|L2TP, Level 2 Tunneling Protocol|
|Protocol type:||Application layer tunneling protocol.|
|Related protocol:||L2F, Layer 2 Forwarding.|
l2tpext, Layer Two Tunneling Protocol Extensions.|
pppext, Point-to-Point Protocol Extensions.
PPP defines an encapsulation mechanism for transporting multiprotocol packets across layer 2 (L2) point-to-point links. Typically, a user obtains a L2 connection to a Network Access Server (NAS) using one of a number of techniques (e.g., dialup POTS, ISDN, ADSL, etc.) and then runs PPP over that connection. In such a configuration, the L2 termination point and PPP session endpoint reside on the same physical device (i.e., the NAS).
L2TP extends the PPP model by allowing the L2 and PPP endpoints to reside on different devices interconnected by a packet-switched network. With L2TP, a user has an L2 connection to an access concentrator (e.g., modem bank, ADSL DSLAM, etc.), and the concentrator then tunnels individual PPP frames to the NAS. This allows the actual processing of PPP packets to be divorced from the termination of the L2 circuit.
Level 2 tunneling protocols have seen wide use in both small and large networks. VPN services are available from providers such as IP Virtual Private Networks with AT & T, Cisco and Verizon.
|MAC header||IP header||UDP header||L2TP header||Data :::|
L2TP header, version 2:
|Tunnel ID||Session ID|
|Offset Size||Offset Pad :::|
T, Message Type.
Specifies if this is a data or control message.
L, Length present.
Control messages MUST have this bit set.
S, Sequence present.
If set, the Ns and Nr fields are present. Control messages MUST have this bit set.
O, Offset present.
If set, the Offset Size field is present. Control messages MUST have this bit cleared to zero.
If set, this data message should receive preferential treatment in its local queuing and transmission. LCP echo requests used as a keepalive for the link, for instance, should generally be sent with this bit set. Without it, a temporary interval of local congestion could result in interference with keepalive messages and unnecessary loss of the link. This feature is only for use with data messages. Control messages MUST have this bit cleared to zero.
Indicates the L2TP protocol version. The value 1 is reserved to permit detection of L2F packets should they arrive intermixed with L2TP packets. Packets received with an unknown value MUST be discarded.
Total length of the message in bytes. This field exists only if the L bit is set.
Indicates the identifier for the control connection. L2TP tunnels are named by identifiers that have local significance only. That is, the same tunnel will be given different Tunnel IDs by each end of the tunnel. Tunnel ID in each message is that of the intended recipient, not the sender. Tunnel IDs are selected and exchanged as Assigned Tunnel ID AVPs during the creation of a tunnel.
Indicates the identifier for a session within a tunnel. L2TP sessions are named by identifiers that have local significance only. That is, the same session will be given different Session IDs by each end of the session. Session ID in each message is that of the intended recipient, not the sender. Session IDs are selected and exchanged as Assigned Session ID AVPs during the creation of a session.
Ns, sequence number.
Indicates the sequence number for this data or control message, beginning at zero and incrementing by one (modulo 2**16) for each message sent.
Nr, sequence number expected.
Indicates the sequence number expected in the next control message to be received. Thus, Nr is set to the Ns of the last in-order message received plus one (modulo 2**16). In data messages, Nr is reserved and, if present (as indicated by the S bit), MUST be ignored upon receipt.
Specifies the number of bytes past the L2TP header at which the payload data is expected to start. Actual data within the offset padding is undefined. If the offset field is present, the L2TP header ends after the last byte of the offset padding. This field exists if the O bit is set.
Offset Pad. Variable length. Optional.
Data. Variable length.
AVP, Attribute Value Pair.
(RFC 2661) The variable length concatenation of a unique Attribute (represented by an integer) and a Value containing the actual value identified by the attribute. Multiple AVPs make up Control Messages which are used in the establishment, maintenance, and teardown of tunnels.
|M||H||0||AVP Length||AVP Vendor ID|
|AVP Type||AVP Value :::|
(RFC 2661) Controls the behavior required of an implementation which receives an AVP which it does not recognize. If the M bit is set on an unrecognized AVP within a message associated with a particular session, the session associated with this message MUST be terminated. If the M bit is set on an unrecognized AVP within a message associated with the overall tunnel, the entire tunnel (and all sessions within) MUST be terminated. If the M bit is not set, an unrecognized AVP MUST be ignored. The control message must then continue to be processed as if the AVP had not been present.
(RFC 2661) Identifies the hiding of data in the Attribute Value field of an AVP. This capability can be used to avoid the passing of sensitive data, such as user passwords, as cleartext in an AVP.
10 bits, 6 to 1023.
The number of bytes contained in this AVP. The length is calculated as 6 + the length of the Attribute Value field in bytes. If the length is set to 6, then the AVP Value field is absent.
AVP Vendor ID.
(RFC 2661) The IANA assigned "SMI Network Management Private Enterprise Codes" value. The value 0, corresponding to IETF adopted attribute values, is used for all AVPs defined within this document. Any vendor wishing to implement their own L2TP extensions can use their own Vendor ID along with private Attribute values, guaranteeing that they will not collide with any other vendor's extensions, nor with future IETF extensions.
AVP Type. 16 bits.
|0||Message Type.||RFC 2661|
|1||Result Code.||RFC 2661|
|2||Protocol Version.||RFC 2661|
|3||Framing Capabilities.||RFC 2661|
|4||Bearer Capabilities.||RFC 2661|
|5||Tie Breaker.||RFC 2661|
|6||Firmward Revision.||RFC 2661|
|7||Host Name.||RFC 2661|
|8||Vendor Name.||RFC 2661|
|9||Assigned Tunnel ID.||RFC 2661|
|10||Receive Window Size.||RFC 2661|
|12||Q.931 Cause Code.||RFC 2661|
|14||Assigned Session ID.||RFC 2661|
|15||Call Serial Number.||RFC 2661|
|16||Minimum BPS.||RFC 2661|
|17||Maximum BPS.||RFC 2661|
|18||Bearer Type.||RFC 2661|
|19||Framing Type.||RFC 2661|
|21||Called Number.||RFC 2661|
|22||Calling Number.||RFC 2661|
|24||Tx Connect Speed BPS.||RFC 2661|
|25||Physical Channel ID.||RFC 2661|
|26||Initial Received LCP CONFREQ.||RFC 2661|
|27||Last Sent LCP CONFREQ.||RFC 2661|
|28||Last Received LCP CONFREQ.||RFC 2661|
|29||Proxy Authen Type.||RFC 2661|
|30||Proxy Authen Name.||RFC 2661|
|31||Proxy Authen Challenge.||RFC 2661|
|32||Proxy Authen ID.||RFC 2661|
|33||Proxy Authen Response.||RFC 2661|
|34||Call Errors.||RFC 2661|
|36||Random Vector.||RFC 2661|
|37||Private Group ID.||RFC 2661|
|38||Rx Connect Speed.||RFC 2661|
|39||Sequencing Required.||RFC 2661|
|40||Rx Minimum.||RFC 3301|
|41||Rx Maximum.||RFC 3301|
|42||Service Category.||RFC 3301|
|43||Service Name.||RFC 3301|
|44||Calling Sub-Address.||RFC 3301|
|45||VPI/VCI Identifier.||RFC 3301|
|46||PPP Disconnect Cause Code.||RFC 3145|
|49||LCP Want Options.||RFC 3437|
|50||LCP Allow Options.||RFC 3437|
|51||LNS Last Sent LCP Confreq.||RFC 3437|
|52||LNS Last Received LCP Confreq.||RFC 3437|
|53||Modem On-Hold Capable.||RFC 3573|
|54||Modem On-Hold Status.||RFC 3573|
|55||PPPoE Relay.||RFC 3817|
|56||PPPoE Relay Response Capability.||RFC 3817|
|57||PPPoE Relay Forward Capability.||RFC 3817|
|58||Extended Vendor ID.||RFC 3931|
|59||Message Digest.||RFC 3931|
|60||Router ID.||RFC 3931|
|61||Assigned Control Connection ID.||RFC 3931|
|62||Pseudowire Capabilities List.||RFC 3931|
|63||Local Session ID.||RFC 3931|
|64||Remote Session ID.||RFC 3931|
|65||Assigned Cookie.||RFC 3931|
|66||Remote End ID.||RFC 3931|
|67||Application Code.||RFC 3931|
|68||Pseudowire Type.||RFC 3931|
|69||L2-Specific Sublayer.||RFC 3931|
|70||Data Sequencing.||RFC 3931|
|71||Circuit Status.||RFC 3931|
|72||Preferred Language.||RFC 3931|
|73||Control Message Authentication Nonce.||RFC 3931|
|74||Tx Connect Speed.||RFC 3931|
