Solutions for ISPs
Standard Setup
Custom Setup
SAGE for Broadband
WinPoET for PPPoE
Phonebook Management
[ WinPoET FAQ ]
Point to Point Protocol over Ethernet (PPPoE) Frequently Asked Questions

What is PPP over Ethernet (PPPoE)?

Point to Point Protocol over Ethernet is a proposal specifying how a host personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc) to achieve access to the growing number of High speed data networks. Relying on two widely accepted standards, Ethernet and the point-to-point protocol (PPP), the PPPoE implementation requires virtually no more knowledge on the part of the end user other than that required for standard Dial up Internet access. In addition, PPPoE requires no major changes in the operational model for Internet Service Providers (ISPs) and carriers. The significance of PPP over Ethernet has to do with its far greater ease of use versus competing approaches. By making high speed access easier to use for end consumers, and more seamless to integrate into the existing infrastructure for carriers and ISPs, PPPoE could speed the widespread adoption of High speed access services

Also, PPP over Ethernet provides a major advantage for service providers by maximizing integration with - and minimizing disruption of - service providers' existing dial network infrastructures. Through tight integration with existing back office automation tools that ISPs have developed for dial customers, PPPoE enables rapid service deployment and cost savings. From authentication, accounting and secure access to configuration management, PPPoE supports a broad range of existing applications and services.

The base protocol is defined in RFC 2516.

How does a subscriber use PPPoE?

Keeping the user interface simple is critical for keeping user-generated errors down yet many other non-PPPoE methods require substantial user configuration of the modem and, in some cases, require users to install ATM network interface cards (NICs) in their personal computers, all of which requires substantial user technical knowledge.

In PPP over Ethernet, each session learns the Ethernet address of the remote peer to create a unique session identifier. And all this is done by requiring little or no configuration on the part of the end-user. By combining two standards, Ethernet and PPP, into PPPoE, no more knowledge is required of the end-user than is required to set up standard dial-up Internet access. The PPPoE solution uses existing PC hardware and software, existing Ethernet NICs, and existing ADSL/DSL modems. It requires no special configuration or additions to the customer premise modem or ADSL/DSL access network. Further, PPPoE does not alter in any way the collection of PPP protocols vital to ISPs wishing to deliver ADSL/DSL or other broadband services using their existing network model.

Can you explain the PPPoE discovery stage?

The PPPoE Discovery Stage is made up of four steps: initiation, offer, request, and session confirmation:
  • The PPPoE Active Discovery Initiation (PADI) packet:
    The PPPoE client sends out a PADI packet to the broadcast address. This packet can also populate the "service-name" field if a service name has been entered on the dial-up networking properties of the PPPoE broadband connectoid. If a service name has not been entered, this field cannot be populated.
  • The PPPoE Active Discovery Offer (PADO) packet:
    The PPPoE server, or Access Concentrator, should respond to the PADI with a PADO if the Access Concentrator is able to service the "service-name" field that had been listed in the PADI packet. If no "service-name" field had been listed, the Access Concentrator should respond with a PADO packet that has the "service-name" field populated with the service names that the Access Concentrator can service. The PADO packet is sent to the unicast address of the PPPoE client.
  • The PPPoE Active Discovery Request (PADR) packet:
    When a PADO packet is received, the PPPoE client responds with a PADR packet. This packet is sent to the unicast address of the Access Concentrator. The client may receive multiple PADO packets, but the client responds to the first valid PADO that the client received. If the initial PADI packet had a blank "service-name" field filed, the client populates the "service-name" field of the PADR packet with the first service name that had been returned in the PADO packet.
  • The PPPoE Active Discovery Session-confirmation (PADS) packet:
    When the PADR is received, the Access Concentrator generates a unique session identification (ID) for the Point-to-Point Protocol (PPP) session and returns this ID to the PPPoE client in the PADS packet. This packet is sent to the unicast address of the client.

Why would PPPoE be used?

PPPoE is used to allow Internet Service Providers (ISPs) the use of their existing Radius authentication systems from their Dial-Up service on a Broadband / Ethernet based service. Dial-Up is PPP, most broadband connections are Ethernet, hence Point to Point Protocol over Ethernet. It also allows for ISPs to resell the same line multiple times. IE: Rated services, Broadband specific content (movies, etc.), metered services, etc.

As an ISP why would we use PPPoE?

