rfc2516.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   If the Access Concentrator does not like the Service-Name in the
   PADR, then it MUST reply with a PADS containing a TAG of TAG_TYPE
   Service-Name-Error (and any number of other TAG types).  In this case
   the SESSION_ID MUST be set to 0x0000.

5.5 The PPPoE Active Discovery Terminate (PADT) packet

   This packet may be sent anytime after a session is established to
   indicate that a PPPoE session has been terminated.  It may be sent by
   either the Host or the Access Concentrator.  The DESTINATION_ADDR
   field is a unicast Ethernet address, the CODE field is set to 0xa7
   and the SESSION_ID MUST be set to indicate which session is to be
   terminated.  No TAGs are required.




Mamakos, et. al.             Informational                      [Page 6]

RFC 2516             Transmitting PPP Over Ethernet        February 1999


   When a PADT is received, no further PPP traffic is allowed to be sent
   using that session.  Even normal PPP termination packets MUST NOT be
   sent after sending or receiving a PADT.  A PPP peer SHOULD use the
   PPP protocol itself to bring down a PPPoE session, but the PADT MAY
   be used when PPP can not be used.

6. PPP Session Stage

   Once the PPPoE session begins, PPP data is sent as in any other PPP
   encapsulation.  All Ethernet packets are unicast.  The ETHER_TYPE
   field is set to 0x8864.  The PPPoE CODE MUST be set to 0x00.  The
   SESSION_ID MUST NOT change for that PPPoE session and MUST be the
   value assigned in the Discovery stage.  The PPPoE payload contains a
   PPP frame.  The frame begins with the PPP Protocol-ID.

   An example packet is shown in Appendix B.

7. LCP Considerations

   The Magic Number LCP configuration option is RECOMMENDED, and the
   Protocol Field Compression (PFC) option is NOT RECOMMENDED.  An
   implementation MUST NOT request any of the following options, and
   MUST reject a request for such an option:

      Field Check Sequence (FCS) Alternatives,

      Address-and-Control-Field-Compression (ACFC),

      Asynchronous-Control-Character-Map (ACCM)

   The Maximum-Receive-Unit (MRU) option MUST NOT be negotiated to a
   larger size than 1492.  Since Ethernet has a maximum payload size of
   1500 octets, the PPPoE header is 6 octets and the PPP Protocol ID is
   2 octets, the PPP MTU MUST NOT be greater than 1492.

   It is RECOMMENDED that the Access Concentrator ocassionally send
   Echo-Request packets to the Host to determine the state of the
   session.  Otherwise, if the Host terminates a session without sending
   a Terminate-Request packet, the Access Concentrator will not be able
   to determine that the session has gone away.

   When LCP terminates, the Host and Access concentrator MUST stop using
   that PPPoE session.  If the Host wishes to start another PPP session,
   it MUST return to the PPPoE Discovery stage.







Mamakos, et. al.             Informational                      [Page 7]

RFC 2516             Transmitting PPP Over Ethernet        February 1999


8. Other Considerations

   When a host does not receive a PADO packet within a specified amount
   of time, it SHOULD resend it's PADI packet and double the waiting
   period. This is repeated as many times as desired.  If the Host is
   waiting to receive a PADS packet, a similar timeout mechanism SHOULD
   be used, with the Host re-sending the PADR.  After a specified number
   of retries, the Host SHOULD then resend a PADI packet.

   The ETHER_TYPEs used in this document (0x8863 and 0x8864) have been
   assigned by the IEEE for use by PPP Over Ethernet (PPPoE).  Use of
   these values and the PPPoE VER (version) field uniquely identify this
   protocol.

   UTF-8 [5] is used throughout this document instead of ASCII.  UTF-8
   supports the entire ASCII character set while allowing for
   international character sets as well.  See [5] for more details.

9. Security Considerations

   To help protect against Denial of Service (DOS) attacks, the Access
   Concentrator can employ the AC-Cookie TAG.  The Access Concentrator
   SHOULD be able to uniquely regenerate the TAG_VALUE based on the PADR
   SOURCE_ADDR.  Using this, the Access Concentrator can ensure that the
   PADI SOURCE_ADDR is indeed reachable and can then limit concurrent
   sessions for that address.  What algorithm to use is not defined and
   left as an implementation detail.  An example is HMAC [3] over the
   Host MAC address using a key known only to the Access > Concentrator.
   While the AC-Cookie is useful against some DOS attacks, it can not
   protect against all DOS attacks and an Access Concentrator MAY employ
   other means to protect resources.

   While the AC-Cookie is useful against some DOS attacks, it can not
   protect against all DOS attacks and an Access Concentrator MAY employ
   other means to protect resources.

   Many Access Concentrators will not wish to offer information
   regarding what services they offer to an unauthenticated entity.  In
   that case the Access Concentrator should employ one of two policies.
   It SHOULD never refuse a request based on the Service-Name TAG, and
   always return the TAG_VALUE that was sent to it.  Or it SHOULD only
   accept requests with a Service-Name TAG with a zero TAG_LENGTH
   (indicating any service).  The former solution is RECOMMENDED.

10. Acknowledgments

   This document is based on concepts discussed in several forums,
   including the ADSL forum.



