L2TP V3 is an IETF standard used for transporting different types of layer 2 frames in an IP network (and profile). L2TP V3 defines control and encapsulation protocols for tunneling layer 2 frames between two IP nodes.
Use L2TP V3 to create tunnels for transporting layer 2 frames. L2TP V3 enables controllers, service platforms and access points to create tunnels for transporting Ethernet frames to and from bridge VLANs and physical ports. L2TP V3 tunnels can be defined between WiNG managed devices and other vendor devices supporting the L2TP V3 protocol.
Multiple pseudowires can be created within an L2TP V3 tunnel. access points support an Ethernet VLAN pseudowire type exclusively.
Note
A pseudowire is an emulation of a layer 2 point-to-point connection over a packet-switching network (PSN). A pseudowire was developed out of the necessity to encapsulate and tunnel layer 2 protocols across a layer 3 network.Ethernet VLAN pseudowires transport Ethernet frames to and from a specified VLAN. One or more L2TP V3 tunnels can be defined between tunnel end points. Each tunnel can have one or more L2TP V3 sessions. Each tunnel session corresponds to one pseudowire. An L2TP V3 control connection (a L2TP V3 tunnel) needs to be established between the tunneling entities before creating a session.
For optimal pseudowire operation, both the L2TP V3 session originator and responder need to know the psuedowire type and identifier. These two parameters are communicated during L2TP V3 session establishment. An L2TP V3 session created within an L2TP V3 connection also specifies multiplexing parameters for identifying a pseudowire type and ID.
The working status of a pseudowire is reflected by the state of the L2TP V3 session. If a L2TP V3 session is down, the pseudowire associated with it must be shut down. The L2TP V3 control connection keep-alive mechanism can serve as a monitoring mechanism for the pseudowires associated with a control connection.
Note
If connecting an Ethernet port to another Ethernet port, the pseudowire type must be Ethernet port, if connecting an Ethernet VLAN to another Ethernet VLAN, the pseudowire type must be Ethernet VLAN.To define an L2TPV3 configuration for an access point profile:
| Host Name | Define a 64 character maximum hostname to specify the name of the host that‘s sent tunnel messages. Tunnel establishment involves exchanging 3 message types (SCCRQ, SCCRP and SCCN) with the peer. Tunnel IDs and capabilities are exchanged during the tunnel establishment with the host. |
| Router ID | Set either the numeric IP address or the integer used as an identifier for tunnel AVP messages. AVP messages assist in the identification of a tunnelled peer. |
| UDP Listen Port | Select this option to set the port used for listening to incoming traffic. Select a port from 1,024 - 65,535. The default port is 1701. |
| Tunnel Bridging | Select this option to enable or disable bridge packets between two tunnel end points. This setting is disabled by default. |
| Enable Logging | Select this option to enable the logging of Ethernet frame events to and from bridge VLANs and physical ports on a defined IP address, host or router ID. This setting is disabled by default. |
| IP Address | Optionally use a peer tunnel ID address to capture and log L2TPv3 events. |
| Hostname | If not using an IP address for event logging, optionally use a peer tunnel hostname to capture and log L2TPv3 events. |
| Router ID | If not using an IP address or a hostname for event logging, use a router ID to capture and log L2TPv3 events. |
| Name | Displays the name of each listed L2TPv3 tunnel assigned upon creation. |
| Local IP Address | Lists the IP address assigned as the local tunnel end point address, not the interface IP address. This IP is used as the tunnel source IP address. If this parameter is not specified, the source IP address is chosen automatically based on the tunnel peer IP address. |
| MTU | Displays the maximum transmission unit (MTU) size for each listed tunnel. The MTU is the size (in bytes) of the largest protocol data unit that the layer can pass between tunnel peers. |
| Use Tunnel Policy | Lists the L2TPv3 tunnel policy assigned to each listed tunnel. |
| Local Hostname | Lists the tunnel specific hostname used by each listed tunnel. This is the hostname advertised in tunnel establishment messages. |
| Local Router ID | Specifies the router ID sent in the tunnel establishment messages. |
| Establishment Criteria | Specifies tunnel criteria between two peers. |
| Critical Resource | Specifies the critical resource that should exist for a tunnel between two peers to be created and maintained. Critical resources are device IP addresses or interface destinations interpreted as critical to the health of the network. The critical resource feature allows for the continuous monitoring of these defined addresses. A critical resource, if not available, can result in the network suffering performance degradation. |
| Peer IP Address | Lists the IP address of the remote peer. |
| Host Name | Lists the tunnel specific hostname used by the remote peer. |
| Name | Enter a 31 character maximum session name. There is no idle timeout for a tunnel. A tunnel is not usable without a session and a subsequent session name.The tunnel is closed when the last session tunnel session is closed. |
| Pseudowire ID | Define a psuedowire ID for this session. A pseudowire is an emulation of a layer 2 point-to-point connection over a packet-switching network (PSN). A pseudowire was developed out of the necessity to encapsulate and tunnel layer 2 protocols across a layer 3 network. |
| Traffic Source Type | Lists the type of traffic tunnelled in this session (VLAN etc.). |
| Traffic Source Value | Define a VLAN range to include in the tunnel session. Available VLAN ranges are from 1 - 4,094. |
| Native VLAN | Select this option to provide a VLAN ID that will not be tagged in tunnel establishment and packet transfer. |
| Local IP Address | Enter the IP address assigned as the local tunnel end point address, not the interface IP address. This IP is used as the tunnel source IP address. If this parameter is not specified, the source IP address is chosen automatically based on the tunnel peer IP address. This parameter is applicable when establishing the tunnel and responding to incoming tunnel create requests. |
| MTU | Set the maximum transmission unit (MTU). The MTU is the size (in bytes) of the largest protocol data unit the layer can pass between tunnel peers. Define a MTU between 128 - 1,460 bytes. The default setting is 1,460. A larger MTU means processing fewer packets for the same amount of data. |
| Use Tunnel Policy | Select the L2TPv3 tunnel policy. The policy consists of user defined values for protocol specific parameters which can be used with different tunnels. If none is available a new policy can be created or an existing one can be modified. For more information, refer to L2TP V3 Configuration. |
| Local Hostname | Provide the tunnel specific hostname used by this tunnel. This is the hostname advertised in tunnel establishment messages. |
| Local Router ID | Specify the router ID sent in tunnel establishment messages with a potential peer device. |
| Establishment Criteria | Configure establishment criteria for creating a tunnel
between the device and the NOC. This criteria ensures only
one tunnel is created between two sites where the tunnel is
established between the vrrp-master/cluster master/rfdomain
manager at the remote site and the controller at the NOC.
The tunnel is created based on the role of the remote peer.
|
| VRRP Group | This field is enabled only when the Establishment Criteria is set to vrrpmaster. Use the spinner to select the VRRP group. |
| Critical Resource | Enter the critical resources required for creating and maintaining a L2TPV3 tunnel. A tunnel is only established when all critical resources for the tunnel to be operational are available at the time when the tunnel is created. If any one of the listed critical resources goes down, the tunnel is disabled. When a tunnel is established, the listed critical resources are checked for availability. Tunnel establishment is started if the critical resources are available. Similarly, for incoming tunnel termination requests, listed critical resources are checked and tunnel terminations are only allowed when the critical resources are available. For more information on managing critical resources, see Profile Critical Resources. |
| Session Name | Use the drop-down menu to select the tunnel session that will have the direction, burst size and traffic rate settings applied. |
| Direction | Select the direction for L2TPv3 tunnel traffic rate limiting. Egress traffic is outbound L2TPv3 tunnel data coming to the controller, service platform or access point. Ingress traffic is inbound L2TPv3 tunnel data coming to the controller, service platform or access point. |
| Max Burst Size | Set the maximum burst size for egress or ingress traffic rate limiting (depending on which direction is selected) on a L2TPv3 tunnel. Set a maximum burst size between 2 - 1024 kbytes. The smaller the burst, the less likely the upstream packet transmission will result in congestion for L2TPv3 tunnel traffic. The default setting is 320 bytes. |
| Rate | Set the data rate (from 50 - 1,000,000 kbps) for egress or ingress traffic rate limiting (depending on which direction is selected) for an L2TPv3 tunnel. The default setting is 5000 kbps. |
| Background | Set the random early detection threshold in % for background traffic. Set a value from 1 - 100%. The default is 50%. |
| Best-Effort | Set the random early detection threshold in % for best-effort traffic. Set a value from 1 - 100%. The default is 50%. |
| Video | Set the random early detection threshold in % for video traffic. Set a value from 1 - 100%. The default is 25%. |
| Voice | Set the random early detection threshold in % for voice traffic. Set a value from 1 - 100%. The default is 25%. |
