L2TPV3 tunnels
L2TPv3 overview
Layer 2 Tunneling Protocol version 3 (L2TPv3) is a mechanism for the tunneling of Ethernet traffic over an IP network. For this application, the ISA functions as a resource module for the system, performing the L2TPv3 encapsulation and decapsulation functions.
L2TPv3 support for IP transport shows L2TPv3 support for the IP transport model. L2TPv3 support for IP transport — tunnel processing steps describes the tunnel processing steps in the figure.
Step number | Description |
---|---|
1 |
The L2TPv3 control plane can run within either the base routing or VPRN contexts. |
2 |
L2TPv3 encapsulated packets ingress and egress through the public interface, which can be in either the base routing or VPRN contexts. |
3 |
L2TPv3 encapsulation and decapsulation processing is handled within the tunnel ISA. |
4 |
Unencapsulated packets pass between the tunnel ISA and the associated service via the configured private SAP. |
Control plane
The configuration of the L2TPv3 control plane is similar to that of L2TPv2. A number of the same commands are used for both, but there are new commands specific to L2TPv3. The L2TPv3-specific commands are located in a separate L2TPv3 context in both the general configuration area as well as within the group configuration context.
L2TPv3 control plane parameters can be configured at the global level within the config>router>l2tp context, which may include some L2TPv3-specific parameters. This should be used for parameters that are the same for the majority of L2TPv3 tunnels. The same parameters can be configured on a per-tunnel group basis. The tunnel group can be configured within either the base router context or a VPRN service context.
The following example displays an L2TPv3 tunnel group configured within the base routing context:
configure
router
l2tp
l2tpv3
cookie-length 8
digest-type sha1
nonce-length 64
transport-type ip
exit
group "base l2tpv3 left" protocol v3draft create
avp-hiding never
eth-tunnel
reconnect-timeout 60
exit
l2tpv3
pw-cap-list ethernet ethernet-vlan
password "AbkdpF.rY1FgcK4qAYmim sykdmwbAucq" hash2
exit
password "rhXAlJTUjuliBn8lVUf KJywztX9cKOEb/rbWUR/e4ow" hash2
tunnel "base l2tpv3 tunnel" create
local-address 172.16.0.100
peer 192.168.0.100
no shutdown
exit
no shutdown
exit
Public SAP
The public SAP is the access interface to the L2TPv3 tunnel over which encapsulated traffic is sent to or received from the far end. The IP address bound to this SAP is on the same subnet as the local L2TPv3 tunnel endpoint.
The public SAP must be configured in the same routing context as the L2TPv3 tunnel group configuration. As shown in L2TPv3 support for IP transport, the public SAP can be associated with an IES or VPRN service to connect to the outside or public access network.
The following example displays an L2TPv3 public SAP configured within the base routing context:
configure
service
ies 10
interface "l2tp-public-interface" create
address 172.16.0.1/24
sap tunnel-1.public:2 create
exit
exit
Private SAP
The private SAP is the access interface to the L2TPv3 over which unencapsulated traffic is sent to or received from the far end. The public SAP must be configured within an Ethernet service, such as an Epipe, VPLS, or I-VPLS service.
The private SAP configuration includes the configuration of the following L2TPv3 session parameters:
VC-ID
PW-Type
L2TPv3 tunnel group association
The following example displays an L2TPv3 private SAP configured within the base routing context:
configure
service
vpls 100 customer 1 create
...
sap tunnel-1.private:100 create
l2tpv3-session create
router 2 group "base l2tpv3 left"
vc-id 100
pw-type ethernet
no shutdown
exit
no shutdown
exit
no shutdown
exit