2013年9月5日 星期四

LCP, Authentication, and NCP Stage

Within some of the PPP phases described previously, PPP also goes into specific stages such as LCP negotiation, authentication, and NCP negotiation. For more information, refer to RFC 1548 leavingcisco.com and RFC 1661 leavingcisco.com.

LCP (Mandatory Phase)

LCP is a phase in which parameters to establish, configure, and test the data-link connection are negotiated. An LCP state of open means that LCP was successfully completed, while an LCP state of closed indicates an LCP failure.
This diagram shows a conceptual view of an LCP handshake:
debug_ppp_negotiation1.gif
The LCP negotiation also uses a parameter called MagicNumber, which is used to determine if the link is looped back. A random string is sent across the link and, if the same value is returned, then the router determines that the link is looped back.

Authentication (Optional Phase by Default)

In this stage, the authentication is performed with the authentication protocol (CHAP or PAP) agreed upon in LCP negotiation. For PAP related information, refer to Configuring and Troubleshooting PPP Password Authentication Protocol (PAP).
For CHAP related information, refer to Understanding and Configuring PPP CHAP Authentication.
Note: Authentication is optional and PPP only enters this stage if it needs to authenticate.

NCP (Mandatory Phase)

This phase is used to establish and configure different network-layer protocols. The most common L3 protocol negotiated is IP. The routers exchange IP Control Protocol (IPCP) messages to negotiate options specific to the protocol (IP in this example).
RFC 1332 leavingcisco.com says that IPCP negotiates two options: compression and IP address assignments. However, IPCP is also used to pass network related information such as primary and backup Windows Name Service (WINS) and Domain Name System (DNS) servers.
The negotiation occurs with the use of CONF messages, as described in the PPP Negotiation Packets: A Description section of this document.

From: http://www.cisco.com/en/US/tech/tk713/tk507/technologies_tech_note09186a00800ae945.shtml

DNSSEC安全技術簡介 作者:游子興 / 臺灣大學計算機及資訊網路中心網路組約聘幹事 DNS 是一套已經廣泛使用的Internet 服務,但因先天的技術限制導致容易成為駭客攻擊的目標。本文主要在介紹DNSSEC 之緣起與技術背景,及其使用的加解密技術如何確保資料的完整...