Category list

Configuring L2TPv3 Tunnels for Layer 2 VPN

The configuration steps involved in the implementation of L2TPv3 on Cisco routers is outlined in Figure 10-4. All steps in the configurations outlined here are performed on the routers in the provider network that connect to the customer network using either Ethernet, serial, ATM, or POS interfaces. To implement L2TPv3, there is no configuration requirement on either the CE routers or the provider core routers. All configurations are performed only on the PE routers, that is, the routers containing the tunnel endpoints for the L2TPv3 tunnel.

Figure 10-4. L2TPv3 Configuration Flowchart

The optional L2TP Class configuration creates a template of L2TP control channel parameters that can be used by different pseudowire classes. If configured, the same L2TP class must be invoked by the pseudowire classes used on the endpoints of the tunnel.

The pseudowire class configuration creates a configuration template for the pseudowire. The pseudowire class configuration is used as a template for session level information for L2TPv3 sessions. This information is used to transport Layer 2 circuit traffic over the pseudowire. The pseudowire configuration specifies the characteristics of the L2TPv3 signaling mechanism, including the data encapsulation type, the control protocol, sequencing, fragmentation, payload-specific options, and IP information. The configuration of manual sessions versus dynamic sessions is also performed in the pseudowire class configuration. The source IP address of the Layer 2 tunnel is also specified in this configuration and is usually a loopback interface.

Binding the interface that is part of the L2TPv3 tunnel to the pseudowire template and the L2TP class is the final step in the L2TPv3 tunnel configuration. The virtual circuit identifier that you configure creates the binding between a pseudowire configured on a PE router and an attachment circuit, and the virtual circuit identifier configured on the PE router at one end of the L2TPv3 control channel must also be configured on the peer PE router at the other end.

In addition to the just mentioned steps, if the PE routers are GSR 12000 series routers, a line card will need to be configured as a tunnel server card. The configuration of a line card on the GSR series as a tunnel server card is outlined in Figure 10-5.

Figure 10-5. L2TPv3—Configuring Line Card as Tunnel Server

Configuring L2TPv3 Static Tunnels

In this section, you will be provided with the configuration procedure for manual or static L2TPv3 tunnels in the network topology shown in Figure 10-6. Figure 10-6 shows an SP network with two PE routers, PE1-AS1 and PE2-AS1, connected to Customer A Routers CE1-A and CE2-A, respectively. The devices used in the test setup are GSR 12000 series routers for the provider cloud devices (PE1-AS1, PE2-AS1, and P1-AS1) and 7200 series routers for the CE devices. The GSRs were chosen for the provider cloud devices to depict tunnel server card configuration that does not apply to other platforms that support L2TPv3 functionality (7200s, 7500s, and 10700 routers).

Figure 10-6. L2TPv3—Static Tunnels Topology and Base Configuration

For the GSR 12000 series routers functioning as PE1-AS1 and PE2-AS1 in the network topology, Slot 3 contains an OC48 POS line card that functions as the tunnel server card for the L2TPv3 tunnel. Therefore, all configurations pertaining to implementing a line card on a Cisco 12000 series router as the tunnel server card will be performed with perspective to Slot 3 on Routers PE1-AS1 and PE2-AS1. The following steps outline the configuration process to implement the L2TPv3 tunnel. The basic configuration for all devices in the setup prior to L2TPv3 tunnel configuration is also shown in Figure 10-6. The L2TPv3 specific configuration is illustrated in the following steps:

