Layer 2 tunneling protocol
| application | L2TP | ||||
| transport | UDP | ||||
| Internet | IP ( IPv4 , IPv6 ) | ||||
| Network access | Ethernet |
Token bus |
Token ring |
FDDI | ... |
Layer 2 Tunneling Protocol ( L2TP ) is a network protocol , the frames of protocols of the link layer (layer 2) of the OSI model by routers between two networks over an IP network tunnels . L2TP routers and the IP connections between them appear as L2 switches .
For this purpose, frames are packed into an L2TP data message in a local network by an L2TP access concentrator (LAC) - usually a router with the appropriate L2TP protocol functionality - and sent via an IP network to an L2TP network server (LNS) in the target network . This unpacks the message and sends the content as an OSI Layer 2 frame to the network there.
L2TP is a tunnel solution that combines the advantages of PPTP (Point-to-Point Tunneling Protocol) and L2F (Layer 2 Forwarding) . With the help of a tunnel ID in the L2TP header, several tunnels next to each other are possible, as is the use of NAT (Network Address Translation) .
As authentication methods L2TP provides the procedures CHAP (Challenge Handshake Authentication Protocol) and PAP (Password Authentication Protocol) to. An encryption is not directly in L2TP. This must be taken over by other protocols if necessary. L2TP is therefore often used in combination with IPsec . ( RFC 3193 - "Securing L2TP using IPSec")
L2TP version 2
Layer 2 tunneling protocol version 2 has been developed for tunneling PPP frames. Frames from other protocols cannot be transmitted. Tunneling takes place via UDP or other packet-based networks ( Frame Relay or ATM ).
L2TPv2 is a proposed standard according to IETF (Internet Engineering Task Force) and is defined in the RFC as RFC 2661 .
L2TP version 3
Layer 2 tunneling protocol version 3 is a further development of L2TP, which represents an alternative to the MPLS protocol for the encapsulation of different protocols on level 2 of the OSI model . It works like L2TPv2 over UDP or other PSNs (Packet Switched Networks), but can also use IP directly . In addition, other protocols of the data link layer can be tunneled instead of PPP.
The specifications are defined in RFC 3931 .
L2TPv3 can be viewed as a stripped down version of MPLS. A feature that is not built in is e.g. B. the traffic engineering . However, features could easily be added in future products.
Header formats
| L2TP structure | |
| Tunneled frame | L2TP control message |
| L2TP data header | L2TP control header |
| L2TP data channel (unreliable) |
L2TP control channel (reliable) |
| Packet-switched network ( UDP , Frame Relay , ATM , MPLS , IP (with v3) etc.) | |
Fields in the L2TP header:
- T = Message Type. This field defines whether it is a control message (value 1) or data (value 0).
- L = length. Control messages must have this bit set.
- S = sequence. If this bit is set, the fields Ns and Nr are visible. Control messages must have this bit set.
- O = offset. When this bit is set, the Offset Size field is visible. Control messages must have this bit set to zero.
- P = priority. Control messages must have this bit set to zero.
- Version. Describes which L2TP protocol is used (version 2 = 2). Packets with an unknown value must be discarded.
- Length is optional (exists if L is set). The total length of the message in bytes .
- Tunnel ID.
- Session ID.
- Ns = sequence number (exists if S is set).
- Nr = sequence number expected (exists if S is set).
- Offset Size (offset size, exists if O is set).
- Offset pads (offset pads) optionally have a variable length.
- Data (variable length).
Fields in the AVP (Attribute Value Pair):
- M = mandatory
- H = hidden
- AVP Length (values 6 to 1023). Specifies how many bytes the AVP contains.
- AVP Vendor ID. The IANA assigns values to the "SMI Network Management Private Enterprise Codes" ( RFC 1700 ).
- AVP type is 16 bits.
