Embed Size (px)
Citation preview
Labcourse “Routerlab”
Customer Access
Datacenter
Phone Exchange Point of Presence
Customer Datacenter
The big picture
Core NetworkCore Network
Phone Network
Phone Network
Home Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
Datacenter
Phone Exchange Point of Presence
Customer Datacenter
Accessing the Net
Core NetworkCore Network
Home Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
ATM Circuit
DSL Connection
PPPoE Connection
RADIUSAuth. Request
IP Data
PPP – Point-to-Point Protocol
• Encapsulates other protocols (tunnel)
• Enables AAA (authentication, authorization, accounting)
• Supports auto-configuration
• We consider IP over PPPoE (PPP over Ethernet)
Phases of PPP
Link Dead
Establishedsuccessful?
LinkEstablishment
Phase
Needauthentication?
AuthenticationPhase
Authenticationsuccessful?
Network-LayerProtocol Phase
LinkTermination
Phase
No
No
No
Yes Yes
Yes
PPPoE Frame
Dst. Addr
Src. Addr
TypeData
PPPoE
Version
(4 Bit)
Type
(4 Bit)
Code
(1 Byte)
Session-ID
(2 Byte)
Length
(2 Byte)
PPP Protocol
(2 Byte)
Payload
(variable)
Ethernet Frame
Always 0x1
Always 0x1
0x00: Data0x07: PADO0x09: PADI0x19: PADR0x65: PADS0xa7: PADT
Announced in PADS Frame, before: 0x0000
Payload Length in Bytes
0x0021: IP0x8021: IP Control Prot. (IPCP)0xc021: Link Control Prot. (LCP)0xc023: Password Auth. Prot. (PAP)0xc223: Challenge Handshake
Auth. Prot. (CHAP)
0x8863: PPPoE Discovery0x8864: PPPoE Session
PPPoE Session
Client DSL-AC
PPPoE Active Discovery (AD) Initiation: PADIBroadcast Packet, optional: Service-Name
PPPoE AD Offer: PADOService-Name, AC-Name
PPPoE AD Request: PADRService-Name, AC-Name
PPPoE AD Session Confirmation: PADSSession-ID
PPPoE AD TerminationCan be sent by either side
If multiple PADO:
Choose one
PPP Session1) PPP Session handshake (LCP),
including authentication2) IP configuration (IPCP)3) IP Session (Payload)
Authenticate user andauthorize session
Record accounting data
Set local IP configuration
RADIUS
• “Remote Authentication Dial-In User Service”
• Central RADIUS Server• Provides authentication service for
Network Access Servers (NAS) • NAS: Every device that a user can use to
connect to a network, e.g: PPP-AC, WPA access-point,
802.1x switch
PPP Session with RADIUSPPP-AC/NAS Auth. Server
RADIUS: Access RequestUsername + Password
Write accountingrecord
Client
LCP: Conf RequestAuth. Proto: PAP
RADIUS: Access AcceptAttributes:• IP Address•….
RADIUS: Accounting StartAttributes:• IP Address• Session ID•….
PAP: Auth AckUsername + Password
IPCP: Conf Req.IP: 0.0.0.0
IPCP: Conf RejectIP: 1.2.3.4
LCP: Conf AckAuth. Proto: PAPPAP: Auth Request Username + Password
LCP: Terminate Link RADIUS: Accounting StopAttributes:•Session ID•Duration,Traffic Volume•…
Write accountingrecord
Datacenter
Phone Exchange Point of Presence
Customer Datacenter
Excurse: Other providers
Core NetworkCore Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
Datacenter
Core Network
Core Network
Point of Presence
PPP-AC Access Router
Point of Presence
Point of Presence
loadgen10X
Datacenter
Phone Exchange
Customer Datacenter
The smaller picture
Core NetworkCore Network
Phone Network
Phone Network
Home Network
ATM NetworkPPP-AC
DSLAM
Splitter
Modem DSL Router
Access Router Core Routers
Point of Presence
loadgen10X
Customer Datacenter
The smaller picture
Home Network
PPP-AC
DSL Router
Access Router
rj1
Loadgen103VLAN 102