The items that need to be remembered are the advantages that PPPoE offers to a provider that PPPoA does not: Brand Management, Revenue Generating Options and Decreased Call Center Support.
PPPoE offers the luxury of being able to easily set up multiple models that allow a provider to resell the same line to one customer multiple times for additional services and/or create multiple options to give more services to choose from to increase their customer base.

Sell the same line multiple times with multiple Services
  • Basic Internet Service This is the basic flat service, that your customer would be using, you could offer multiple services on top of this for additional monthly revenue, for example:
  • Movie Server Partner with a content provider and set up a movie server that you could sell a userid IP and password to access the server and charge by the month, or by the movie etc.
  • Streaming Radio Server - Partner with a content provider and set up a Streaming Radio (music) server that you could sell a userid IP and password to access the server and charge by the month.
  • Video Game Server - Partner with a content provider and set up a Video Game server that you could sell a userid IP and password to access the server and host video games tournaments and charge by the month
  • The above 3 examples are all hosted locally and only customers on your network with a userid and password can access them so all the traffic is local creating no additional bandwidth charges to the provider.
  • Speed Options instead of supporting home network offer multiple userids on the same line that each get their own dedicated speeds, this would be set up via the radius attributes for each userid so they would each have a set speed assigned to that userid. Charge each the flat basic internet service fee.
  • Rated Access provide a userid for children which has G rated access to the Internet only and is filtered at the Provider end so children cant shut it off. Charge the account holder a reduced monthly fee for this service (or offer it as a value add for great marketing).
More Service Options
  • Time Packages Customer may only want 5 hours broadband hours per month due to travel etc so offer different hourly packages at discounted rates and offer an unlimited package for the average user who does not want to worry about hours.
  • Data amount Packages Bandwidth is expensive, charge users for the bandwidth they use so offer different monthly data transfer packages at discounted rates with a charge for overage and offer an unlimited package for the average user who does not want to worry about hours (done in much of the Canadian Market, as well as Australia etc).
  • Multiple Speed Packages Provision line once for full speed then create speed packages and throttle the speed by userid (both upload and download) in the radius server instead of a truck roll to the hardware to re-provision the line for a new speed package.
  • Rated Access Accounts Set up packages which has rated access to the Internet only and are filtered at the Provider end so customers cant bypass them. Offer G rate, PG, AA, R, and X packages each with a monthly price associated.
  • Personal IP for that user that needs a static IP, set up radius to give that person the same IP on every login, charge a larger monthly price for this package (or offer it as a value add for marketing opportunities).
Ease of Sign up / Advertising
  • Use of market existing up sign up software to sign up and provision broadband account attributes with out need of a truck roll if line is currently provisioned for service, if line is not provisioned you could still use the sign up software but it could not avoid you a truck roll if equipment has to be turned on or installed, but if line was already provisioned all above mentioned packages could be advertised in sign up software and provisioned automatically with sign up software
  • Dynamic Service Selection (to advertise multiple services without advertising dollars). With PPPoE Broadband Management Servers you can set up the servers (or services available) and a PPPoE client side application can see these services and advertise them to the end user at no cost to the provider, making for free advertising.
Wholesale Market
  • Forget call center costs etc, whole sale your access to other providers and charge them a flat fee per month per customer that they sign up and support

What is the difference between PPPoE and PPPoA?

Point to Point Protocol over Ethernet (PPPoE) and Point to Point Protocol over ATM (PPPoA) are both technologies that offer a provider the opportunity to roll out broadband services. This document will show why PPPoE should be chosen over PPPoA.