Step 1.	Configure the L2TP class on each PE router. The L2TP class implements a template for control channel parameters that can be applied to different pseudowire classes on the router. For simplicity, the L2TP class is configured with a name "manual" and cookie size of 4 bytes, as shown in Example 10-1. Example 10-1. Configuration of L2TP Class Parameters PE1-AS1(config)# l2tp-class manual PE1-AS1(config-l2tp-class)# cookie size 4 ________________________________________________________________ PE2-AS1(config)# l2tp-class manual PE2-AS1(config-l2tp-class)# cookie size 4
Step 2.	Configure the pseudowire class to define the session level parameters of the L2TPv3 sessions. For simplicity, the only configurations performed under the pseudowire class are the configurations of the encapsulation protocol ( l2tpv3 ) and the local interface that will be used as the source of the tunnel. In addition, because static endpoints will be configured with the L2TPv3 tunnel, disable the use of any IP protocol for signaling (the default being the use of L2TPv3 for dynamic session establishment), as shown in Example 10-2. Example 10-2. Pseudowire Class Configuration PE1-AS1(config)# pseudowire-class manual PE1-AS1(config-pw-class)# encapsulation l2tpv3 PE1-AS1 (config-pw-class)# protocol none PE1-AS1 (config-pw-class)# ip local interface Loopback0 ________________________________________________________________ PE2-AS1(config)# pseudowire-class manual PE2-AS1(config-pw-class)# encapsulation l2tpv3 PE2-AS1 (config-pw-class)# protocol none PE2-AS1 (config-pw-class)# ip local interface Loopback0
Step 3.	The next step is to associate the interface that will be a part of the tunnel with the parameters of the pseudowire. In addition, configurations need to be performed for the local and remote session IDs and the cookie values. In the configurations, a VC ID of 1 with a local session, remote session value of 1, and the cookie values of 1 are used. The configuration is shown in Example 10-3. Example 10-3. Attachment Circuit Configuration PE1-AS1(config)# interface pos 0/0 PE1-AS1(config-if)# xconnect 10.10.10.102 1 encapsulation l2tpv3 manual pw-class manual PE1-AS1(config-if-xconn)# l2tp id 1 1 PE1-AS1(config-if-xconn)# l2tp cookie local 4 1 PE1-AS1(config-if-xconn)# l2tp cookie remote 4 1 ________________________________________________________________ PE2-AS1(config)# interface pos 0/0 PE2-AS1(config-if)# xconnect 10.10.10.101 1 encapsulation l2tpv3 manual pw-class manual PE2-AS1(config-if-xconn)# l2tp id 1 1 PE2-AS1(config-if-xconn)# l2tp cookie local 4 1 PE2-AS1(config-if-xconn)# l2tp cookie remote 4 1
Step 4.	This step applies only to Cisco GSR 12000 series routers. Configure the appropriate line card and slot on the GSR 12000 series router as the tunnel server card for processing L2TPv3 tunneled packets on the chassis. In our network, the configuration is performed on Routers PE1-AS1 and PE2-AS1 where the L2TPv3 tunnels are originated and terminated . This is shown in Example 10-4. Example 10-4. Tunnel Server Card Configuration PE1-AS1(config)# interface POS3/0 PE1-AS1(config-if)# ip unnumbered Loopback0 PE1-AS1(config-if)# loopback internal PE1-AS1(config)# hw-module slot 3 mode server ________________________________________________________________ PE2-AS1(config)# interface POS3/0 PE2-AS1(config-if)# ip unnumbered Loopback0 PE2-AS1(config-if)# loopback internal PE2-AS1(config)# hw-module slot 3 mode server

Verification of Static L2TPv3 Tunnel Operation

The following verification steps are performed on the PE routers to validate L2TPv3 tunnel and Layer 2 VPN operation:

Step 1.

Verify if the state of the tunnel is established, as shown in Example 10-5 in the output of the show l2tun tunnel all and show l2tun session all commands.

Example 10-5. L2TPv3 Tunnel State Verification

PE1-AS1#

show l2tun tunnel all

Tunnel Information Total tunnels 1 sessions 1



Tunnel id 31529 is up, remote id is 56005, 0 active sessions

Tunnel state is established

, time since change 00:30:56

  Tunnel transport is IP (115)

Remote tunnel name is PE2


Internet Address 10.10.10.102, port 0


Local tunnel name is PE1


Internet Address 10.10.10.101, port 0

Tunnel domain is

  VPDN group for tunnel is -

  L2TP class for tunnel is manual

  0 packets sent, 0 received

  0 bytes sent, 0 received

  Control Ns 31, Nr 31

  Local RWS 8192 (default), Remote RWS 8192 (max)

  Tunnel PMTU checking disabled

  Retransmission time 1, max 1 seconds

  Unsent queuesize 0, max 0

  Resend queuesize 0, max 1

  Total resends 0, ZLB ACKs sent 30

  Current nosession queue check 0 of 5

  Retransmit time distribution: 0 0 0 0 0 0 0 0 0

  Sessions disconnected due to lack of resources 0

PE1-AS1#

show l2tun session all

Session Information Total tunnels 1 sessions 1

Session id 1 is up,

tunnel id 31529

Call serial number is 0

Remote tunnel name is PE2-AS1


Internet address is 10.10.10.102


Session is manually signalled


Session state is established,

time since change 00:24:21

    197 Packets sent, 173 received

    18252 Bytes sent, 11252 received

    Receive packets dropped:

      out-of-order:             0

      total:                    0

    Send packets dropped:

      exceeded session MTU:     0

      total:                    0

Session vcid is 1

Session Layer 2 circuit, type is HDLC, name is POS0/0

Circuit state is UP


Remote session id is 1,

remote tunnel id 56005

  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255

  Session cookie information:

local cookie, size 4 bytes, value 00 00 00 01


remote cookie, size 4 bytes, value 00 00 00 01

SSS switching enabled

  Sequencing is off

Step 2.

Perform a ping from one CE router interface to the other CE router interface across the L2VPN tunnel. If all configurations have been performed correctly, connectivity is established between the CE routers and the customer sites, as shown in Example 10-6.

Example 10-6. Verify IP Connectivity Between CE Routers

CE1-A#

ping 172.16.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms