Technical Support Go To Carrier
Help Center
  • 中文
  • English
Home Search Center IP Encyclopedia Online Courses
Search
Home Search Center IP Encyclopedia Online Courses
Login
IP Encyclopedia > PPP Export PDF

What Is PPP?

Point-to-Point Protocol (PPP) is a data link layer protocol used to establish and maintain data links for point-to-point connections. PPP is widely used in production and life, from home broadband access to enterprise network connection, mobile communications, and Internet of Things (IoT) applications. PPP provides stable, efficient data transmission services and keeps network connections secure with multiple authentication modes.

Contents

What Is PPP?

Point-to-Point Protocol (PPP) was originally designed for Internet dial-up access over telephone lines or serial lines. Since then, it has been widely applied to other types of point-to-point connections, such as Ethernet and optical fibers. The main functions provided by PPP include data encapsulation, link control, network layer control, network authentication, error detection, and multi-link bundling.

  • Data encapsulation: PPP encapsulates upper-layer protocol data (such as IP packets) into a format suitable for transmission over point-to-point links. This encapsulation mode applies to multiple network layer protocols, with the most common one being IP.
  • Link control: PPP can establish, configure, maintain, and terminate point-to-point connections through Link Control Protocol (LCP). LCP negotiates link configuration parameters, such as the authentication mode and maximum transmission unit (MTU), to ensure that devices at both ends can communicate with each other properly.
  • Network layer control: PPP also supports Network Control Protocols (NCPs), which are used to configure and manage network layer protocols. For example, Internet Protocol Control Protocol (IPCP) is used to configure parameters such as IP addresses.
  • Network authentication: PPP provides multiple authentication mechanisms, such as Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP), to verify the identities of both communicating parties and ensure communication security.
  • Error detection: PPP can detect and handle errors that occur during transmission to ensure data integrity and reliability.
  • Multi-link bundling: Through Multilink Protocol (MP), PPP allows multiple physical links to be bundled into one logical link to improve bandwidth and connection reliability.

PPP Protocol and PPP Frame Format

Emergence of PPP

Before PPP was developed, Serial Line Internet Protocol (SLIP) was the commonly used point-to-point protocol. SLIP is simple but has limited functionality—for example, it does not support dynamic IP address allocation or identity authentication. To overcome these limitations, PPP was initially developed by the Internet Engineering Task Force (IETF) in the late 1980s. In 1990, the IETF released the first PPP standard RFC 1171. Subsequently, other RFCs were released to define and extend PPP: RFC 1661 defined PPP's basic framework and LCP, RFC 1332 defined IPCP, and RFC 1994 defined CHAP.

Basic Architecture of PPP

PPP is used at the data link layer of the TCP/IP protocol suite, as shown in the following figure.

Location of PPP in the protocol suite
Location of PPP in the protocol suite

PPP consists of three types of protocols:

  • LCP: used to establish, monitor, and tear down PPP data links.
  • NCP: used to negotiate the format and type of packets transmitted on data links.
  • CHAP and PAP: used for network security authentication.

PPP Frame

The following figure shows the PPP packet format.

PPP packet format
PPP packet format

The meanings of the fields are as follows:

  • Flag field

    The Flag field identifies the start and end of a physical frame and is always 0x7E.

  • Address field

    The Address field identifies a peer. Two communicating devices that are connected through PPP do not need to know the data link layer address of each other because PPP is used on point-to-point links. As such, this field is of no significance to PPP and is filled with a broadcast address of all 1s as specified by the protocol.

  • Control field

    The Control field value defaults to 0x03, indicating unnumbered information. By default, PPP does not use sequence numbers or acknowledgement mechanisms to ensure transmission reliability.

    The Address and Control fields together identify a PPP packet. That is, the PPP packet header value is FF03.

  • Protocol field

    The Protocol field identifies the protocol of the data encapsulated in the Information field of a PPP packet.

    The structure of this field complies with the ISO 3309 extension mechanism for address fields. All Protocol field values must be odd, meaning that the least significant bit of the least significant byte must be 1, and the least significant bit of the most significant byte must be 0.

    If a receiver receives a PPP data packet that does not comply with these rules from a sender, the receiver considers the packet unrecognizable and sends a Protocol-Reject packet padded with the protocol code of the rejected packet to the sender.

  • Information field

    The Information field contains data. The maximum length for the Information field, including the padding, is the maximum receive unit (MRU). The MRU defaults to 1500 bytes and can be negotiated.

    Padding is required only when the length of the Information field does not meet the MRU requirements. To ensure proper communication, both communicating parties must be able to identify and distinguish the padding bytes from real information.

  • FCS field

    The frame check sequence (FCS) field checks the correctness of PPP packet transmission.

    Some mechanisms are used to ensure correct data packet transmission. However, they increase the cost and delay in data exchange at the application layer.

Working Mechanism of PPP

PPP has five phases: Dead, Establish, Authenticate, Network, and Terminate, as shown in the following figure.

Phases of PPP
Phases of PPP

Dead Phase

The physical layer is unavailable during the Dead phase. A PPP link begins and ends with this phase.

When two communicating devices detect that the physical link between them is activated (for example, carrier signals are detected on the physical link), the two devices enter the Establish phase from the Dead phase.

After the link is terminated, the two devices return to the Dead phase.

Establish Phase

In the Establish phase, the two devices perform an LCP negotiation. The LCP status changes as follows:

  • When the link is unavailable, LCP is in the Initial or Starting state. When detecting that the link is available, the physical layer sends an up event to the link layer. After receiving the up event, the link layer changes the LCP status to Request-Sent. Then the devices at both ends send Configure-Request packets to configure a data link.
  • If the local device first receives a Configure-Ack packet from the peer, the LCP status changes from Request-Sent to Ack-Received. After the local device sends a Configure-Ack packet to the peer, the LCP status changes from Ack-Received to Opened.
  • If the local device first sends a Configure-Ack packet to the peer, the LCP status changes from Request-Sent to Ack-Sent. After the local device receives a Configure-Ack packet from the peer, the LCP status changes from Ack-Sent to Opened.
  • After LCP enters the Opened state, the two devices enter the next phase.

The next phase is the Authenticate or Network phase, depending on whether authentication is required.

Authenticate Phase

The Authenticate phase is optional. By default, PPP does not perform authentication during PPP link establishment. If authentication is required, an authentication protocol must be specified in the Establish phase.

PPP provides two authentication modes: PAP authentication and CHAP authentication.

Both PAP and CHAP authentication supports unidirectional authentication and bidirectional authentication. In unidirectional authentication, the device on one end functions as the authenticator, and the device on the other end functions as the peer. In bidirectional authentication, each device functions as both the authenticator and peer. In practice, unidirectional authentication is typically used.

PAP Authentication Process

PAP is a two-way handshake authentication protocol that transmits passwords in plain text. The following figure shows the authentication process.

PAP authentication process
PAP authentication process
  1. The peer sends the local user name and password to the authenticator.
  2. The authenticator checks whether the received user name is in the local user table.
    • If the received user name is in the local user table, the authenticator checks whether the received password is correct. If the password is correct, the authentication succeeds.
    • If the password is incorrect, the authentication fails. If the received user name is not in the local user table, the authentication fails.

CHAP Authentication Process

CHAP is a three-way handshake authentication protocol. CHAP transmits only user names but not passwords, so it is more secure than PAP. Figure 3 shows the CHAP authentication process.

CHAP authentication process
CHAP authentication process
  1. The authenticator initiates an authentication request by sending a Challenge packet, which contains a random number and the local user name, to the peer.
  2. The peer checks whether a CHAP password is configured on the local interface after receiving the authentication request of the authenticator.
    • If a CHAP password is configured, the peer uses the ID field and random number contained in the received Challenge packet as well as the configured password for hash calculation. It then sends an authentication response that contains the generated hash value and its user name to the authenticator.
    • If a CHAP password is not configured, the peer searches its local user table for the corresponding password based on the user name in the received Challenge packet, uses the ID field and random number contained in the packet and the searched password for hash calculation. Thereafter, it sends an authentication response that contains the generated hash value and its user name to the authenticator.
  3. The authenticator uses the ID field, locally saved password of the peer, and the random number in the Challenge packet for hash calculation. The authenticator then compares the generated hash value with that in the received authentication response packet. If they are the same, the authentication succeeds. If they are different, the authentication fails.

