L2TP, Level 2 Tunneling Protocol

Description Glossary RFCs Publications Obsolete RFCs


Protocol suite: TCP/IP.
Protocol type:Application layer tunneling protocol.
IP protocol:115.
Port:1701 (UDP).
Related protocol: L2F, Layer 2 Forwarding.
Working groups: l2tpext, Layer Two Tunneling Protocol Extensions.
pppext, Point-to-Point Protocol Extensions.
IANA: L2TP parameters.

RFC 2661:

PPP defines an encapsulation mechanism for transporting multiprotocol packets across layer 2 (L2) point-to-point links. Typically, a user obtains a L2 connection to a Network Access Server (NAS) using one of a number of techniques (e.g., dialup POTS, ISDN, ADSL, etc.) and then runs PPP over that connection. In such a configuration, the L2 termination point and PPP session endpoint reside on the same physical device (i.e., the NAS).

L2TP extends the PPP model by allowing the L2 and PPP endpoints to reside on different devices interconnected by a packet-switched network. With L2TP, a user has an L2 connection to an access concentrator (e.g., modem bank, ADSL DSLAM, etc.), and the concentrator then tunnels individual PPP frames to the NAS. This allows the actual processing of PPP packets to be divorced from the termination of the L2 circuit.

Level 2 tunneling protocols have seen wide use in both small and large networks. VPN services are available from providers such as IP Virtual Private Networks with AT & T, Cisco and Verizon.

MAC header IP header UDP header L2TP header Data :::

L2TP header, version 2:

0001020304050607 0809101112131415 1617181920212223 2425262728293031
T L 0 S 0 O P 0 Version Length
Tunnel ID Session ID
Ns Nr
Offset Size Offset Pad :::
Data :::

T, Message Type. 1 bit.
Specifies if this is a data or control message.

0Data message.
1Control message.

L, Length present. 1 bit.
Control messages MUST have this bit set.

S, Sequence present. 1 bit.
If set, the Ns and Nr fields are present. Control messages MUST have this bit set.

O, Offset present. 1 bit.
If set, the Offset Size field is present. Control messages MUST have this bit cleared to zero.

P, Priority. 1 bit.
If set, this data message should receive preferential treatment in its local queuing and transmission. LCP echo requests used as a keepalive for the link, for instance, should generally be sent with this bit set. Without it, a temporary interval of local congestion could result in interference with keepalive messages and unnecessary loss of the link. This feature is only for use with data messages. Control messages MUST have this bit cleared to zero.

Version. 4 bits.
Indicates the L2TP protocol version. The value 1 is reserved to permit detection of L2F packets should they arrive intermixed with L2TP packets. Packets received with an unknown value MUST be discarded.

Length. 16 bits. Optional.
Total length of the message in bytes. This field exists only if the L bit is set.

Tunnel ID. 16 bits.
Indicates the identifier for the control connection. L2TP tunnels are named by identifiers that have local significance only. That is, the same tunnel will be given different Tunnel IDs by each end of the tunnel. Tunnel ID in each message is that of the intended recipient, not the sender. Tunnel IDs are selected and exchanged as Assigned Tunnel ID AVPs during the creation of a tunnel.

Session ID. 16 bits.
Indicates the identifier for a session within a tunnel. L2TP sessions are named by identifiers that have local significance only. That is, the same session will be given different Session IDs by each end of the session. Session ID in each message is that of the intended recipient, not the sender. Session IDs are selected and exchanged as Assigned Session ID AVPs during the creation of a session.

Ns, sequence number. 16 bits. Optional.
Indicates the sequence number for this data or control message, beginning at zero and incrementing by one (modulo 2**16) for each message sent.

Nr, sequence number expected. 16 bits. Optional.
Indicates the sequence number expected in the next control message to be received. Thus, Nr is set to the Ns of the last in-order message received plus one (modulo 2**16). In data messages, Nr is reserved and, if present (as indicated by the S bit), MUST be ignored upon receipt.

Offset Size. 16 bits. Optional.
Specifies the number of bytes past the L2TP header at which the payload data is expected to start. Actual data within the offset padding is undefined. If the offset field is present, the L2TP header ends after the last byte of the offset padding. This field exists if the O bit is set.

Offset Pad. Variable length. Optional.

Data. Variable length.