Advantages of a PPP based broadband service
Both PPPoE and PPPoA offer many of the same advantages; to begin we'll exam the mutual advantages they share.
  • End user authentication to the network, forces the end user to authenticate to a radius server before being allowed access to the network.
  • Billing options, gives the provider the ability to offer different billing options, by time, by data, unlimited or by services purchased.
  • IP address conservation, a provider can limit the number of IPs a specific user can receive or can force a user off the connection at will.
  • Wholesale business model, a provider can choose to rent the local loop to another provider who can intern sell access to a user.
  • Trouble shooting, a provider can easily tell what users are on or off on a per user basis.
  • Scalable, all authentication, authorization, and accounting can be handled for every user using existing Radius server.
  • Invisible to end user, both can be integrated in the Customer Premise Equipment CPE making the connection process invisible to the end user though we do recommend they stay off the CPE but it is easily done and PPPoA is traditionally only on the CPE.
  • Service Selection, both can be used to offer multiple services and service selection.
Negatives of PPPoA
PPPoA has negatives that are not present in PPPoE, but PPPoE has no negative features that are not also present in PPPoA, we'll exam the negatives of PPPoA here.
  • Only a single session per CPE can be established. In PPPoE we offer the ability to log in to multiple services or create multiple sessions all at the same time over the same line.
  • CPE setup and access, in general PPPoA must be configured on the CPE itself, PPPoA software is not available on platforms. Either the CPE must support PPPoE or an ATM network interface must be installed in the PC. ATM network interface cards are expensive and both can be difficult for an end user to configure. Once an end user has the ability to configure the CPE it opens up the problem for incorrect configurations making trouble shooting by the provider very difficult resulting in increased support costs.
What if the CPE was pre configured by the provider? This leads to increased fulfillment costs. The provider would then have to configure each CPE separately to enter the customers userid and password and loses the ability to batch process the CPE Positives only found in PPPoE.

PPPoE has positive features that can not be found in PPPoA
We'll look at those now.
  • Brand management, by having the customer use software to log on and off they force the user to see the providers brand, logo or company name. Word of mouth is the strongest form of advertising.
  • Increased revenue opportunities, with PPPoE we can offer the ability to log in to multiple services or create multiple sessions all at the same time over the same line. What do we mean by multiple services? How about a special account for a child that gives them G rated access only? How about a dedicated movie or music server?
  • Ease of support, PPPoE software has troubleshooting and help files built in to the application. If an error occurs the error message can be present to the end user with a possible resolution preventing the customer from ever having to call the provider for help. In PPPoA everything is done in the CPE meaning when a problem occurs the only notification is lights on the CPE which tell a user nothing.
  • End User Familiarity, client side software present users with the familiar look and feel of dial-up which if purchasing a broadband service means they are almost 100% familiar with the dial-up look and fee reducing their learning curve to use the new service.
  • Works in existing environment, if a provider already offers an Ethernet based service PPPoE can be implements without changing the existing CPE, as mentioned above PPPoA needs an ATM interface.
Negatives found in PPPoE
The only negative that is ever raised only found in PPPoE is that you must have software installed on the client side. As shown above this is actually a positive that needs to be reinforced to a provider.

Key reasons why PPPoE should be used over PPPoA
Above we've shown the shared advantages of both, the major disadvantages of PPPoE and the Major advantages of PPPoE. The items that need to be remembered are the advantages that PPPoE offers to a provider that PPPoA does not: Brand Management, Revenue Generating Options and Decreased Call Center Support.

What is the difference between PPPoE and PPTP?


Disadvantages of PPTP not found in PPPoE
Bruce Schneier is an internationally renowned security technologist and author has found many security flaws in Microsofts PPTP implementation and only in Microsofts implementation, they are as follows:
  • Microsofts PPTP server allows attacks to sniff passwords across the network, break the encryption scheme and read confidential data.
  • Microsofts PPTP server is also set up in a way leaving it open to denial of service attacks.
  • anyone can cause a Microsoft PPTP server to go belly up. Well, anyone who can see the server. Since the its a VPN server anyone in the world can see it and gain access to it not only the customers on your network.
All findings where backed up by Counterpane Systems. More detailed information can be found at

The above disadvantages are not found in PPPoE more specifically in Fine Point Technologies ServPoET and WinPoET combination.

A PPPoE termination point, such as ServPoET can not be seen by outsiders to an ISPs network. VPN technologies are set up and created in a way that anyone, anywhere can (with a userid and password) gain access to that network. PPPoE is designed that only users connected to that specific network can gain access to that specific PPPoE termination point. To show this let's briefly explain the PPPoE discovery phase:

The PPPoE Discovery Stage is made up of four steps: initiation, offer, request, and session confirmation:
  1. The PPPoE Active Discovery Initiation (PADI) packet:
    The PPPoE client sends out a PADI packet to the broadcast address.
  2. The PPPoE Active Discovery Offer (PADO) packet:
    The PPPoE server, or Access Concentrator, responds to the PADI with a PADO
  3. The PPPoE Active Discovery Request (PADR) packet:
    When a PADO packet is received, the PPPoE client responds with a PADR packet.
  4. The PPPoE Active Discovery Session-confirmation (PADS) packet:
    When the PADR is received; the Access Concentrator generates a unique session identification (ID) for the Point-to-Point Protocol (PPP) session and returns this ID to the PPPoE client in the PADS packet.
After that point userid and password are authenticated and the customer can access the internet.