L2TPv2 header
| L2TPv2 header | |||||||||||||||||||||||||||||||
| 0 | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 | 28 | 29 | 30th | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| T | L. | 0 | S. | 0 | O | P | 0 | version | Length | ||||||||||||||||||||||
| Tunnel ID (tunnel identifier) |
Session ID (session identifier) |
||||||||||||||||||||||||||||||
| Ns (sequence number) |
No (sequence number expected) |
||||||||||||||||||||||||||||||
| Offset Size (offset size) |
Pad offset (offset Edition) |
||||||||||||||||||||||||||||||
| Data (data) |
|||||||||||||||||||||||||||||||
Attribute value pair with version 2
| AVP for version 2 | |||||||||||||||||||||||||||||||
| 0 | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 | 28 | 29 | 30th | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| M. | H | 0 | AVP Length | AVP Vendor ID | |||||||||||||||||||||||||||
| AVP Attribute Type | AVP Attribute Value ... | ||||||||||||||||||||||||||||||
L2TPv3 header
| L2TPv3 control message header | |||||||||||||||||||||||||||||||
| 0 | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 | 28 | 29 | 30th | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| T | L. | 0 | S. | 0 | O | P | 0 | version | Length | ||||||||||||||||||||||
| Control Connection ID (control connection identifier) |
|||||||||||||||||||||||||||||||
| Ns (sequence number) |
No (sequence number expected) |
||||||||||||||||||||||||||||||
| L2TPv3 session header | |||||||||||||||||||||||||||||||
| 0 | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 | 28 | 29 | 30th | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| T | L. | 0 | S. | 0 | O | P | 0 | version | Length | ||||||||||||||||||||||
| Session ID (session identifier) |
|||||||||||||||||||||||||||||||
Tunnel ID and session ID from version 2 (16 bits each) are replaced by a 32-bit session ID and control connection ID.
Attribute value pair with version 3
| AVP for version 3 | |||||||||||||||||||||||||||||||
| 0 | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 | 28 | 29 | 30th | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| M. | H | 0 | AVP Length | AVP Vendor ID | |||||||||||||||||||||||||||
| AVP Attribute Type | AVP Attribute Value ... | ||||||||||||||||||||||||||||||
| until Length is reached ... | |||||||||||||||||||||||||||||||
| AVP version 3 with extended vendor ID |
|||||||||||||||||||||||||||||||
| 0 | 1 | 2 | 3 | 4th | 5 | 6th | 7th | 8th | 9 | 10 | 11 | 12 | 13 | 14th | 15th | 16 | 17th | 18th | 19th | 20th | 21st | 22nd | 23 | 24 | 25th | 26th | 27 | 28 | 29 | 30th | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| M. | H | 0 | AVP Length | 0 | |||||||||||||||||||||||||||
| 58 | 32-bit AVP Vendor ID | ||||||||||||||||||||||||||||||
| AVP Attribute Type | |||||||||||||||||||||||||||||||
| AVP Attribute Value | |||||||||||||||||||||||||||||||
| until Length is reached ... | |||||||||||||||||||||||||||||||
The set value 58 defines that the extended AVP Vendor ID is used.
Attribute value pair type
| Type | description | reference |
|---|---|---|
| 0 | Message Type | RFC 2661 |
| 1 | Result Code | RFC 2661 |
| 2 | Protocol version | RFC 2661 |
| 3 | Framing capabilities | RFC 2661 |
| 4th | Bearer capabilities | RFC 2661 |
| 5 | Tie breaker | RFC 2661 |
| 6th | Firmware revision | RFC 2661 |
| 7th | Host name | RFC 2661 |
| 8th | Vendor name | RFC 2661 |
| 9 | Assigned tunnel ID | RFC 2661 |
| 10 | Receive window size | RFC 2661 |
| 11 | Challenge | RFC 2661 |
| 12 | Q.931 cause code | RFC 2661 |
| 13 | Response | RFC 2661 |
| 14th | Assigned session ID | RFC 2661 |
| 15th | Call Serial Number | RFC 2661 |
| 16 | Minimum BPS | RFC 2661 |
| 17th | Maximum BPS | RFC 2661 |
