Remote Access Server

PPP Network Layer Negotiation with NCP

Once the link and PPP parameters have been negotiated with LCP, the PPP peers then use a series of Network Control Protocols (NCPs) to negotiate the parameters of individual LAN protocols. Microsoft PPP supports the following NCPs:

Internet Protocol Control Protocol (IPCP) to negotiate the use of IP.
Internetwork Packet Exchange Control Protocol (IPXCP) to negotiate the use of IPX.
AppleTalk Control Protocol (ATCP) to negotiate the use of AppleTalk.
NetBIOS Frames Control Protocol (NBFCP) to negotiate the use of NetBEUI.

IPCP

Internet Protocol Control Protocol (IPCP) as used by Microsoft PPP peers is documented in RFCs 1332 and 1877. IPCP negotiates IP-based parameters to dynamically configure a TCP/IP-based PPP peer across a point-to-point link. Common IPCP options include an IP address and the IP addresses of DNS and NetBIOS name servers.

Packet Structure

IPCP uses the PPP Protocol ID of 0x80-21. The packet structure of IPCP is exactly the same for LCP, except only packet types 1 through 7 are defined. For Configure-Request, Configure-Ack, Configure-Nack, and Configure-Reject IPCP packet types, the IPCP data portion of the IPCP packet consists of one or more IPCP options. Each IPCP option consists of an Option Type field, an Option Length field indicating the total length in bytes of the option, and the data associated with the option.

Negotiated Options

Table 7.10 lists the IPCP options negotiated by Microsoft PPP peers.

Table 7.10 IPCP Options

Option Name	Option Type	Option Length	Description
IP compression protocol	2	4	Van Jacobsen TCP compression protocol.
IP address	3	6	The IP address to be allocated to the remote access client.
Primary DNS server address	129 or 0x81	6	The primary DNS server for the remote access client.
Primary NBNS server address	130 or 0x82	6	The primary NBNS (WINS) server for the remote access client.
Secondary DNS server address	131 or 0x83	6	The secondary DNS server for the remote access client.
Secondary NBNS server address	132 or 0x84	6	The secondary NBNS (WINS) server for the remote access client.

Notice that there are no IPCP options for these common TCP/IP configuration items:

Subnet mask
The subnet mask is assumed by the remote access client to be the class-based subnet mask of the IP address that is allocated to the remote access client.
Default gateway
The default gateway IP address is not allocated by the remote access server. However, a default route is created on the remote access client, which points to the remote access connection. If a default route already exists in the routing table, then the metric of the existing default route is increased and a new default route is added with a lower metric. This is the default behavior for remote access clients running Windows 32-bit operating systems and can be modified by disabling the Use Default Gateway on Remote Network setting on the TCP/IP properties of a remote access client's phone book entry or dial-up connection object.
DNS domain name
The DNS domain name configured from the TCP/IP protocol properties on the remote access server is not negotiated during IPCP. For Windows 2000 remote access clients, the DNS domain name can be obtained through a DHCPInform message. For more information, see "Remote Access and TCP/IP and IPX" later in this chapter.
NetBIOS Node Type
If the IP addresses of primary or secondary NetBIOS name servers are negotiated, then the hybrid NetBIOS node type (H-node) is assumed.

IPXCP

Internetwork Packet Exchange Control Protocol (IPXCP) as used by Microsoft PPP peers is documented in RFC 1552. IPXCP negotiates IPX-based parameters to dynamically configure an IPX-based PPP peer across a point-to-point link. Common IPXCP options include IPX network and node addresses.

Packet Structure

IPXCP uses the PPP Protocol ID of 0x80-2B. The packet structure of IPXCP is exactly the same for LCP, except only packet types 1 through 7 are defined. For Configure-Request, Configure-Ack, Configure-Nack, and Configure-Reject IPXCP packet types, the IPXCP data portion of the IPXCP packet consists of one or more IPXCP options. Each IPXCP option consists of an option Type field, an option Length field indicating the total length in bytes of the option, and the data associated with the option.

Negotiated Options

Table 7.11 lists the IPXCP options negotiated by Microsoft PPP peers.

Table 7.11 IPXCP Options

Option Name	Option Type	Option Length	Description
IPX Network Number	1	6	The IPX network number for the remote access client.
IPX Node Number	2	6	The IPX node number for the remote access client.

ATCP

AppleTalk Control Protocol (ATCP) as used by Microsoft PPP peers is documented in RFC 1378. ATCP negotiates AppleTalk-based parameters to dynamically configure an AppleTalk-based PPP peer across a point-to-point link. Common ATCP options include an AppleTalk address and server information.

