What is PPPoE: Basics and Process between Server and Client

Point-to-Point Protocol Over Ethernet(PPPoE) integrates the scalability and management control functions of the most economical LAN technology-Ethernet and point-to-point(P2P) protocol. Generally, in traditional Ethernet Network, Access Network or PON system, network service providers and telecom operators can use reliable and familiar technologies to accelerate the deployment of high-speed Internet(HSI) services. PPPoE makes it easier for the service provider to provide broadband access services that support multiple users using digital subscriber lines wireless connections.

PPPoE Basic Principle

The PPPoE protocol provides a standard for connecting multiple hosts in a broadcast network(such as an Ethernet) to a remote access concentrator(also called a broadband access server). In this network model, each subscriber host needs to independently initialize its own PPP protocol stack. In addition, using features of the PPP protocol, subscribers can be charged and managed on a broadcast network. To establish and maintain a P2P relationship between hosts and access concentrators on a broadcast network, a unique P2P session must be established between each host and the access concentrator.

PPPoE Packet

The PPPoE initialization process is very important. It not only needs to determine the one-to-one logical relationship on the broadcast network but also prepares necessary conditions for the PPPoE session, such as the unique session ID allocated by the access concentrator. Before introducing the PPPoE, we will review the encapsulation format of Ethernet frames. All PPPoE data packets are encapsulated in the data fields(payload area) of the Ethernet frames for transmission.

The Ethernet destination address(DMAC) and Ethernet source address(SMAC) are the most commonly used data link layer addresses. They are classified into unicast addresses, multicast addresses, and broadcast addresses.

Unicast and broadcast addresses are used in the PPPoE protocol. For a data Iink layer protocol such as PPP, the layer 2 address communication is different from common layer 2 communications.

The Ethernet type field is also one of the most concerned fields. The two phases of PPPoE are distinguished by the type field of Ethernet packets. In the PPPoE discovery phase, the Ethernet type field is set to 0x8863.ln the PPPoE session phase, this field is set to Ox8864.

A data field(payload) carries the data packet indicated by the type field All PPPoE data packets in the PPPoE protocol are encapsulated in this field for transmission.

A verification field is used to ensure the correctness of data frame transmission at the link layer.

PPPoE Session Establishment Process

The PPPoE can be divided into three phases: discovery, session, and session termination.

When a host wants to start a PPPoE session, it needs to perform a discovery process to identify the MAC address of the peer, and then determine a unique PPPoE session ID. The serve this purpose, the PPPoE uses a discovery protocol based on the client/server model. Due to the broadcast feature of the Ethernet, the host(client) discovers all access concentrators(servers) in this process, selects one of them, and establishes a P2P connection with the peer according to the obtained information. After a PPP session is set up, the PPPoE discovery phase is complete.

After the PPPoE session phase starts, the host and the access concentrator transmit PPP data based on the PPP protocol to perform PPP negotiation and data transmission. The data packets transmitted in this phase must always contain the session identifier determined in the discovery phase.ln normal cases, the session phase is terminated by the PPP protocol. However, a PADT packet is also defined in PPPoE to terminate sessions. The host or access concentrator can terminate a session by sending the packet at any time after the PPP session starts.

Classification of Data Packets in the PPPoE Discovery Phase


The client broadcasts a PADI packet to discover the access server.

The destination address is the broadcast address FF:FF:FF:FF:FF: FF and the source address is the Ethernet address of the host. The value of ETHER_TYPE is 0x8863, the code value is Ox09, and the value of SESSION-ID is 0x0000.TAG_TYPE: Only one Service Name indicates the service requested by the host There can be any number of other tags.


After receiving a PADI packet, all PPPoE servers compare the service requested by the client with the services that the PPPOE servers can provide. If the service can be provided, PPPoE servers respond with a PADO packet in unicast mode.

The destination address is the Ethernet address of the host. The source address is the Ethernet address of the access concentrator. The value of ETHER_TYPE is 0x8863, the code value is Ox07, and the value of SESSION-ID is 0x0000. The value of TAG_TYPE must have an AC-Name TAG that contains the name of the access concentrator. lt must contain a Service-Name TAG that is the same as the received PADI and any number of other Service-Name TAGs indicating the services that the concentrator can provide.


The PPPoE Client selects the PPPoE server whose PADD packet arrives first and returns a PADR packet in unicast mode.

The destination address is the Ethernet address of the access concentrator, and the source address is the Ethernet address of the host. The value of ETHER_TYPE is 0x8863, the code value is Ox19, and the value of SESSION-ID is Ox0000. The value of TAG_TYPE must contain a TAG of the Service Name type to specify the service requested from the concentrator. There can be any number of other tags.


The PPPoE server generates a unique PPPoE Session ID and sends a PADS packet to the client. The session is set up successfully.

The destination address is the Ethernet address of the host, and the source address is the Ethernet address of the access concentrator. The value of ETHER_TYPE is Ox8863, the code value is Ox65, and the value of SESSION-ID is a unique value specified by the concentrator to identify a PPPoE session.TAG_TYPE: Contains a tag of the Service-Name type, indicating the service provided by the concentrator to the session. There can be any number of other tags After a session is set up, the PPPoE client and server enter the PPPoE session phase.

PPPoE Session Phases

After the PPP negotiation of a PPPoE session succeeds, PPP data can be transmitted.

After a PPPoE session is set up, PPP data is transmitted between the host and the access device based on the PPP protocol. Each Ethernet frame has a single address. The value of ETHER_TYPE is Ox8864, the code value is Ox00, and the value of SESSION-ID remains unchanged during the entire session. The PPPOE payload field contains a PPP packet.


APADT packet is used to notify the peer end of the PPPoE session termination.

This packet can be sent by the host or concentrator at any time after a session is established. The destination address is a single Ethernet address. The value of ETHER_TYPE is 0x8863, the code value is Oxa7, and the value of SESSION-ID is the SESSION-ID of the session to be terminated.No tag is required.

In a PADT packet, the destination MAC address is a unicast address, and the session ID is the session ID of the connection to be closed. Once a PADT packet is received, the connection is closed.

Example PPPoE-CHAP

Generally, a single user or a home user uses PPPoE to access the Internet. After passing RADIUS authentication, the user obtains an IP address from the BRAS.

1. The client sends a PADI packet to the server to start PPPoE access.

2. The server sends a PADO packet to the client.

3. The client sends a PADR packet to the server.

4. The server generates a session ID and sends it to the client through PADS.

5. The client and the server perform PPP LCP negotiation to establish a link-layer connection.ln addition, CHAP authentication is used.

6. The server sends a 128-bit Challenge packet to the authentication client.

7. After receiving the challenge packet, the client performs the MD5 algorithm on the password and challenge and sends the password and challenge to the server for the response packet.

8. The server sends the challenge and user name to the RADIUS server for authentication.

9. The RADIUS server determines whether the user is authorized based on the user information and sends an authentication success/failure packet to the server. If the authentication is successful, the AAA server sends a message carrying negotiation parameters and service attributes to authorize the subscriber. If the authentication fails the process ends.

10. The server returns the authentication result to the client.

11. The user performs NCP(such as IPCP) negotiation and obtains the planned parameters such as the IP address through the server.


Recent Post

Innovation Drives Development Quality Builds Brand

We R&D, manufacture, and sell optical communication access systems and terminal equipment. Now we’ve taken the lead in launching a number of original products in the industry, mainly including ONU/ONT, OLT, VoIP gateways, and other network access products, which are designed to meet the needs of telecom operators. We’re committed to helping broadband users worldwide enjoy an ultra-high-speed network!

Get In Touch With Our Experts

Tell us your business needs, and we will find the perfect solution.