Point-to-Point Protocol over Ethernet


The Point-to-Point Protocol over Ethernet is a network protocol for encapsulating PPP frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solution for tunneling packets over the DSL connection to the ISP's IP network, and from there to the rest of the Internet. A 2005 networking book noted that "Most DSL providers use PPPoE, which provides authentication, encryption, and compression." Typical use of PPPoE involves leveraging the PPP facilities for authenticating the user with a username and password, predominately via the PAP protocol and less often via CHAP.
On the customer-premises equipment, PPPoE may be implemented either in a unified residential gateway device that handles both DSL modem and IP routing functions or in the case of a simple DSL modem, PPPoE may be handled behind it on a separate Ethernet-only router or even directly on a user's computer. More recently, some GPON-based residential gateways also use PPPoE, although the status of PPPoE in the GPON standards is marginal.
PPPoE was developed by UUNET, Redback Networks and RouterWare and is available as an informational RFC 2516.
In the world of DSL, PPPoE was commonly understood to be running on top of ATM as the underlying transport, although no such limitation exists in the PPPoE protocol itself. Other usage scenarios are sometimes distinguished by tacking as a suffix another underlying transport. For example, PPPoEoE, when the transport is Ethernet itself, as in the case of Metro Ethernet networks.
PPPoE has been described in some books as a "layer 2.5" protocol, in some rudimentary sense similar to MPLS because it can be used to distinguish different IP flows sharing an Ethernet infrastructure, although the lack of PPPoE switches making routing decision based on PPPoE headers limits applicability in that respect.

Original rationale

In late 1998, the DSL service model had yet to reach the large scale that would bring prices down to household levels. ADSL technology had been proposed a decade earlier. Potential equipment vendors and carriers alike recognized that broadband such as cable modem or DSL would eventually replace dialup service, but the hardware faced a significant low-quantity cost barrier. Initial estimates for low-quantity deployment of DSL showed costs in the $300–$500 range for a DSL modem and $300/month access fee from the telco, which was well beyond what a home user would pay. Thus the initial focus was on small and home business customers for whom a ~1.5 megabit T1 line was not economical, but who needed more than dialup or ISDN could deliver. If enough of these customers paved the way, quantities would drive the prices down to where the home-use dialup user might be interested: more like $50 for the modem and $50/month for the access.

Different usage profile

The problem was that small business customers had a different usage profile than a home-use dialup user, including:
These requirements didn't lend themselves to the connection establishment lag of a dial-up process nor its one-computer-to-one-ISP model, nor even the many-to-one that NAT plus dial-up provided. A new model was required.
PPPoE is used mainly either:
One problem with creating a completely new protocol to fill these needs was time. The equipment was available immediately, as was the service, and a whole new protocol stack would take so long to implement that the window of opportunity might slip by. Several decisions were made to simplify implementation and standardization in an effort to deliver a complete solution quickly.

Reuse existing software stacks

PPPoE hoped to merge the widespread Ethernet infrastructure with the ubiquitous PPP, allowing vendors to reuse their existing software and deliver products in the very near term. Essentially all operating systems at the time had a PPP stack, and the design of PPPoE allowed for a simple shim at the line-encoding stage to convert from PPP to PPPoE.

Simplify hardware requirements

Competing WAN technologies required a router on the customer premises. PPPoE used a different Ethernet frame type, which allowed the DSL hardware to function as simply a bridge, passing some frames to the WAN and ignoring the others. Implementation of such a bridge is multiple orders of magnitude simpler than a router.

Informational RFC

RFC 2516 was initially released as an informational RFC for the same reason: the adoption period for a standards-track RFC was prohibitively long.

Success

PPPoE was initially designed to provide a small LAN with individual independent connections to the Internet at large, but also such that the protocol itself would be lightweight enough that it wouldn't impinge on the hoped-for home usage market when it finally arrived. While success on the second matter may be debated PPPoE clearly succeeded in bringing sufficient volume to drive the price for service down to what a home user would pay.

Stages

The PPPoE has two distinct stages:

PPPoE discovery

Since traditional PPP connections are established between two end points over a serial link or over an ATM virtual circuit that has already been established during dial-up, all PPP frames sent on the wire are sure to reach the other end. But Ethernet networks are multi-access where each node in the network can access every other node. An Ethernet frame contains the hardware address of the destination node. This helps the frame reach the intended destination.
Hence before exchanging PPP control packets to establish the connection over Ethernet, the MAC addresses of the two end points should be known to each other so that they can be encoded in these control packets. The PPPoE Discovery stage does exactly this. It also helps establish a Session ID that can be used for further exchange of packets.

PPP session

Once the MAC address of the peer is known and a session has been established, the session stage will start.

PPPoE discovery (PPPoED)

Although traditional PPP is a peer-to-peer protocol, PPPoE is inherently a client-server relationship since multiple hosts can connect to a service provider over a single physical connection.
The discovery process consists of four steps between the host computer which acts as the client and the access concentrator at the Internet service provider's end acts as the server. They are outlined below. The fifth and last step is the way to close an existing session.

Client to server: Initiation (PADI)

PADI stands for PPPoE Active Discovery Initiation.
If a user wants to "dial up" to the Internet using DSL, then their computer first must find the DSL access concentrator at the user's Internet service provider's point of presence. Communication over Ethernet is only possible via MAC addresses. As the computer does not know the MAC address of the DSL-AC, it sends out a PADI packet via an Ethernet broadcast. This PADI packet contains the MAC address of the computer sending it.
Example of a PADI-packet:
Frame 1 
Ethernet II, Src: 00:50:da:42:d7:df, Dst: ff:ff:ff:ff:ff:ff
PPP-over-Ethernet Discovery
Version: 1
Type 1
Code Active Discovery Initiation
Session ID: 0000
Payload Length: 24
PPPoE Tags
Tag: Service-Name
Tag: Host-Uniq
Binary Data:

Src. holds the MAC address of the computer sending the PADI.
Dst. is the Ethernet broadcast address.
The PADI packet can be received by more than one DSL-AC.
Only DSL-AC equipment that can serve the "Service-Name" tag should reply.

Server to client: Offer (PADO)

PADO stands for PPPoE Active Discovery Offer.
Once the user's computer has sent the PADI packet, the DSL-AC replies with a PADO packet, using the MAC address supplied in the PADI. The PADO packet contains the MAC address of the DSL-AC, its name and the name of the service. If more than one POP's DSL-AC replies with a PADO packet, the user's computer selects the DSL-AC for a particular POP using the supplied name or service.
Here is an example of a PADO packet:
Frame 2 
Ethernet II, Src: 00:0e:40:7b:f3:8a, Dst: 00:50:da:42:d7:df
PPP-over-Ethernet Discovery
Version: 1
Type 1
Code Active Discovery Offer
Session ID: 0000
Payload Length: 36
PPPoE Tags
Tag: AC-Name
String Data: IpzbrOOl
Tag: Host-Uniq
Binary Data:

AC-Name -> String data holds the AC name, in this case “Ipzbr001”
Src. holds the MAC address of the DSL-AC.
The MAC address of the DSL-AC also reveals the manufacturer of the DSL-AC.

Client to server: request (PADR)

PADR stands for PPPoE active discovery request.
A PADR packet is sent by the user's computer to the DSL-AC following receipt of an acceptable PADO packet from the DSL-AC. It confirms acceptance of the offer of a PPPoE connection made by the DSL-AC issuing the PADO packet.

Server to client: session-confirmation (PADS)

PADS stands for PPPoE Active Discovery Session-confirmation.
The PADR packet above is confirmed by the DSL-AC with a PADS packet, and a Session ID is given out with it. The connection with the DSL-AC for that POP has now been fully established.

Either end to other end: termination (PADT)

PADT stands for PPPoE Active Discovery Termination. This packet terminates the connection to the POP. It may be sent either from the user's computer or from the DSL-AC.

Protocol overhead

PPPoE is used to connect a PC or a router to a modem via an Ethernet link and it can also be used in Internet access over DSL on a telephone line in the PPPoE over ATM over ADSL protocol stack.
PPPoE over ATM has the highest overhead of the popular DSL delivery methods, when compared with for example PPPoA.

Use with DSL – PPPoE over ATM (PPPoEoA)

The amount of overhead added by PPPoEoA on a DSL link depends on the packet size because of the absorbing effect of ATM cell-padding, which completely cancels out additional overhead of PPPoEoA in some cases, PPPoEoA + AAL5 overhead which can cause an entire additional 53-byte ATM cell to be required, and in the case of IP packets, PPPoE overhead added to packets that are near maximum length may cause IP fragmentation, which also involves the first two considerations for both of the resulting IP fragments. However ignoring ATM and IP fragmentation for the moment, the protocol header overheads for ATM payload due to choosing PPP + PPPoEoA can be as high as 44 bytes = 2 bytes + 6 + 18 + 10 + 8. This overhead is that obtained when using the LLC header option described in RFC 2684 for PPPoEoA.
Compare this with a vastly more header-efficient protocol, PPP + PPPoA RFC 2364 VC-MUX over ATM+DSL, which has a mere 10-byte overhead within the ATM payload.
This figure of 44 bytes AAL5 payload overhead can be reduced in two ways: by choosing the RFC 2684 option of discarding the 4-byte Ethernet MAC FCS, which reduces the figure of 18 bytes above to 14, and by using the RFC 2684 VC-MUX option, whose overhead contribution is a mere 2 bytes compared with the 10 byte overhead of the LLC alternative. It turns out that this overhead reduction can be a valuable efficiency improvement. Using VC-MUX instead of LLC, the ATM payload overhead is either 32 bytes or 36 bytes.
ATM AAL5 requires that an 8-byte-long ‘CPCS’ trailer must always be present at the very end of the final cell of the run of ATM cells that make up the AAL5 payload packet. In the LLC case, the total ATM payload overhead is 2 + 6 + 18 + 10 + 8 = 44 bytes if the Ethernet MAC FCS is present, or 2 + 6 + 14 + 10 + 8 = 40 bytes with no FCS. In the more efficient VC-MUX case the ATM payload overhead is 2 + 6 + 18 + 2 + 8 = 36 bytes, or 2 + 6 + 14 + 2 + 8 = 32 bytes.
However, the true overhead in terms of the total amount of ATM payload data sent is not simply a fixed additional value – it can only be either zero or 48 bytes. This is because ATM cells are fixed length with a payload capacity of 48 bytes, and adding a greater extra amount of AAL5 payload due to additional headers may require one more whole ATM cell to be sent containing the excess. The last one or two ATM cells contain padding bytes as required to ensure that each cell's payload is 48 bytes long.
An example: In the case of a 1500-byte IP packet sent over AAL5/ATM with PPPoEoA and RFC2684-LLC, neglecting final cell padding for the moment, one starts with 1500 + 2 + 6 + 18 + 10 + 8 = 1544 bytes if the ethernet FCS is present, or else + 2 + 6 + 14 + 10 + 8 = 40 bytes with no FCS. To send 1544 bytes over ATM requires 33 48-byte ATM cells, since the available payload capacity of 32 cells × 48 bytes per cell = 1536 bytes is not quite enough. Compare this to the case of PPP + PPPoA which at 1500 + 2 + 0 + 8 = 1510 bytes fits in 32 cells. So the real cost of choosing PPPoEoA plus RFC2684-LLC for 1500-byte IP packets is one additional ATM cell per IP packet, a ratio of 33:32. So for 1500 byte packets, PPPoEoA with LLC is ~3.125% slower than PPPoA or optimal choices of PPPoEoA header options.
For some packet lengths the true additional effective DSL overhead due to choosing PPPoEoA compared with PPPoA will be zero if the extra header overhead is not enough to need an additional ATM cell at that particular packet length. For example, a 1492 byte long packet sent with PPP + PPPoEoA using RFC2684-LLC plus FCS gives us a total ATM payload of 1492 + 44 = 1536 bytes = 32 cells exactly, and the overhead in this special case is no greater than if we were using the header-efficient PPPoA protocol, which would require 1492 + 2 + 0 + 8 = 1502 bytes ATM payload = 32 cells also. The case where the packet length is 1492 represents the optimum efficiency for PPPoEoA with RFC2684-LLC in ratio terms, unless even longer packets are allowed.
Using PPPoEoA with the RFC2684 VC-MUX header option is always much more efficient than the LLC option, since the ATM overhead, as mentioned earlier, is only 32 or 36 bytes so that a 1500 byte long packet including all overheads of PPP + PPPoEoA using VC-MUX equates to a total 1500 + 36 = 1536 bytes ATM payload if the FCS is present = 32 ATM cells exactly, thus saving an entire ATM cell.
With short packets, the longer the header overheads the greater the likelihood of generating an additional ATM cell. A worst case might be sending 3 ATM cells instead of two because of a 44 byte header overhead compared with a 10 byte header overhead, so 50% more time taken to transmit the data. For example, a TCP ACK packet over IPv6 is 60 bytes long, and with overhead of 40 or 44 bytes for PPPoEoA + LLC this requires three 48 byte ATM cells’ payloads. As a comparison, PPPoA with overheads of 10 bytes so 70 bytes total fits into two cells. So the extra cost of choosing PPPoE/LLC over PPPoA is 50% extra data sent. PPPoEoA + VC-MUX would be fine though: with 32 or 36 byte overhead, our IP packet still fits in two cells.
In all cases the most efficient option for ATM-based ADSL internet access is to choose PPPoA VC-MUX. However, if PPPoEoA is required, then the best choice is always to use VC-MUX with no Ethernet FCS, giving an ATM payload overhead of 32 bytes = 2 bytes + 6 + 14 + 2 + 8.
Unfortunately some DSL services require the use of wasteful LLC headers with PPPoE and do not allow the more efficient VC-MUX option. In that case, using a reduced packet length, such as enforcing a maximum MTU of 1492 regains efficiency with long packets even with LLC headers and, as mentioned earlier, in that case no extra wasteful ATM cell is generated.

Overhead on Ethernet

On an Ethernet LAN, the overhead for PPP + PPPoE is a fixed 2 + 6 = 8 bytes, unless IP fragmentation is produced.

MTU/MRU

When a PPPoE-speaking DSL modem sends or receives Ethernet frames containing PPP + PPPoE payload across the Ethernet link to a router, PPP + PPPoE contributes an additional overhead of 8 bytes = 2 + 6 included within the payload of each Ethernet frame. This added overhead can mean that a reduced maximum length limit of 1500 − 8 = 1492 bytes is imposed on IP packets sent or received, as opposed to the usual 1500-byte Ethernet frame payload length limit which applies to standard Ethernet networks. Some devices support RFC 4638, which allows negotiation for the use of non-standard Ethernet frames with a 1508-byte Ethernet payload, sometimes called ‘baby jumbo frames’, so allowing a full 1500-byte PPPoE payload. This capability is advantageous for many users in cases where companies receiving IP packets have chosen to block all ICMP responses from exiting their network, a bad practice which prevents path MTU discovery from working correctly and which can cause problems for users accessing such networks if they have an MTU of less than 1500 bytes.

PPPoE-to-PPPoA converting modem

The following diagram shows a scenario where a modem acts as a PPPoE-to-PPPoA protocol converter and the service provider offers a PPPoA service and does not understand PPPoE. There is no PPPoEoA in this protocol chain. This is an optimally efficient design for a separate modem connected to a router by ethernet.
In this alternative technology, PPPoE is merely a means of connecting DSL-modems to an Ethernet-only router. Here it is not concerned with the mechanism employed by an ISP to offer broadband services.
The Draytek Vigor 110, 120 and 130 modems work in this way.
When transmitting packets bound for the Internet, the PPPoE-speaking Ethernet router sends Ethernet frames to the DSL modem. The modem extracts PPP frames from within the received PPPoE frames, and sends the PPP frames onwards to the DSLAM by encapsulating them according to RFC 2364, thus converting PPPoE into PPPoA.
On the diagram, the area shown as ‘backbone’ could also be ATM on older networks, however its architecture is service provider-dependent. On a more detailed, more service-provider specific diagram there would be additional columns in this area.

