Introduction: The Internet's Universal Adapter Cable

In the early days of the internet, connecting a single computer to a network over a simple serial link (like a dial-up modem or a direct cable connection) was a challenge. The first major solution, SLIP (Serial Line Internet Protocol), was very basic. It could send IP packets, but it couldn't perform error detection, had no security, and couldn't handle protocols other than IP. A more robust, flexible solution was needed.

Enter the Point-to-Point Protocol (PPP). Developed in the early 1990s, PPP became the de-facto standard for establishing a direct connection between two networking nodes. Think of PPP as a universal "smart adapter cable" for the internet. It doesn't just pass bits along; it establishes a connection, authenticates the user, configures network settings like IP addresses, and can carry traffic from multiple network protocols simultaneously. Its robust and modular design has made it incredibly durable, and its principles are still widely used today in technologies like PPPoE for broadband connections.

The Layered Architecture of PPP

PPP is not a single, monolithic protocol. Instead, it is a suite of protocols organized into a layered architecture, which gives it great flexibility. It consists of three main components:

1. Encapsulation Protocol:

   This defines the "envelope" or frame format for transporting data packets over the point-to-point link. PPP uses a frame structure that is very similar to HDLC (High-Level Data Link Control), including using flag sequences to mark the beginning and end of frames and an FCS for error detection.

2. Link Control Protocol (LCP):

   LCP is the "negotiator" for the connection. Before any data can be sent, LCP's job is to establish, configure, and test the data link. It negotiates various options, such as the maximum frame size (MRU), the authentication protocol to be used (if any), and mechanisms to detect common problems like misconfigured links (e.g., a link looped back to itself).

3. Network Control Protocols (NCPs):

   This is a family of protocols responsible for configuring the different Network Layer protocols that will be used over the PPP link. PPP is protocol-independent, meaning it can carry packets from various protocols like IP, IPX, and AppleTalk simultaneously. For each network protocol being used, a corresponding NCP must be active. The most common NCP is the Internet Protocol Control Protocol (IPCP), which is responsible for assigning and configuring the IP address for the connection, as well as other parameters like DNS server addresses.

Anatomy of a PPP Frame

Every piece of information sent across a PPP link, whether it's user data or a control message, is encapsulated within a PPP frame. The structure is heavily based on HDLC.

• Flag (1 byte): The frame begins and ends with the special hexadecimal sequence 0x7E (binary 01111110). This unique flag acts as a reliable separator between frames. PPP uses the same bit stuffing technique as HDLC to ensure this pattern doesn't accidentally appear in the data.
• Address (1 byte): Since PPP is for point-to-point links, the destination is already known. This field is therefore redundant and is almost always set to the broadcast address 0xFF (binary 11111111).
• Control (1 byte): This field is also a relic from HDLC. PPP does not use HDLC's flow control or sequencing mechanisms, leaving reliability to higher-layer protocols like TCP. As a result, this field is fixed to the value 0x03, indicating an unnumbered information frame.
• Protocol (1 or 2 bytes): This is one of the most important fields. It acts like a "manifest," telling the receiving device what kind of payload is in the Information field. This is what allows PPP to be multi-protocol. Common values include:
  • 0x0021 for an IPv4 packet
  • 0x8021 for IPCP (IP Control Protocol) packets
  • 0xC021 for LCP (Link Control Protocol) packets
  • 0xC023 for PAP (Password Authentication Protocol) packets
  • 0xC223 for CHAP (Challenge-Handshake Auth Protocol) packets
• Information (Payload): This is where the actual data resides. It could be an LCP negotiation message, an authentication packet, or a full IP datagram. Its length is variable, up to a maximum defined by the Maximum Receive Unit (MRU), which is typically 1500 bytes to match Ethernet's MTU.
• Frame Check Sequence (FCS) (2 or 4 bytes): An error detection field, typically a 16-bit CRC (CRC-16). The sender calculates it, and the receiver recalculates it. If they don't match, the frame is silently discarded, indicating a transmission error.

The PPP Connection Lifecycle: A Step-by-Step Conversation

Establishing a PPP connection is a multi-phase process, with each phase building upon the previous one.

1. Phase 1: Link Establishment (LCP Negotiation)

   Once a physical connection is detected (e.g., modem carrier signal), the link enters this phase. The two devices exchange LCP packets to negotiate the basic parameters of the connection. This is a back-and-forth dialogue using messages like:

   • Configure-Request: "I would like to set up the link with these options (e.g., MRU of 1500 bytes, using CHAP for authentication)."
   • Configure-Ack (Acknowledge): "I agree to all of your requested options."
   • Configure-Nak (Negative Acknowledge): "I agree to the general idea, but I cannot accept this specific value (e.g., your MRU is too large), please try again with this alternative."
   • Configure-Reject: "I do not understand or support one of the options you are requesting. Let's proceed without it."

   This phase is complete once both sides have sent and received a Configure-Ack. The link is now considered "open".

2. Phase 2: Authentication (Optional)

   If authentication was negotiated in the LCP phase, the link now proceeds to authentication. The client must prove its identity to the server using the agreed-upon protocol (usually PAP or CHAP). Only after successful authentication can the connection proceed.

3. Phase 3: Network Layer Configuration (NCP Negotiation)

   With the link established and authenticated, the appropriate NCP begins its own negotiation. For an internet connection, this would be IPCP. The client's IPCP sends a Configure-Request, often asking the server to assign it a dynamic IP address. The server responds with an IPCP Configure-Nak containing a free IP address, which the client then confirms with its own Configure-Request, and the server finally sends a Configure-Ack. DNS server addresses can also be negotiated here. Once the NCP phase is complete, the connection is fully operational.

4. Phase 4: Link Termination

   When the connection is no longer needed, it must be closed gracefully. Either side can initiate termination by sending an LCP Terminate-Request packet. The other side responds with a Terminate-Ack, and the logical link is closed. This is followed by the termination of the physical connection (e.g., hanging up the modem).

Security in PPP: PAP vs. CHAP

PPP provides two primary methods for authentication, which differ drastically in their security.