The PPP link layer is a nested set of state machines. The state machines do not reflect protocol layers in the strict sense of passing encapsulated packets between layers, but some of the “layers” depend on lower layers for correct functionality. At the bottom is the HDLC layer running directly on the physical link. Above the HDLC layer is the LCP layer, which negotiates transmission options for the HDLC layer. If authentication is required, it occurs before the NCPs complete negotiation of network layer options. The relationship between the state machines is shown in Figure 9-2. Multiple state machines may be involved at the network-protocol layer; Figure 9-2 shows state machines for IP, IPX, and SNA.
Each layer in Figure 9-2 must receive an administrative Open from the higher layer, instruct the lower layer to initialize, and then negotiate parameters for its own layer. At that point, it responds to the Open command with an Up event of its own. To transmit IP data, for example, the link must be initialized for IP. The steps shown in Figure 9-2 are summarized in Table 9-1.
Table 9-1. Steps to initialize link in Figure 9-2
|
Step |
Physical |
LCP |
Authentication |
NCP (IP) |
|---|---|---|---|---|
|
0 |
Down |
Down |
Down |
Down, but datais ready fortransmission |
|
1 |
Down |
Down |
Down |
IP stack sends Open event to IPCP to initialize link for IP |
|
2 |
Down |
Down |
IPCP issues Open request to the authentication layer; authentication layer requests that the link be initialized to perform the authentication process |
Waiting on IPCP to finish opening operation |
|
3 |
Down |
LCP receives Open request from authentication layer, but requires physical connectivity; LCP issues Open request to physical layer to establishconnectivity |
Waiting on LCP to make link available |
Waiting on IPCP to make link available |
|
4 |
Physical layer negotiation begins |
Waiting on physical layer |
Waiting on LCP |
Waiting on IPCP |
|
5 |
Physical layer negotiation completes, so physical layer sends an Up event to LCP |
Up event received from physical layer, so LCP negotiation begins |
Waiting on LCP |
Waiting on IPCP |
|
6 |
Up |
LCP negotiates options for the link |
Waiting on LCP |
Waiting on IPCP |
|
7 |
Up |
When compatible option sets have been selected, LCP sends an Up to the authentication layer |
Up event received from LCP; authentication begins |
Waiting on IPCP |
|
8 |
Up |
Up |
Authentication is attempted by one or both sides |
Waiting on IPCP |
|
9 |
Up |
Up |
When authentication is successful, an Up event is sent to IPCP |
Up event received from authentication layer |
|
10 |
Up |
Up |
Up |
IP addresses negotiated; Up event sent to IP stack |
|
11 |
Up |
Up |
Up |
Up event received, so data transmission begins |
The series of steps needed to set up the link for transmission of IP packets is shown in Figure 9-2 by the numbered sequence of steps in the diagram. When the IP layer has packets to transmit, but is not initialized, an administrative Open command is sent from the IP layer to the IP Control Protocol. IPCP is responsible for negotiating IP parameters. However, data cannot be transmitted until the lower layers have been configured to transmit data. Therefore, IPCP sends an Open command of its own to the authentication state machine. Once again, lower layers are not available, so the authentication layer sends its own Open command to the Link Control Protocol. LCP then proceeds to initialize the physical link layer by sending an Open command down to the appropriate physical layer. Depending on the physical layer, the Open command may be simple or quite complex. Asynchronous modems must establish circuit-switched paths through the telephone network and establish a carrier signal before returning an Up event. Dedicated leased lines normally have an available physical layer at all times, so they return an Up event much more quickly.
When the Up event has been received from the physical layer, LCP negotiates parameters for link encapsulation. Negotiation of encapsulation parameters is an involved process, as detailed in the next section. When negotiation completes after LCP has established a set of parameters used for encapsulation on the link, LCP will send an Up event to the authentication layer. Authentication may or may not be employed on any particular link. If it is not, the authentication layer simply does nothing. Placing the authentication layer before the network-protocol initialization prevents network attacks from outsiders who are not authorized to use the network. If it does not receive network layer parameters, the host is not on the network and cannot transmit data.
When authentication completes, an Up event is sent to the NCP, which is IPCP in this case. IPCP negotiates addressing and sends an Up event to the IP layer. The IP layer can then transmit the packets that were queued in the beginning. Once LCP is initialized, adding network protocols is much less time-consuming. If IPX packets were to be transmitted, only IPXCP would need to negotiate because the other layers would have previously been completed. Figure 9-3 shows the procedure that would be used once the IP initialization was complete. When the Open event goes down the layers, it reaches the authentication layer. However, authentication was already performed when the link initialized for IP, so the authentication layer can respond immediately with an Up notification. The only negotiation that must take place is the IPXCP negotiation to configure the link for use with IPX. The steps shown in Figure 9-3 are summarized in Table 9-2.
Table 9-2. Steps to initialize link in Figure 9-3
|
Step |
Physical |
LCP |
Authentication |
NCP (IPX) |
|---|---|---|---|---|
|
0 |
Up |
Up |
Up |
Down, but data is ready for transmission |
|
1 |
Up |
Up |
Up |
IPX stack sends Open event to IPXCP to initialize link for IPX |
|
2 |
Up |
Up |
IPXCP issues Open request to the authentication layer |
Waiting on IPXCP to finish opening operation |
|
3 |
Up |
Up |
Authentication has completed, so authentication layer sends Up event back to IPXCP |
Waiting on IPXCP to make link available |
|
4 |
Up |
Up |
Up |
Link is authenticated and IPXCP can negotiate IPX options |
|
5 |
Up |
Up |
Up |
IPXCP sends Up event to IPX stack; IPX transmission begins |
Figure 9-4 shows another view of the link-initialization process, through the PPP link state diagram.
Five link states are defined:
All links begin in the dead phase, which corresponds to a physical layer not ready for data transmission. PPP moves out of the dead phase when a physical signal indicates that the underlying medium is ready to accept data for transmission. On a T1 circuit, this corresponds to the carrier detect signal on the V.35 circuit to the router.
After the physical layer is ready to transmit, an LCP exchange negotiates link layer parameters. LCP handles only network layer independent parameters. Establishment ends only when both sides have signaled agreement on parameters by sending identical LCP configure acknowledgments. If PPP receives a configure request during any other state, it returns to the establishment phase.
PPP may enter an authenticating state if authentication on the link is desired. Either side may request authentication during the establishment phase. If authentication fails, the network layer is not initialized and PPP proceeds immediately to the termination phase without passing Go or collecting $200. PPP prevents higher-layer protocol attacks by holding back from initializing the network layer until authentication is successful. Generally, PPP does not use authentication on leased lines because the endpoints are static.
Each desired network protocol is configured through its NCP. Each protocol must be configured independently, although negotiations may occur concurrently. NCPs can be opened and closed independently. Poor implementations may send frames corresponding to a network protocol before its associated NCP has configured the link. Frames received for an unconfigured network protocol are dropped. In addition to IP, NCPs have been designed for protocols such as IPX, AppleTalk, OSI, and others with which many network engineers are not familiar.
PPP links may be terminated for a variety of reasons. The carrier signal for the underlying physical link may be lost due to physical problems with the circuit. As previously noted, authentication failures cause link termination. In the case of an authentication failure, most PPP implementations will disconnect the physical link as well. PPP may detect link quality problems and close the link. Link termination can also occur for administrative reasons. Network users are allowed to terminate the link at their discretion.
Two common misconceptions about termination exist. One is that each NCP must close before link termination. On the contrary, a single LCP termination request is sufficient to close the link. The second is that closing the only active network protocol leads to link termination. It is possible for a link to be configured and ready without having any active network protocols.