Packet Structure

ATCP uses the PPP Protocol ID of 0x80-29. The packet structure of ATCP is exactly the same as LCP, except that only packet types 1 through 7 are defined. For Configure-Request, Configure-Ack, Configure-Nack, and Configure-Reject ATCP packet types, the ATCP data portion of the ATCP packet consists of one or more ATCP options. Each ATCP option consists of an option Type field, an option Length field indicating the total length in bytes of the option, and the data associated with the option.

Negotiated Options

Table 7.12 lists the ATCP options negotiated by Microsoft PPP peers.

Table 7.12 ATCP Options

Option Name	Option Type	Option Length	Description
AppleTalk Address	1	6	Negotiates the AppleTalk network and node numbers
Server Information	3	16	Used to convey information about the remote access server

NBFCP

NetBIOS Frames Control Protocol (NBFCP) as used by Microsoft PPP peers is documented in RFC 2097. NBFCP negotiates NetBEUI-based parameters to dynamically configure a NetBEUI-based PPP peer across a point-to-point link. Common NBFCP options include multicast filtering options and peer information.

Packet Structure

NBFCP uses the PPP Protocol ID of 0x80-3F. The packet structure of NBFCP is exactly the same for LCP, except that only packet types 1 through 7 are defined. For Configure-Request, Configure-Ack, Configure-Nack, and Configure-Reject NBFCP packet types, the NBFCP data portion of the NBFCP packet consists of one or more NBFCP options. Each NBFCP option consists of an option Type field, an option Length field indicating the total length in bytes of the option, and the data associated with the option.

Negotiated Options

Table 7.13 lists the NBFCP options negotiated by Microsoft PPP peers.

Table 7.13 NBFCP Options

Option Name	Option Type	Option Length	Description
Multicast filtering	3	5	Negotiates the handling of multicast packets
Peer information	2	17	Used to convey NetBIOS configuration information

Compression Control Protocol

Compression Control Protocol (CCP) is documented in RFC 1962. CCP negotiates parameters to dynamically configure, enable, and disable data compression algorithms between PPP peers across a point-to-point link. Common CCP options include an organization identifier and the use of MPPC.

Packet Structure

CCP uses the PPP Protocol ID of 0x80-FD. The packet structure of CCP is exactly the same for LCP, except only packet types 1 through 7 are defined. For Configure-Request, Configure-Ack, Configure-Nack, and Configure-Reject CCP packet types, the CCP data portion of the CCP packet consists of one or more CCP options. Each CCP option consists of an option Type field, an option Length field indicating the total length in bytes of the option, and the data associated with the option.

Negotiated Options

Table 7.14 lists the CCP options negotiated by Microsoft PPP peers.

Table 7.14 CCP Options

Option Name	Option Type	Option Length	Description
Organization Unique Identifier	0	6 or larger	Used to negotiate an organization's proprietary compression protocol.
MPPC	18 or 0x12	6	Used to indicate the use of MPPC, MPPE, and the encryption strength.

MPPE and MPPC

With CCP option 18, Microsoft PPP peers negotiate both MPPC and MPPE at the same time. The option data field for CCP option 18 is 4 bytes (32 bits) long. Bits within this data field are used as flags to indicate:

Whether compression is enabled (0x00-00-00-01).
Whether 40-bit session keys are derived from the LAN Manager version of the user's password (0x00-00-00-10).
Whether 40-bit session keys are derived from the Windows NT version of the user's password (0x00-00-02-00).
Whether 56-bit session keys are derived from the Windows NT version of the user's password (0x00-00-00-80).
Whether 128-bit session keys are derived from the Windows NT version of the user's password (0x00-00-00-40).
Whether the encryption keys are refreshed with each PPP frame (0x01-00-00-00).

For multiple choices, the flag values are added together. For example, for compression (0x00-00-00-01) and 128-bit encryption keys (0x00-00-00-40), the resulting 32-bit option data field is set to 0x00-00-00-41.

For more information about MPPE, see the Internet draft, "Microsoft Point-To-Point Encryption (MPPE) Protocol."

ECP

The Encryption Control Protocol (ECP) is used to negotiate a specific encryption method and is documented in RFC 1968. However, for Microsoft PPP peers, the only encryption that is supported is MPPE that is negotiated during CCP with the negotiation of MPPC. Therefore, Microsoft PPP peers do not use ECP.