The above steps can only happen for a user who is directly connected to that specific network. PPTP works in a way that any user can access it and well explain that next:
When configuring a VPN connection he VPN (PPTP) server needs to have a IP address so a customer can enter that in to the VPN software in Microsoft. This has to be made public so that your customers can configure the software. Once that is made public it now means an user anywhere in the world can access it. They may not have a userid and password but as weve pointed out above that is not a difficult road block to get past.

We feel by showing the points above that PPPoE actually is a more secure and robust solution for a Provider over Microsofts PPTP / VPN implementation.

Are there PPPoE clients for all OS?

Yes, WinPoET and MacPoET are examples of client side PPPoE software for Windows and Macintosh respectively

Why as an ISP would we want to roll out PPPoE software instead of using it in the modem we ship out?

Simply put brand management, when ever 3rd party applications are launched the customer is forced to see the ISPs branding on the connect screen of the PPPoE client, for example with. Also WinPoET by default upon install you can force the browser to launch after connect and force the user to go to your web site again reinforcing brand management.

One of the reasons ISPs would implement PPPoE in the CPE is the thought of reduced call centre support time. Traditionally the thought was, having to install 3rd party software on the PC would cause problems with the PC meaning more calls to the Call Centre for support, this is not the case many problems occur for an ISP call centre when Client-Side PPPoE is no longer an option.

With Client-Side PPPoE Software, when a problem in the connection occurs the user is made aware of it and in most cases given an error message as to what has happened as well as what the possible solution may be. With CPE PPPoE this no longer happens, the End User is blind as to why there is a problem which means a frantic uneducated call to the call centre. In turn the ISP could grant an End User access to the CPE directly to see possible error messages. When this is done the End User has the ability to break the CPE configuration, if the CPE configuration is broken the ISP loses the ability to communicate with the CPE directly, causing another uneducated call to the Call Centre.

What is a PPPoE Termination unit?

PPPoE Termination units (also known as Access Concentrators (AC), Broadband Management Servers (BMS), and Broadband Residential Access Servers (BRAS)) answer the PPPoE request coming from a client side PPPoE application (WinPoET). After the PPPoE process (Involving a PADI, PADO, PADR and PADS) there is PPP negotiation and Radius authentication. Once all this is complete the subscriber can now surf the Internet through their service providers network.

What can I do with a PPPoE Server?

You could offer tiered levels of service.

For Example:
Different levels of Speed can be set by userid in a product like ServPoET. Maybe you want to charge your users by the hour or minute you could also charge your users by the "byte".

ServPoET, offer the ability to roll out Dynamic Service Selection. This option allows you to set up different services and allows customers the ability to log in to them if you've set that up in your profile. With WinPoET, the customer can be shown that services are available for them to access (of course you'd want to charge them for use of these services).



PPPoE simplifies and enhances the end-user experience by allowing the dynamic selection of service offerings or retail ISPs in wholesale networks, much as TV viewers select channels. With PPPoE, access control, billing and service type can be controlled per-user offering ISPs many new ways of increasing revenues and offering new services.

When a router receives the frame, it reads the control information provided by the CPE then it strips the control information from the frame. It passes the frame up to the next layer, following the instructions that appeared in the control portion of the frame. Each subsequent layer will perform this same de-encapsulation process. With PPPoE this needs to be done with the Ethernet header, the PPPoE header, and then the PPP header leaving the TCP/IP payload. This operation is then done in reverse when the frame comes from the provider through the termination device to the CPE. This CPU intensive and memory intensive process leaves many trouble areas in Next Generation and Legacy routers, as well as this function has to be done at wire speed to not impact time sensitive applications such as VoIP.

Capacity Intense
Terminating PPPoE is a CPU/memory-intensive process. Terminating PPPoE on hardware intended for routing and optimized for this service therefore greatly reduces its routing capability. For example, a router capable of routing 96,000 sessions generally can terminate only 8000 PPPoE sessions under real-world conditions. This is only about 8% of the router's originally estimated capacity. Starting with zero customers, a network built out to reach capacity in five years without router-terminating PPPoE would reach capacity in approximately 4.8 months with the added overhead of PPPoE termination. The cost of buying more routing hardware to regain the lost capacity can be prohibitive.

Impact on Delivering New Services
As next-generation routers are introduced, new services and features, such as Voice over IP (VoIP), become easier to deliver if router capacity is available to offer them. But a next-generation router operating at peak usage due to PPPoE termination does not have the resources available to offer next-generation services. This forces large capital investment to purchase a second router to regain the network capacity required for the new services and features.

Hardware Expense
With the small margins of profit per customer on broadband Internet connections, using expensive next-generation routers to terminate PPPoE dramatically increase the time necessary to recover the cost of installing an average customer. If a router could operate at maximum capacity this would not be an issue. But with a router handling only 8% of expected capacity; the cost per subscriber to route and terminate PPPoE can be as high as $15 per subscriber.

At a profit margin per customer of only $2 per month, achieving profit after other installation costs (modem, software, and so on) have been covered would take approximately 7.5 months.

The PPPoE server is a single point of failure in a network. If this one piece of equipment, which all customers must access to get online, fails, all customers can no longer access the Internet. This results in increased call center traffic and higher operating costs per customer. Multiple PPPoE servers capable of seamless loading balancing are the answer to this problem but traditional and next-generation routers that include PPPoE functionality do not offer native load-balancing technology. Considering the high cost of next-generation routers, the unavailability of built-in load balancing limits the network engineer's options for creating a redundant network capable of 99.999% uptime.

As the previous section has shown, terminating PPPoE on existing router hardware is a costly approach to leveraging the value of PPPoE connectivity. This PPPoE termination problem can be simply and efficiently addressed by introducing to the network a unit designed specifically and only for PPPoE termination. The PPPoE termination unit in this case is the Fine Point Technologies ServPoET BMS, shown connected between a PPPoE aggregation unit and the legacy (or next-generation) router.

Offloading PPPoE from either legacy routers or next-generation equipment affords multiple advantages to a service provider, including increased network capacity, faster return on investment, and lower per-subscriber cost.

Increased Network capacity
Offloading PPPoE termination from the router increases available network capacity by a factor of approximately 11. Now the router is no longer a bottleneck, and network resources are optimized for more efficient routing, bandwidth usage and value-added service delivery.

The router is freed to route the amount of prospective customers it was built out to handle, regaining its target threshold capacity. The full router capacity is now available for the introduction of value-added and next-generation services.

A Load-Balanced, Redundant Network
The low cost of units designed specifically to terminate PPPoE sessions makes for a much more cost-effective solution than using routers to terminate PPPoE. The money saved allows the purchase of multiple PPPoE termination units, allowing the service provider to build and support a redundant network for 99.999% uptime.

A unit specifically designed for PPPoE termination can be engineered to include native clustering technology. One such unit, the Fine Point Technologies ServPoET BMS, can be clustered to enable automatic load balancing of PPPoE network traffic among clustered units for improved service levels. The ServPoET SmartCluster technology evenly distributes sessions among cluster members, automatically removing members that fail or become unreachable. New cluster members can be hot-added to expand an existing cluster for additional capacity and performance, allowing administrators to scale their services with unprecedented time and cost savings.

Return on Investment
With the small margins of profit per customer on Broadband Internet connections a cost effective solution can dramatically decrease the time necessary to recover the cost of installing a customer. Per-customer time to profitability is greatly reduced.
In many cases, the result is an eleven fold increase in the life of the network before heavy capital must be invested to expand or upgrade it. The life span of the router is also increased because it is not continually working at 90 to 100% CPU and memory capacity, increasing the time before the unit fails and must be taken offline for service.

Lower Per-Subscriber Cost
Using a unit specifically designed for terminating PPPoE can reduce cost per subscriber to as little as $2. Installing a PPPoE termination unit is a one-time cost, so the cost to terminate each subscriber decreases as the units in-service time increases.

Assuming a service provider per-customer profit margin of only $2 per month, it would take approximately 7.5 months to gain profit per customer after the cost of other installation aspects (modem, software, and so onapproximately $15 per subscriber) are covered. With this new model, profits begin immediately after installation costs have been covered typically, beginning with the second month of service. Figure 6 compares the two PPPoE termination options.

Offloading PPPoE from a legacy or next-generation router to dedicated PPPoE termination hardware allows a service provider to free valuable network resources and expand the network without high capital investment. Especially when load-balancing-capable PPPoE termination hardware is used, offloading PPPoE can reduce time to profitability per customer and speed the delivery of value-added and next-generation Internet services.

Copyright © 1998-2008, Inc