of Access Node Control Mechanism to PON based Broadband Networks", which argues for the use of Access Node Control Protocol in PONs for—among other things—authenticating subscriber access and managing their IP addresses, and the first author of which is a Verizon employee, excludes PPPoE as an acceptable encapsulation for GPON: "The protocol encapsulation on BPON is based on multi-protocol encapsulation over ATM Adaptation Layer 5 (AAL5), defined in [RFC2684]. This covers PPP over Ethernet (PPPoE, defined in [RFC2516]) or IP over Ethernet (IPoE). The protocol encapsulation on GPON is always IPoE."

The 10G-PON (XG-PON) standard (G.987) provides for 802.1X mutual authentication of the ONU and OLT, besides the OMCI method carried forward from G.984. G.987 also adds support for authenticating other customer-premises equipment beyond the ONU (e.g. in a MDU), although this is limited to Ethernet ports, also handled via 802.1X. (The ONU is supposed snoop EAP-encapsulated RADIUS messages in this scenario and determine if the authentication was successful or not.) There is some modicum support for PPPoE specified in the OMCI standards, but only in terms of the ONU being able to filter and add VLAN tags for traffic based on its encapsulation (and other parameters), which includes PPPoE among the protocols that ONU must be able to discern.

The Broadband Forum's TR-200 "Using EPON in the Context of TR-101" (2011), which also pertains to 10G-EPON, says "The OLT and the multiple-subscriber ONU MUST be able to perform the PPPoE Intermediate Agent function, as specified in Section 3.9.2/TR-101."

A book on Ethernet in the first mile notes that DHCP can obviously be used instead of PPPoE to configure a host for an IP session, although it points out that DHCP is not a complete replacement for PPPoE if some encapsulation is also desired (although VLAN bridges can fulfill this function) and that furthermore DHCP does not provide (subscriber) authentication, suggesting that IEEE 802.1X is also needed for a "complete solution" sans PPPoE. (This book assumes that PPPoE is leveraged for other features of PPP besides encapsulation, including IPCP for host configuration, and PAP or CHAP for authentication.)

There are security reasons to use PPPoE in a (non-DSL/ATM) shared-medium environment, such as power line communication networks, in order to create separate tunnels for each customer.