Mamakos, et. al.             Informational                      [Page 8]

RFC 2516             Transmitting PPP Over Ethernet        February 1999


   Copious amounts of text have been stolen from RFC 1661, RFC 1662 and
   RFC 2364.

11. References

   [1] Simpson, W., Editor, "The Point-to-Point Protocol (PPP)", STD 51,
       RFC 1661, July 1994

   [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
       Levels", BCP 14, RFC 2119, March 1997.

   [3] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
       for Message Authentication", RFC 2104, February 1998.

   [4] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700,
       October 1994.  See also: http://www.iana.org/numbers.html

   [5] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC
       2279, January 1998.
































Mamakos, et. al.             Informational                      [Page 9]

RFC 2516             Transmitting PPP Over Ethernet        February 1999


Appendix A

   TAG_TYPES and TAG_VALUES

   0x0000 End-Of-List

      This TAG indicates that there are no further TAGs in the list. The
      TAG_LENGTH of this TAG MUST always be zero.  Use of this TAG is
      not required, but remains for backwards compatibility.

   0x0101 Service-Name

      This TAG indicates that a service name follows.  The TAG_VALUE is
      an UTF-8 string that is NOT NULL terminated. When the TAG_LENGTH
      is zero this TAG is used to indicate that any service is
      acceptable.  Examples of the use of the Service-Name TAG are to
      indicate an ISP name or a class or quality of service.

   0x0102 AC-Name

      This TAG indicates that a string follows which uniquely identifies
      this particular Access Concentrator unit from all others. It may
      be a combination of trademark, model, and serial id information,
      or simply an UTF-8 rendition of the MAC address of the box.  It is
      not NULL terminated.

   0x0103 Host-Uniq

      This TAG is used by a Host to uniquely associate an Access
      Concentrator response (PADO or PADS) to a particular Host request
      (PADI or PADR).  The TAG_VALUE is binary data of any value and
      length that the Host chooses.  It is not interpreted by the Access
      Concentrator.  The Host MAY include a Host-Uniq TAG in a PADI or
      PADR.  If the Access Concentrator receives this TAG, it MUST
      include the TAG unmodified in the associated PADO or PADS
      response.

   0x0104 AC-Cookie

      This TAG is used by the Access Concentrator to aid in protecting
      against denial of service attacks (see the Security Considerations
      section for an explanation of how this works).  The Access
      Concentrator MAY include this TAG in a PADO packet.  If a Host
      receives this TAG, it MUST return the TAG unmodified in the
      following PADR.  The TAG_VALUE is binary data of any value and
      length and is not interpreted by the Host.





Mamakos, et. al.             Informational                     [Page 10]

RFC 2516             Transmitting PPP Over Ethernet        February 1999


   0x0105 Vendor-Specific

      This TAG is used to pass vendor proprietary information.  The
      first four octets of the TAG_VALUE contain the vendor id and the
      remainder is unspecified.  The high-order octet of the vendor id
      is 0 and the low-order 3 octets are the SMI Network Management
      Private Enterprise Code of the Vendor in network byte order, as
      defined in the Assigned Numbers RFC [4].

      Use of this TAG is NOT RECOMMENDED.  To ensure inter-operability,
      an implementation MAY silently ignore a Vendor-Specific TAG.

   0x0110 Relay-Session-Id

      This TAG MAY be added to any discovery packet by an intermediate
      agent that is relaying traffic.  The TAG_VALUE is opaque to both
      the Host and the Access Concentrator.  If either the Host or
      Access Concentrator receives this TAG they MUST include it
      unmodified in any discovery packet they send as a response.  All
      PADI packets MUST guarantee sufficient room for the addition of a
      Relay-Session-Id TAG with a TAG_VALUE length of 12 octets.

      A Relay-Session-Id TAG MUST NOT be added if the discovery packet
      already contains one.  In that case the intermediate agent SHOULD
      use the existing Relay-Session-Id TAG.  If it can not use the
      existing TAG or there is insufficient room to add a Relay-
      Session-Id TAG, then it SHOULD return a Generic-Error TAG to the
      sender.

   0x0201 Service-Name-Error

      This TAG (typically with a zero-length data section) indicates
      that for one reason or another, the requested Service-Name request
      could not be honored.

      If there is data, and the first octet of the data is nonzero, then
      it MUST be a printable UTF-8 string which explains why the request
      was denied.  This string MAY NOT be NULL terminated.

   0x0202 AC-System-Error

      This TAG indicates that the Access Concentrator experienced some
      error in performing the Host request.  (For example insufficient
      resources to create a virtual circuit.)  It MAY be included in
      PADS packets.






Mamakos, et. al.             Informational                     [Page 11]

RFC 2516             Transmitting PPP Over Ethernet        February 1999


      If there is data, and the first octet of the data is nonzero, then
      it MUST be a printable UTF-8 string which explains the nature of
      the error.  This string MAY NOT be NULL terminated.

   0x0203 Generic-Error

      This TAG indicates an error.  It can be added to PADO, PADR or
      PADS packets when an unrecoverable error occurs and no other error
      TAG is appropriate.  If there is data then it MUST be an UTF-8
      string which explains the nature of the error.  This string MUST
      NOT be NULL terminated.