Quirks

Since the point-to-point connection established has a MTU lower than that of standard Ethernet, it can sometimes cause problems when Path MTU Discovery is defeated by poorly configured firewalls. Although higher MTUs are becoming more common in providers' networks, usually the workaround is to use TCP MSS "clamping" or "rewrite", whereby the access concentrator rewrites the MSS to ensure TCP peers send smaller datagrams. Although TCP MSS clamping solves the MTU issue for TCP, other protocols such as ICMP and UDP may still be affected.
RFC 4638 allows PPPoE devices to negotiate an MTU of greater than 1492 if the underlying Ethernet layer is capable of jumbo frames.
Some vendors distinguish PPPoE from PPPoEoE, which is PPPoE running directly over Ethernet or other IEEE 802 networks or over Ethernet bridged over ATM, in order to distinguish it from PPPoEoA, which is PPPoE running over an ATM virtual circuit using RFC 2684 and SNAP encapsulation of PPPoE..
According to a Cisco document "PPPoEoE is a variant of PPPoE where the Layer 2 transport protocol is now Ethernet or 802.1q VLAN instead of ATM. This encapsulation method is generally found in Metro Ethernet or Ethernet digital subscriber line access multiplexer environments. The common deployment model is that this encapsulation method is typically found in multi-tenant buildings or hotels. By delivering Ethernet to the subscriber, the available bandwidth is much more abundant and the ease of further service delivery is increased."
It is possible to find DSL modems, such as the Draytek Vigor 120, where PPPoE is confined to the Ethernet link between a DSL modem and a partnering router, and the ISP does not speak PPPoE at all.

Post-DSL uses and some alternatives in these contexts

A certain method of using PPPoE in conjunction with GPON has been patented by ZTE.
PPPoE over GPON is reportedly used by retail service providers such as Internode of Australia's National Broadband Network, Romania's RCS & RDS., Orange France and Philippines' Globe Telecom.
RFC 6934, "Applicability of Access Node Control Mechanism to PON based Broadband Networks", which argues for the use of Access Node Control Protocol in PONs for—among other things—authenticating subscriber access and managing their IP addresses, and the first author of which is a Verizon employee, excludes PPPoE as an acceptable encapsulation for GPON: "The protocol encapsulation on BPON is based on multi-protocol encapsulation over ATM Adaptation Layer 5, defined in . This covers PPP over Ethernet or IP over Ethernet. The protocol encapsulation on GPON is always IPoE."
The 10G-PON standard provides for 802.1X mutual authentication of the ONU and OLT, besides the OMCI method carried forward from G.984. G.987 also adds support for authenticating other customer-premises equipment beyond the ONU, although this is limited to Ethernet ports, also handled via 802.1X. There is some modicum support for PPPoE specified in the OMCI standards, but only in terms of the ONU being able to filter and add VLAN tags for traffic based on its encapsulation, which includes PPPoE among the protocols that ONU must be able to discern.
The Broadband Forum's TR-200 "Using EPON in the Context of TR-101", which also pertains to 10G-EPON, says "The OLT and the multiple-subscriber ONU MUST be able to perform the PPPoE Intermediate Agent function, as specified in Section 3.9.2/TR-101."
A book on Ethernet in the first mile notes that DHCP can obviously be used instead of PPPoE to configure a host for an IP session, although it points out that DHCP is not a complete replacement for PPPoE if some encapsulation is also desired and that furthermore DHCP does not provide authentication, suggesting that IEEE 802.1X is also needed for a "complete solution" without PPPoE.
There are security reasons to use PPPoE in a shared-medium environment, such as power line communication networks, in order to create separate tunnels for each customer.