Shulou(Shulou.com)06/03 Report--

Ppp protocol

PPP protocol is a point-to-point link protocol, which is mainly used for point-to-point data transmission on full-duplex links.

Features:

-support point-to-point and point-to-multipoint

-supports synchronous and asynchronous serial services

-can support multiple network layer protocols at the same time

-support verification

-support address autonegotiation and assign IP addresses remotely

PPP composition:

LCP: link control protocol responsible for physical and layer 2 negotiation (used to establish, dismantle, and monitor PPP data links)

NCP: network control protocol, responsible for negotiation with layer 3 (connection establishment and parameter negotiation for different network layer protocols)

PPP link authentication is as follows:

The 1:Dead phase is a phase in which no connection is made, and it is an unavailable phase. Only when both sides detect that the physical interface is activated, it will go from the Dead phase to the Establish phase, also known as the link establishment phase.

2: in the Establish phase, the PPP link negotiates the LCP parameters. The negotiation content includes MRU, authentication method, magic word, and so on. After successful negotiation of LCP parameters, the Opened status will be entered, indicating that the underlying link has been established.

3: the next step is that the devices at both ends of the link need to go through the authentication phase (Authenticate) to enter the network layer protocol stage. If the Configure-Request message is received again at this stage, it will return to the link establishment phase.

4: in the Network phase, the PPP link conducts NCP negotiation, and only after the corresponding network layer protocol is successfully negotiated, the network layer protocol can send messages over this PPP link. If a Configure-Request message is received at this stage, it will also return to the link establishment phase.

After the 5:NCP negotiation is successful, the PPP link remains in the communication state.

6: in the Terminate phase, if all resources are released, both sides of the communication will return to the Dead state and a direct PPP connection will be established between the two sides of the communication.

PS:Configure-Request (configuration request): the first message sent during link layer negotiation, indicating that point-to-point parties begin to negotiate link layer parameters.

MRU: maximum receiving unit

Authentication methods: including PAP and CHAP

Magic word: randomly generate a value to detect whether there is a loop on the link. If the magic word in the received LCP message is the same as the magic word generated in this paragraph, it is considered to have a loop. But make sure that the numbers at both ends are the same, basically 0

First of all, take a look at these nouns:

1. Configure-Request (configuration request): the first message sent during link layer negotiation, indicating that point-to-point parties begin to negotiate link layer parameters.

2. Configure-Ack (configuration response): the Configure-Request message sent by the peer is received. If the parameter value is fully accepted, the response will be based on this message.

3. Configure-Nak (configuration does not respond): a Configure-Request message is received from the peer. If the value of the parameter is not approved by the local end, the message is sent and carries the configuration parameters acceptable to the local end.

4. Configure-Reject (configuration rejection): receives a Configure-Request message from the peer. If the local end cannot identify some parameters in the Configure-Request sent by the peer, it will send this message and carry the configuration parameters that the local end cannot recognize.

1:RTA sends a Configure-Request message containing some parameters on the link layer on RTA. When RTB receives this configuration request, if RTB can recognize it, it will send a Configure-Ack message to RTA.

2: of course, RTA will not wait for RTB to reply actively. RTA will send it every three times, 10 times in a row. If it has not received the Configure-Ack message, it will stop sending it.

3: after RTB receives the Configure-Request message sent by RTA, if RTB can identify all the link layer parameters carried in the message, but thinks that the values of some or all of the parameters are unacceptable, that is, the negotiation of the value of the parameters is not successful, then RTB needs to send a Configure-Nak message to RTA.

4: when RTB receives the Configure-Request message sent by RTA, if RTB cannot identify some or all of the link layer parameters carried in this message, RTB needs to respond to a Configure-Reject message to RTA. In this Configure-Reject message, only link layer parameters that cannot be recognized are included. After receiving the Configure-Reject message, RTA needs to resend a Configure-Request message to RTB

These are just some of the negotiation configuration processes on the LCP link, followed by the authentication process (PAP and CHAP)

Pap authentication uses a two-way handshake protocol, and the password is transmitted over the link in clear text. After writing on the LCP link, the authenticator requires the authenticated party to carry out pap authentication.

The authenticated party sends the configured user name and password information to the authenticator in clear text using Authenticate-Request messages. After receiving the user name and password information sent by the authenticated party, the authenticator checks whether the user name and password information match according to the locally configured user name and password database, and if so, returns an Authenticate-Ack message indicating that the authentication is successful. Otherwise, an Authenticate-Nak message is returned, indicating that authentication failed.

CHAP needs three times of authentication, which is a relatively secure authentication method. It has an encryption algorithm, this algorithm is called MD5, it is an irreversible process, usually we will see some websites decrypting MD5 on the Internet, but these sites rely on a powerful database for collision results, there is not an effective decryption means to decrypt him yet.

1. After the LCP negotiation is completed, the authenticator sends a Challenge message to the authenticated party. The authenticator is very naughty, and he wants to challenge the authenticated party.

two。 After receiving this Challenge message, the authenticated party also performs an encryption operation, which is also an MD5 operation, to get a 16-byte summary information, and then encapsulates the summary information and the CHAP user name configured on the port in the Response message and sends it to the authenticator.

3. After receiving the Response message sent by the authenticated party, the authenticator looks up the corresponding password information locally according to the user name of the Response, obtains the password information, carries out an encryption operation, and the operation mode is the same as that of the authenticated party, and then compares the summary information obtained by the encryption operation with the summary information encapsulated in the Response message. If the same is the same, the authentication is successful, but if it is not the same, the authentication fails.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.