|75||Rx Connect Speed.||RFC 3931|
|76||Failover Capability.||RFC 4951|
|77||Tunnel Recovery.||RFC 4951|
|78||Suggested Control Sequence.||RFC 4951|
|79||Failover Session State.||RFC 4951|
|80||Multicast Capability||RFC 4045|
|81||New Outgoing Sessions.||RFC 4045|
|82||New Outgoing Sessions Acknowledgement.||RFC 4045|
|83||Withdraw Outgoing Sessions.||RFC 4045|
|84||Multicast Packets Priority.||RFC 4045|
|85||Frame-Relay Header Length.||RFC 4591|
|86||ATM Maximum Concatenated Cells.||RFC 4454|
|87||OAM Emulation Required.||RFC 4454|
|88||ATM Alarm Status.||RFC 4454|
|89||Attachment Group Identifier.||RFC 4667|
|90||Local End Identifier.||RFC 4667|
|91||Interface Maximum Transmission Unit.||RFC 4667|
|92||FCS Retention.||RFC 4720|
|93||Tunnel Switching Aggregator ID.|
|94||MRU, Maximum Receive Unit.||RFC 4623|
|95||MRRU, Maximum Reassembled Receive Unit.||RFC 4623|
|96||VCCV Capability.||RFC 5085|
|97||Connect Speed Update.||RFC 5515|
|98||Connect Speed Update Enable.||RFC 5515|
|99||TDM Pseudowire.||RFC 5611|
|101||Pseudowire Switching Point.||RFC 6073|
AVP Value. Variable length.
LAC, L2TP Access Concentrator.
(RFC 3070) A device attached to the switched network fabric (e.g., PSTN or ISDN) or co-located with a PPP end system capable of handling the L2TP protocol. The LAC need only implement the media over which L2TP is to operate to pass traffic to one or more LNS's. It may tunnel any protocol carried within PPP.
LNS, L2TP Network Server.
(RFC 3070) LNS operates on any platform capable of PPP termination. The LNS handles the server side of the L2TP protocol. L2TP is connection-oriented.
ZLB, Zero-Length Body Message.
(RFC 2661) A control packet with only an L2TP header. ZLB messages are used for explicitly acknowledging packets on the reliable control channel.
[RFC 2661] Layer Two Tunneling Protocol "L2TP".
[RFC 2809] Implementation of L2TP Compulsory Tunneling via RADIUS.
[RFC 2888] Secure Remote Access with L2TP.
[RFC 3070] Layer Two Tunneling Protocol (L2TP) over Frame Relay.
[RFC 3145] L2TP Disconnect Cause Information.
[RFC 3193] Securing L2TP using IPsec.
[RFC 3301] Layer Two Tunnelling Protocol (L2TP): ATM access network extensions.
[RFC 3308] Layer Two Tunneling Protocol (L2TP) Differentiated Services Extension.
[RFC 3355] Layer Two Tunnelling Protocol (L2TP) Over ATM Adaptation Layer 5 (AAL5).
[RFC 3371] Layer Two Tunneling Protocol "L2TP" Management Information Base.
[RFC 3437] Layer-Two Tunneling Protocol Extensions for PPP Link Control Protocol Negotiation.
[RFC 3438] Layer Two Tunneling Protocol (L2TP) Internet Assigned Numbers Authority (IANA) Considerations Update.
[RFC 3573] Signaling of Modem-On-Hold status in Layer 2 Tunneling Protocol (L2TP).
[RFC 3817] Layer 2 Tunneling Protocol (L2TP) Active Discovery Relay for PPP over Ethernet (PPPoE).
[RFC 3931] Layer Two Tunneling Protocol - Version 3 (L2TPv3).
[RFC 4045] Extensions to Support Efficient Carrying of Multicast Traffic in Layer-2 Tunneling Protocol (L2TP).
[RFC 4349] High-Level Data Link Control (HDLC) Frames over Layer 2 Tunneling Protocol, Version 3 (L2TPv3).
[RFC 4454] Asynchronous Transfer Mode (ATM) over Layer 2 Tunneling Protocol Version 3 (L2TPv3).
[RFC 6709] Design Considerations for Protocol Extensions.