Comparison Between CHAP and PAP Authentication

  • In PAP authentication, passwords are sent over links in plain text. After a PPP link is established, the peer repeatedly sends the user name and password until authentication finishes. A high level of security is not ensured for this mode, so it is used on networks that do not require high security.
  • CHAP is a three-way handshake authentication protocol. In CHAP authentication, the peer sends only a user name to the authenticator. Compared with PAP, CHAP features higher security because passwords are not transmitted. On networks requiring high security, CHAP authentication is used to establish a PPP connection.

Network Phase

In the Network phase, NCP negotiation is performed to select and configure a network protocol and to negotiate network-layer parameters.

Each NCP may be in Opened or Closed state at any time. After an NCP enters the Opened state, network-layer data can be transmitted over the PPP link.

Terminate Phase

A PPP link can be terminated at any time. A link can be terminated manually by an administrator, or be terminated due to the loss of carrier, an authentication failure, or other causes.

What Are the Applications of PPP?

PPP is widely used in production and life, from home broadband access to enterprise network connection, mobile communications, and Internet of Things (IoT) applications. PPP provides stable, efficient data transmission services and keeps network connections secure with multiple authentication modes.

1. Home broadband access

In the home broadband access field, a common implementation of PPP is Point-to-Point Protocol over Ethernet (PPPoE). When a user accesses the Internet through broadband technologies such as very-high-data-rate digital subscriber line (VDSL) and fiber-optic access, PPPoE enables the user's computer or router to establish a point-to-point connection with the server of the Internet service provider (ISP). PPPoE ensures a stable connection and supports user identity authentication to secure the usage of network resources.

2. Enterprise network connection

In an enterprise environment, an enterprise may need to establish a connection with a remote branch through a private line or virtual private network (VPN). In this case, PPP can be used to establish a secure and reliable point-to-point connection, ensuring the efficiency and security of data transmission. In addition, PPP supports multiple authentication modes, such as PAP and CHAP, which effectively prevent unauthorized access and safeguard the enterprise network.

3. Mobile communications

On early Global System for Mobile Communications (GSM) networks, PPP was used to transmit data between mobile devices and networks. Even though the data transmission mode of mobile communications has changed greatly with the development of 3G, 4G, and 5G technologies, PPP has remained an effective solution in specific scenarios, such as remote data transmission through satellite communication.

4. IoT applications

In the IoT field, PPP can be used to connect remote sensors or devices to a central server. For example, in an agricultural monitoring system, sensors installed in fields can establish connections with a remote server through PPP and periodically send data such as soil humidity and temperature to the server. This solution not only implements remote data transmission, but also ensures data security through the authentication mechanism of PPP.

Protocols Derived from PPP

MP

An extension of PPP, Multilink Protocol (MP) bundles multiple physical links into one logical link to improve bandwidth and reliability. MP delivers the following benefits:

  • Bandwidth aggregation: MP aggregates the bandwidth of multiple physical links to provide higher overall bandwidth.
  • Load balancing: Data is load balanced among multiple links for more efficient transmission.
  • Redundancy and fault tolerance: If one link fails, other links continue to work properly, improving the reliability of the connection.

Compared with standard PPP, MP adds the multi-link management function. The basic frame structure and working mechanism of MP are still based on PPP.

PPTP

Compared with PPP, Point-to-Point Tunneling Protocol (PPTP) provides the tunneling function and applies to scenarios where secure connections are established over public networks.

PPTP is a technology used to implement VPNs. It is used to establish secure point-to-point connections over a public network, such as the Internet. PPTP creates a tunnel between two points. This tunnel can be used to transmit encrypted data packets for higher security.

L2TP

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to transmit data over the Internet or other networks. It encapsulates PPP packets into UDP packets to implement Virtual Private Dial-up Networks (VPDNs), allowing remote users to securely connect to enterprise networks over public networks such as the Internet. L2TP does not provide the encryption function itself and is usually used together with Internet Protocol Security (IPsec) to secure data transmission.

PPPoE

Point-to-Point Protocol over Ethernet (PPPoE) runs at the link layer. It provides point-to-point connections over the Ethernet, establishes PPP sessions, and encapsulates PPP packets into PPPoE packets. PPPoE connects users to a remote access device, providing cost-effective user access and excellent user access control.

Related Topics
About This Topic
  • Author: Li Yefan
  • Updated on: 2025-12-10
  • Views: 1884
  • Average rating:
Share link to

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.