AVP, Attribute Value Pair.
(RFC 2661) The variable length concatenation of a unique Attribute (represented by an integer) and a Value containing the actual value identified by the attribute. Multiple AVPs make up Control Messages which are used in the establishment, maintenance, and teardown of tunnels.

0001020304050607 0809101112131415 1617181920212223 2425262728293031
M H 0 AVP Length AVP Vendor ID
AVP Type AVP Value :::

M, Mandatory. 1 bit.
(RFC 2661) Controls the behavior required of an implementation which receives an AVP which it does not recognize. If the M bit is set on an unrecognized AVP within a message associated with a particular session, the session associated with this message MUST be terminated. If the M bit is set on an unrecognized AVP within a message associated with the overall tunnel, the entire tunnel (and all sessions within) MUST be terminated. If the M bit is not set, an unrecognized AVP MUST be ignored. The control message must then continue to be processed as if the AVP had not been present.

H, Hidden. 1 bit.
(RFC 2661) Identifies the hiding of data in the Attribute Value field of an AVP. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP.

AVP Length. 10 bits, 6 to 1023.
The number of bytes contained in this AVP. The length is calculated as 6 + the length of the Attribute Value field in bytes. If the length is set to 6, then the AVP Value field is absent.

AVP Vendor ID. 16 bits.
(RFC 2661) The IANA assigned "SMI Network Management Private Enterprise Codes" value. The value 0, corresponding to IETF adopted attribute values, is used for all AVPs defined within this document. Any vendor wishing to implement their own L2TP extensions can use their own Vendor ID along with private Attribute values, guaranteeing that they will not collide with any other vendor's extensions, nor with future IETF extensions.

AVP Type. 16 bits.

0Message Type. RFC 2661
1Result Code. RFC 2661
2Protocol Version. RFC 2661
3Framing Capabilities. RFC 2661
4Bearer Capabilities. RFC 2661
5Tie Breaker. RFC 2661
6Firmward Revision. RFC 2661
7Host Name. RFC 2661
8Vendor Name. RFC 2661
9Assigned Tunnel ID. RFC 2661
10Receive Window Size. RFC 2661
11Challenge. RFC 2661
12Q.931 Cause Code. RFC 2661
13Response. RFC 2661
14Assigned Session ID. RFC 2661
15Call Serial Number. RFC 2661
16Minimum BPS. RFC 2661
17Maximum BPS. RFC 2661
18Bearer Type. RFC 2661
19Framing Type. RFC 2661
21Called Number. RFC 2661
22Calling Number. RFC 2661
23Sub-Address. RFC 2661
24Tx Connect Speed BPS. RFC 2661
25Physical Channel ID. RFC 2661
26Initial Received LCP CONFREQ. RFC 2661
27Last Sent LCP CONFREQ. RFC 2661
28Last Received LCP CONFREQ. RFC 2661
29Proxy Authen Type. RFC 2661
30Proxy Authen Name. RFC 2661
31Proxy Authen Challenge. RFC 2661
32Proxy Authen ID. RFC 2661
33Proxy Authen Response. RFC 2661
34Call Errors. RFC 2661
35ACCM. RFC 2661
36Random Vector. RFC 2661
37Private Group ID. RFC 2661
38Rx Connect Speed. RFC 2661
39Sequencing Required. RFC 2661
40Rx Minimum. RFC 3301
41Rx Maximum. RFC 3301
42Service Category. RFC 3301
43Service Name. RFC 3301
44Calling Sub-Address. RFC 3301
45VPI/VCI Identifier. RFC 3301
46PPP Disconnect Cause Code. RFC 3145
47CCDS. RFC 3308
48SDS. RFC 3308
49LCP Want Options. RFC 3437
50LCP Allow Options. RFC 3437
51LNS Last Sent LCP Confreq. RFC 3437
52LNS Last Received LCP Confreq. RFC 3437
53Modem On-Hold Capable. RFC 3573
54Modem On-Hold Status. RFC 3573
55PPPoE Relay. RFC 3817
56PPPoE Relay Response Capability. RFC 3817
57PPPoE Relay Forward Capability. RFC 3817
58Extended Vendor ID. RFC 3931
59Message Digest.RFC 3931
60Router ID.RFC 3931
61Assigned Control Connection ID.RFC 3931
62Pseudowire Capabilities List.RFC 3931
63Local Session ID.RFC 3931
64Remote Session ID.RFC 3931
65Assigned Cookie.RFC 3931
66Remote End ID.RFC 3931
67Application Code.RFC 3931
68Pseudowire Type.RFC 3931
69L2-Specific Sublayer.RFC 3931
70Data Sequencing.RFC 3931
71Circuit Status.RFC 3931
72Preferred Language.RFC 3931
73Control Message Authentication Nonce.RFC 3931
74Tx Connect Speed.RFC 3931
75Rx Connect Speed.RFC 3931
76Failover Capability.RFC 4951
77Tunnel Recovery.RFC 4951
78Suggested Control Sequence.RFC 4951
79Failover Session State.RFC 4951
80Multicast Capability RFC 4045
81New Outgoing Sessions. RFC 4045
82New Outgoing Sessions Acknowledgement. RFC 4045
83Withdraw Outgoing Sessions. RFC 4045
84Multicast Packets Priority. RFC 4045
85Frame-Relay Header Length.RFC 4591
86ATM Maximum Concatenated Cells.RFC 4454
87OAM Emulation Required.RFC 4454
88ATM Alarm Status.RFC 4454
89Attachment Group Identifier.RFC 4667
90Local End Identifier.RFC 4667
91Interface Maximum Transmission Unit.RFC 4667
92FCS Retention.RFC 4720
93Tunnel Switching Aggregator ID. 
94MRU, Maximum Receive Unit.RFC 4623
95MRRU, Maximum Reassembled Receive Unit.RFC 4623
96VCCV Capability.RFC 5085
97Connect Speed Update.RFC 5515
98Connect Speed Update Enable.RFC 5515
99TDM Pseudowire.RFC 5611
100RTP.RFC 5611
101Pseudowire Switching Point.RFC 6073

AVP Value. Variable length.


LAC, L2TP Access Concentrator.
(RFC 3070) A device attached to the switched network fabric (e.g., PSTN or ISDN) or co-located with a PPP end system capable of handling the L2TP protocol. The LAC need only implement the media over which L2TP is to operate to pass traffic to one or more LNS's. It may tunnel any protocol carried within PPP.

LNS, L2TP Network Server.
(RFC 3070) LNS operates on any platform capable of PPP termination. The LNS handles the server side of the L2TP protocol. L2TP is connection-oriented.

ZLB, Zero-Length Body Message.
(RFC 2661) A control packet with only an L2TP header. ZLB messages are used for explicitly acknowledging packets on the reliable control channel.


[RFC 2661] Layer Two Tunneling Protocol "L2TP".

[RFC 2809] Implementation of L2TP Compulsory Tunneling via RADIUS.

[RFC 2888] Secure Remote Access with L2TP.

[RFC 3070] Layer Two Tunneling Protocol (L2TP) over Frame Relay.

[RFC 3145] L2TP Disconnect Cause Information.

[RFC 3193] Securing L2TP using IPsec.

[RFC 3301] Layer Two Tunnelling Protocol (L2TP): ATM access network extensions.

[RFC 3308] Layer Two Tunneling Protocol (L2TP) Differentiated Services Extension.

[RFC 3355] Layer Two Tunnelling Protocol (L2TP) Over ATM Adaptation Layer 5 (AAL5).

[RFC 3371] Layer Two Tunneling Protocol "L2TP" Management Information Base.

[RFC 3437] Layer-Two Tunneling Protocol Extensions for PPP Link Control Protocol Negotiation.

[RFC 3438] Layer Two Tunneling Protocol (L2TP) Internet Assigned Numbers Authority (IANA) Considerations Update.

[RFC 3573] Signaling of Modem-On-Hold status in Layer 2 Tunneling Protocol (L2TP).

[RFC 3817] Layer 2 Tunneling Protocol (L2TP) Active Discovery Relay for PPP over Ethernet (PPPoE).

[RFC 3931] Layer Two Tunneling Protocol - Version 3 (L2TPv3).

[RFC 4045] Extensions to Support Efficient Carrying of Multicast Traffic in Layer-2 Tunneling Protocol (L2TP).

[RFC 4349] High-Level Data Link Control (HDLC) Frames over Layer 2 Tunneling Protocol, Version 3 (L2TPv3).

[RFC 4454] Asynchronous Transfer Mode (ATM) over Layer 2 Tunneling Protocol Version 3 (L2TPv3).

[RFC 6709] Design Considerations for Protocol Extensions.


Obsolete RFCs:

Description Glossary RFCs Publications Obsolete RFCs