| Peer ID | Define the primary peer ID used to set the primary and secondary peer for tunnel fail over. If the peer is not specified, tunnel establishment does not occur. However, if a peer tries to establish a tunnel with this access point, it creates the tunnel if the hostname and/or Router ID matches. |
| Router ID | Specify the router ID sent in tunnel establishment messages with this specific peer. |
| Hostname | Assign the peer a hostname that can be used as matching criteria in the tunnel establishment process. |
| Encapsulation | Select either IP or UDP as the peer encapsulation protocol. The default setting is IP. UDP uses a simple transmission model without implicit handshakes. |
| Peer IP Address | Select this option to enter the numeric IP address used as the destination peer address for tunnel establishment. |
| UDP Port | If UDP encapsulation is selected, use the spinner control to define the UDP encapsulation port. |
| IPSec Secure | Enable this option to enable security on the connection between the access point and the Virtual Controller. |
| IPSec Gateway | Specify the IP Address of the IPSec Secure Gateway. |
| Enable | When enabled, the device starts sending tunnel requests on both peers, and in turn, establishes the tunnel on both peers. If disabled, tunnel establishment only occurs on one peer, with failover and other functionality the same as legacy behavior. If fast failover is enabled after establishing a single tunnel the establishment is restarted with two peers. One tunnel is defined as active and the other as standby. Both tunnels perform connection health checkups with individual hello intervals. This setting is disabled by default. |
| Enable Aggressive Mode | When enabled, tunnel initiation hello requests are set to zero. For failure detections, hello attempts are not retried, regardless of defined retry attempts. This setting is disabled by default. |
| IP Address | Lists the IP address assigned as the local tunnel end point address, not the interface IP address. This IP is used as the tunnel source IP address. If this parameter is not specified, the source IP address is chosen automatically based on the tunnel peer IP address. This parameter is applicable when establishing the session and responding to incoming requests. |
| Local Session ID | Displays the numeric identifier assigned to each listed tunnel session. This is the pseudowire ID for the session. This pseudowire ID is sent in a session establishment message to the L2TP peer. |
| MTU | Displays each sessions's maximum transmission unit (MTU). The MTU is the size (in bytes) of the largest protocol data unit the layer can pass between tunnel peers in this session. A larger MTU means processing fewer packets for the same amount of data. |
| Name | Lists the name assigned to each listed manual session. |
| Remote Session ID | Lists the remote session ID passed in the establishment of the tunnel, used a a unique identifier for this tunnel session. |
| Name | Define a 31 character maximum name for this tunnel session. Each session name represents a single data stream. |
| IP Address | Specify the IP address used as a tunnel source IP address. If not specified, the tunnel source IP address is selected automatically based on the tunnel peer IP address. This address is applicable only for initiating the tunnel. When responding to incoming tunnel create requests, the tunnel would use the IP address received in the tunnel create request. |
| IP | Set the IP address of an L2TP tunnel peer. This is the peer allowed to establish the tunnel. |
| Local Session ID | Set the numeric identifier for the tunnel session. This is the pseudowire ID for the session. This pseudowire ID is sent in session establishment message to the L2TP peer. |
| MTU | Define the session maximum transmission unit (MTU) as the size (in bytes) of the largest protocol data unit the layer can pass between tunnel peers in this session. A larger MTU means processing fewer packets for the same amount of data. |
| Remote Session ID | Use the spinner control to set the remote session ID passed in the establishment of the tunnel session. Assign an ID from 1 - 4,294,967,295. |
| Encapsulation | Select either IP or UDP as the peer encapsulation protocol. The default setting is IP. UDP uses a simple transmission model without implicit handshakes. |
| UDP Port | If UDP encapsulation is selected, use the spinner control to define the UDP encapsulation port. This is the port where the L2TP service is running. |
| Source Type | Select a VLAN as the virtual interface source type. |
| Source Value | Define the Source Value range (1 - 4,094) to include in the tunnel. Tunnel session data includes VLAN tagged frames. |
| Native VLAN | Select this option to define the native VLAN that will not be tagged. |
| Cookie Size | Set the size of the cookie field within each L2TP data packet. Options include 0, 4 and 8. The default setting is 0. |
| Value 1 | Set the cookie value first word. |
| Value 2 | Set the cookie value second word. |
| End Point | Define whether the tunnel end point is local or remote. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB