Point-to-Point Protocol

The Point-to-Point Protocol (PPP) is an encapsulation protocol for transporting IP traffic across
point-to-point links. PPP is made up of three primary components:

 Link control protocol (LCP)—Establishes working connections between two points.

 Authentication protocols—Enable secure connections between two points.
 Network control protocols (NCPs)—Initialize the PPP protocol stack to handle multiple
network layer protocols, such as IPv4, IPv6, and Connectionless Network Protocol
(CLNP).

Link Control Protocol

LCP is responsible for establishing, maintaining, and tearing down a connection between two
endpoints. LCP also tests the link and determines whether it is active. LCP establishes a point-to-
point connection as follows:

1. LCP must first detect a clocking signal on each endpoint. However, because the clocking
signal can be generated by a network clock and shared with devices on the network, the
presence of a clocking signal is only a preliminary indication that the link might be
functioning.
2. When a clocking signal is detected, a PPP host begins transmitting PPP Configure-
Request packets.
3. If the remote endpoint on the point-to-point link receives the Configure-Request packet,
it transmits a Configure-Acknowledgement packet to the source of the request.
4. After receiving the acknowledgement, the initiating endpoint identifies the link as
established. At the same time, the remote endpoint sends its own request packets and
processes the acknowledgement packets. In a functioning network, both endpoints treat
the connection as established.

During connection establishment, LCP also negotiates connection parameters such as FCS and
HDLC framing. By default, PPP uses a 16-bit FCS, but you can configure PPP to use either a 32-
bit FCS or a 0-bit FCS (no FCS). Alternatively, you can enable HDLC encapsulation across the
PPP connection.

After a connection is established, PPP hosts generate Echo-Request and Echo-Response packets
to maintain a PPP link.

PPP Authentication

PPP's authentication layer uses a protocol to help ensure that the endpoint of a PPP link is a valid
device. Authentication protocols include the Password Authentication Protocol (PAP), the
Extensible Authentication Protocol (EAP), and the Challenge Handshake Authentication
Protocol (CHAP). CHAP is the most commonly used.
 Note: EAP is not currently supported on J-series devices. PAP is
supported, but must be configured from the CLI or J-Web
configuration editor. PAP is not configurable from the J-Web Quick
Configuration pages.

CHAP ensures secure connections across PPP links. After a PPP link is established by LCP, the
PPP hosts at either end of the link initiate a three-way CHAP handshake. Two separate CHAP
handshakes are required before both sides identify the PPP link as established.

CHAP configuration requires each endpoint on a PPP link to use a shared secret (password) to
authenticate challenges. The shared secret is never transmitted over the wire. Instead, the hosts
on the PPP connection exchange information that enables both to determine that they share the
same secret. Challenges consist of a hash function calculated from the secret, a numeric
identifier, and a randomly chosen challenge value that changes with each challenge. If the
response value matches the challenge value, authentication is successful. Because the secret is
never transmitted and is required to calculate the challenge response, CHAP is considered very
secure.

PAP authentication protocol uses a simple 2-way handshake to establish identity. PAP is used
after the link establishment phase (LCP up), during the authentication phase. JUNOS software
can support PAP in one direction (egress or ingress), and CHAP in the other.

Network Control Protocols

After authentication is completed, the PPP connection is fully established. At this point, any
higher-level protocols (for example, IP protocols) can initialize and perform their own
negotiations and authentication.

PPP NCPs include support for the following protocols. IPCP and IPV6CP are the most widely
used on J-series devices.

 ATCP—AppleTalk Control Protocol

 BCP—Bridging Control Protocol
 BVCP—Banyan Vines Control Protocol
 DNCP—DECnet Phase IV Control Protocol
 IPCP—IP Control Protocol
 IPV6CP—IPv6 Control Protocol
 IPXCP—Novell IPX Control Protocol
 LECP—LAN Extension Control Protocol
 NBFCP—NetBIOS Frames Control Protocol
 OSINLCP—OSI Network Layer Control Protocol (includes IS-IS, ES-IS, CLNP, and
IDRP)
 SDTP—Serial Data Transport Protocol
 SNACP—Systems Network Architecture (SNA) Control Protocol
  XNSCP—Xerox Network Systems (XNS) Internet Datagram Protocol (IDP) Control
Protocol

Magic Numbers

Hosts running PPP can create “magic” numbers for diagnosing the health of a connection. A PPP
host generates a random 32-bit number and sends it to the remote endpoint during LCP
negotiation and echo exchanges.

In a typical network, each host's magic number is different. A magic number mismatch in an
LCP message informs a host that the connection is not in loopback mode and traffic is being
exchanged bidirectionally. If the magic number in the LCP message is the same as the
configured magic number, the host determines that the connection is in loopback mode, with
traffic looped back to the transmitting host.

Looping traffic back to the originating host is a valuable way to diagnose network health
between the host and the loopback location. To enable loopback testing, telecommunications
equipment typically supports channel service unit/data service unit (CSU/DSU) devices.

CSU/DSU Devices

A channel service unit (CSU) connects a terminal to a digital line. A data service unit (DSU)
performs protective and diagnostic functions for a telecommunications line. Typically, the two
devices are packaged as a single unit. A CSU/DSU device is required for both ends of a T1 or T3
connection, and the units at both ends must be set to the same communications standard.

A CSU/DSU device enables frames sent along a link to be looped back to the originating host.
Receipt of the transmitted frames indicates that the link is functioning correctly up to the point of
loopback. By configuring CSU/DSU devices to loop back at different points in a connection,
network operators can diagnose and troubleshoot individual segments in a circuit.