| 18th | Bearer type | RFC 2661 |
| 19th | Framing Type | RFC 2661 |
| 20th | ||
| 21st | Called Number | RFC 2661 |
| 22nd | Calling number | RFC 2661 |
| 23 | Sub-Address | RFC 2661 |
| 24 | Tx Connect Speed BPS | RFC 2661 |
| 25th | Physical Channel ID | RFC 2661 |
| 26th | Initial Received LCP CONFREQ | RFC 2661 |
| 27 | Last Sent LCP CONFREQ | RFC 2661 |
| 28 | Last Received LCP CONFREQ | RFC 2661 |
| 29 | Proxy Authen Type | RFC 2661 |
| 30th | Proxy Authen Name | RFC 2661 |
| 31 | Proxy Authen Challenge | RFC 2661 |
| 32 | Proxy Authen ID | RFC 2661 |
| 33 | Proxy Authen Response | RFC 2661 |
| 34 | Call Errors | RFC 2661 |
| 35 | ACCM | RFC 2661 |
| 36 | Random Vector | RFC 2661 |
| 37 | Private Group ID | RFC 2661 |
| 38 | Rx Connect Speed | RFC 2661 |
| 39 | Sequencing Required | RFC 2661 |
| 40 | Rx minimum | RFC 3301 |
| 41 | Rx maximum | RFC 3301 |
| 42 | Service Category | RFC 3301 |
| 43 | Service name | RFC 3301 |
| 44 | Calling sub-address | RFC 3301 |
| 45 | VPI / VCI identifier | RFC 3301 |
| 46 | PPP Disconnect Cause Code | RFC 3145 |
| 47 | CCDS | RFC 3308 |
| 48 | SDS | RFC 3308 |
| 49 | LCP Want Options | RFC 3437 |
| 50 | LCP Allow Options | RFC 3437 |
| 51 | LNS Last Sent LCP Confreq | RFC 3437 |
| 52 | LNS Last Received LCP Confreq | RFC 3437 |
| 53 | Modem On-Hold Capable | RFC 3573 |
| 54 | Modem on-hold status | RFC 3573 |
| 55 | PPPoE relay | RFC 3817 |
| 56 | PPPoE Relay Response Capability | RFC 3817 |
| 57 | PPPoE Relay Forward Capability | RFC 3817 |
| 58 | Extended Vendor ID | |
| 59 | Message digest | |
| 60 | Router ID | |
| 61 | Assigned Control Connection ID | |
| 62 | Pseudowire Capabilities List | |
| 63 | Local session ID | |
| 64 | Remote session ID | |
| 65 | Assigned cookie | |
| 66 | Remote End ID | |
| 67 | Application code | |
| 68 | Pseudowire type | |
| 69 | L2-specific sublayers | |
| 70 | Data sequencing | |
| 71 | Circuit status | |
| 72 | Preferred Language | |
| 73 | Control Message Authentication Nonce | |
| 74 | Tx Connect Speed | |
| 75 | Rx Connect Speed | |
| 76 | Failover capability | |
| 77 | Tunnel recovery | |
| 78 | Suggested Control Sequence | |
| 79 | Failover session state | |
| 80 | Multicast capability | RFC 4045 |
| 81 | New outgoing sessions | RFC 4045 |
| 82 | New Outgoing Sessions Acknowledgment | RFC 4045 |
| 83 | Withdraw Outgoing Sessions | RFC 4045 |
| 84 | Multicast Packets Priority | RFC 4045 |
RFCs for L2TP
- RFC 2661 Layer Two Tunneling Protocol "L2TP". Defines L2TP version 2.
- RFC 2809 Implementation of L2TP Compulsory Tunneling via RADIUS .
- RFC 2888 Secure Remote Access with L2TP.
- RFC 3070 Layer Two Tunneling Protocol (L2TP) over Frame Relay.
- RFC 3145 L2TP Disconnect Cause Information.
- RFC 3193 Securing L2TP using IPsec.
- RFC 3301 Layer Two Tunneling Protocol (L2TP): ATM access network extensions.
- RFC 3308 Layer Two Tunneling Protocol (L2TP) Differentiated Services Extension.
- RFC 3355 Layer Two Tunneling Protocol (L2TP) Over ATM Adaptation Layer 5 (AAL5).
- RFC 3371 Layer Two Tunneling Protocol "L2TP" Management Information Base.
- RFC 3437 Layer-Two Tunneling Protocol Extensions for PPP Link Control Protocol Negotiation.
- RFC 3438 Layer Two Tunneling Protocol (L2TP) Internet Assigned Numbers Authority (IANA) Considerations Update.
- RFC 3573 Signaling of Modem-On-Hold status in Layer 2 Tunneling Protocol (L2TP).
- RFC 3817 Layer 2 Tunneling Protocol (L2TP) Active Discovery Relay for PPP over Ethernet (PPPoE).
- RFC 3931 Layer Two Tunneling Protocol - Version 3 (L2TPv3). Defines L2TP version 3.
- RFC 4045 Extensions to Support Efficient Carrying of Multicast Traffic in Layer-2 Tunneling Protocol (L2TP).
Web links
- Overview of L2TP (PDF file; 110 kB)