Multilink PPP: One Big Virtual WAN Pipe
For all its strengths, PPP has one inherent limitation when it comes to network deployment: it is designed to handle only one physical link at a time. MLPPP does away with this restriction. MLPPP is a higher-level data link protocol that sits between PPP and the network protocol layer. It accommodates one or more PPP links, with each PPP link representing either a separate physical WAN connection or a channel in a multichannel switched service, such as ISDN or frame relay.
MLPPP's ability to combine multiple lower-speed links into a single, higher-speed data path is often referred to as WAN-independent or packet-based inverse multiplexing (see “WAN Independence” below). Packet-based inverse muxing isn't new; for instance, ISDN vendors have been offering ways to combine multiple ISDN 64Kbps B channels for some time. But up to now, these solutions have been proprietary: vendor and technology-specific. MLPPP embodies a standard approach that cuts across vendor and WAN technology lines.
MLPPP negotiates configuration options the same way as conventional PPP. However, during the negotiation process, one router or access device indicates to the other communicating device that it is willing to combine multiple connections and treat them as a single physical pipe. It does this by sending along a multilink option message as part of its initial LCP option negotiation.
Once a multilink session is successfully opened, MLPPP at the sending side receives network protocol data units (PDUs) from higher-layer protocols or applications. It then fragments those PDUs into smaller packets, adds an MLPPP header to each fragment and sends them over the available PPP links (see Figure 1). On the receiving end, the MLPPP software takes the fragmented packets from the different links, puts them in their correct order based on their MLPPP headers and reconverts them to their original network-layer PDUs.
MLPPP is independent of the actual physical links and the WAN services that run over them. This means MLPPP traffic can traverse a mix of physical and logical connections from multiple WAN services—a frame relay virtual circuit, multiple ISDN channels and an X.25 connection, for example. MLPPP functions as a logical link layer that dynamically adds or removes links between two communicating devices as bandwidth needs change. The MLPPP standard does not dictate how traffic is balanced over these member PPP links, leaving network managers free to determine how to use the available links or channels.
MLPPP's ability to combine separate PPP links into one logical data pipe is one of the most important features of the protocol. It allows additional WAN bandwidth or new WAN services to be added as needed without disrupting the existing WAN infrastructure. With MLPPP, different WAN services such as ISDN, frame relay and ATM can be used together. For instance, a network manager can establish a frame relay connection to serve as the primary link between a central site and a branch office, with ISDN serving as an adjunct when bandwidth demand rises (see Figure 2).
Through the dynamic addition and deletion of PPP links, MLPPP enables dynamic bandwidth allocation, or “rubber bandwidth”, between two peer systems. During the LCP option negotiation, all PPP links in an MLPPP group identify themselves as belonging to the same group or bundle. To add a new link or WAN service to the bundle, all that's required is attaching the appropriate MLPPP group identifier to the link. Likewise, when a member PPP link is terminated, it is automatically removed from its parent MLPPP bundle by eliminating the identifier.
PPP is WAN service-independent, so the member links of an MLPPP bundle can be associated with either permanent virtual circuits (PVCs), which have fixed end points, or switched virtual circuits (SVCs), which are dialed up on demand.
MLPPP's ability to create different groups of WAN links produces some intriguing possibilities for network managers. For instance, they could use MLPPP to segregate traffic according to the network-layer protocol. This approach would enable network managers to separate expedited control messages from normal data traffic or to queue data into separate MLPPP bundles based on application-specific requirements.
Here's an example of how MLPPP's segregated packet queueing works. Suppose a central site is connected to a remote site via two 64Kbps frame-relay links and two ISDN basic-rate interface (BRI) connections. Two types of traffic traverse these links: IP traffic from UNIX operations and DECnet traffic from a Digital Equipment Corporation VAX network. If the frame relay and ISDN channels are treated as one MLPPP bundle, both traffic types have access to the full bandwidth of the link at any given time.
The single-pipe approach makes for easier network management, but it could create problems if one traffic type starts dominating the pipe. In this example, if the UNIX IP traffic started bursting beyond 60 percent of the overall link rate, it would begin to eat into bandwidth available for DECnet, slowing performance for users on the VAX network.
With MLPPP, this problem can be avoided. The network manager can not only combine various physical interfaces to create one large pipe, but also allocate channels within that virtual pipe. For instance, the network manager can create two 128-kbit/s MLPPP bundles, each consisting of a single ISDN B channel and a 64Kbps frame-relay link. Those bundles could then be dedicated to each type of traffic.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide