L2TPV3 tunnels

L2TPv3 overview

Layer 2 Tunneling Protocol version 3 (L2TPv3) is a mechanism for the tunneling of Ethernet traffic over an IP network. For this application, the ISA functions as a resource module for the system, performing the L2TPv3 encapsulation and decapsulation functions.

L2TPv3 support for IP transport shows L2TPv3 support for the IP transport model. L2TPv3 support for IP transport — tunnel processing steps describes the tunnel processing steps in the figure.

Figure 1. L2TPv3 support for IP transport
Table 1. L2TPv3 support for IP transport — tunnel processing steps
Step number Description

1

The L2TPv3 control plane can run within either the base routing or VPRN contexts.

2

L2TPv3 encapsulated packets ingress and egress through the public interface, which can be in either the base routing or VPRN contexts.

3

L2TPv3 encapsulation and decapsulation processing is handled within the tunnel ISA.

4

Unencapsulated packets pass between the tunnel ISA and the associated service via the configured private SAP.

Control plane

The configuration of the L2TPv3 control plane is similar to that of L2TPv2. A number of the same commands are used for both, but there are new commands specific to L2TPv3. The L2TPv3-specific commands are located in a separate L2TPv3 context in both the general configuration area as well as within the group configuration context.

L2TPv3 control plane parameters can be configured at the global level within the config>router>l2tp context, which may include some L2TPv3-specific parameters. This should be used for parameters that are the same for the majority of L2TPv3 tunnels. The same parameters can be configured on a per-tunnel group basis. The tunnel group can be configured within either the base router context or a VPRN service context.

The following example displays an L2TPv3 tunnel group configured within the base routing context:

configure
        router
            l2tp
                l2tpv3
                    cookie-length 8
                    digest-type sha1
                    nonce-length 64
                    transport-type ip
                    exit
                group "base l2tpv3 left" protocol v3draft create
                    avp-hiding never
                    eth-tunnel
                        reconnect-timeout 60
                        exit
                    l2tpv3
                        pw-cap-list ethernet ethernet-vlan
                        password "AbkdpF.rY1FgcK4qAYmim sykdmwbAucq" hash2
                        exit
                    password "rhXAlJTUjuliBn8lVUf KJywztX9cKOEb/rbWUR/e4ow" hash2
                    tunnel "base l2tpv3 tunnel" create
                        local-address 172.16.0.100
                        peer 192.168.0.100
                        no shutdown
                        exit
                    no shutdown
                exit

Public SAP

The public SAP is the access interface to the L2TPv3 tunnel over which encapsulated traffic is sent to or received from the far end. The IP address bound to this SAP is on the same subnet as the local L2TPv3 tunnel endpoint.

The public SAP must be configured in the same routing context as the L2TPv3 tunnel group configuration. As shown in L2TPv3 support for IP transport, the public SAP can be associated with an IES or VPRN service to connect to the outside or public access network.

The following example displays an L2TPv3 public SAP configured within the base routing context:

configure
        service
            ies 10
                interface "l2tp-public-interface" create
                    address 172.16.0.1/24
                    sap tunnel-1.public:2 create
                    exit
                exit

Private SAP

The private SAP is the access interface to the L2TPv3 over which unencapsulated traffic is sent to or received from the far end. The public SAP must be configured within an Ethernet service, such as an Epipe, VPLS, or I-VPLS service.

The private SAP configuration includes the configuration of the following L2TPv3 session parameters:

  • VC-ID

  • PW-Type

  • L2TPv3 tunnel group association

The following example displays an L2TPv3 private SAP configured within the base routing context:

configure
        service
            vpls 100 customer 1 create
            ...
                sap tunnel-1.private:100 create
                    l2tpv3-session create
                        router 2 group "base l2tpv3 left"
                        vc-id 100
                        pw-type ethernet
                        no shutdown
                        exit
                    no shutdown
                    exit
                no shutdown
                exit