L2TPv3 is the successor to the Cisco proprietary implementation of universal tunnel interface (UTI) for Layer 2 tunneling and implementation of Layer 2 VPNs. L2TPv3 accounts for signaling capabilities that were not implemented in the initial UTI implementations. In addition, L2TPv3 is a standardized implementation, depicted in the L2TPv3 draft draft-ietf-l2tpext-l2tp-base-xx, that defines the control protocol as well as the encapsulation procedures for tunneling multiple Layer 2 connections between two IP connected nodes. This extension to L2TP provides the capabilities to tunnel Layer 2 payloads over L2TP. L2TPv3 provides a scalable solution to deploy multiple Layer 2 VPNs over existing IP infrastructure and is emerging as the core tunneling technology for next generation IP core networks. With inherent ease of migration from existing UTI tunnels to L2TPv3, service providers implementing Layer 2 VPN services with UTI have migrated to L2TPv3 as the protocol of choice for implementing transparent Layer 2 services.
Operation of L2TPv3
If two routers, PE1-AS1 and PE2-AS1, are already connected through an IP network as illustrated in Figure 10-1, L2TPv3 can be used to provide Layer 2 VPN services between interfaces connecting to routers PE1-AS1 and PE2-AS1 that belong to Customer A. Therefore, the CE Routers CE1-A and CE2-A can be connected via the SP network where L2TPv3 can be used to provide a transparent tunnel or Layer 2 VPN between these two customer routers.
Figure 10-1. Implementing L2TPv3 Layer 2 Transparent Services
Figure 10-1 also highlights the interfaces that are part of the tunnel. On PE1-AS1, the interface connecting to CE1-A is configured as part of the L2TPv3 tunnel, and, on PE2-AS1, the interface connecting to CE2-A is configured as part of the L2TPv3 tunnel. Traffic from CE1-A to CE2-A entering Serial1/0 on PE1-AS1 is encapsulated in an L2TPv3 tunnel and forwarded to PE2-AS1. PE2-AS1, upon packet reception, decapsulates the packet and transmits the same on Serial1/0, which is configured as an endpoint of the tunnel. The routers in the core of the IP network forward this information as they would a regular IP packet, and the payload containing the information being transmitted across the tunnel is processed only on egress from the IP network.
When L2TPv3 is implemented, the physical interfaces that are connected to the customer's networks are used as the tunnel ingress and egress interfaces. L2TPv3 can also provide transparent LAN services between customer LAN segments connecting to different service provider routers. L2TPv3 can thus be used to tunnel traffic between the two separated LANs across the SP network.
L2TPv3 can also be used on serial and POS interfaces and on VLAN-based subinterfaces on certain platforms supporting L2TPv3. Frame Relay encapsulation on serial interfaces is supported for L2TPv3 tunneling based Layer 2 connectivity. For more information on supported interfaces for implementation of L2TPv3 tunnels and line card support, refer to Cisco documentation at Cisco.com.
L2TPv3 is supported as a tunneling protocol on the following Cisco routers:
For more information on platform and software support, refer to Cisco.com for the latest information and updates.
L2TPv3 Modes of Operation
The following modes of operation are supported when implementing L2TPv3 as the tunneling mechanism to deploy Layer 2 transparent services:
To implement L2TPv3 on Cisco routers, the following general prerequisites apply:
In addition to these general prerequisites, restrictions exist for the implementation of L2TPv3 on Cisco high-end platforms, depending on the platform in use (Cisco 12000, 7200, 7500, or 10720 Internet routers). Refer to the online documentation at Cisco.com for more information on platform and interface encapsulation specific restrictions.
Tunnel Server Card Operation on GSR 12000 Series Routers When Implementing L2TPv3
The tunnel server card performs the action of packet encapsulation and decapsulation when L2TPv3 is implemented on a Cisco 12000 series router. The data plane operations of the tunnel server card on a Cisco 12000 series router, both ingress into the tunnel (encapsulation) as well as egress out of the tunnel (decapsulation), are described in Figure 10-2.
Figure 10-2. Tunnel Server Card Operation – Ingress and Egress
Figure 10-2 outlines the stages and the operation of a tunnel server card in a GSR 12000 series router on the ingress PE router PE1-AS1. The stages are
The stages in the operation of a tunnel server card on the egress router PE2-AS1 (L2TPv3 destination) are as follows:
L2TPv3 Header Format
Figure 10-3 shows the L2TPv3 header used to encapsulate packets when using L2TPv3 tunnels.
Figure 10-3. L2TPv3 Header Format
In the L2TPv3 header, the session identifier identifies the tunnel context at the decapsulating router. The session ID of 0 is reserved for use by the protocol. Static L2TPv3 sessions need manual configuration of session ID on the PE routers. However, for dynamic L2TPv3 tunnel setup, the session IDs can be chosen depending on the number of tunnels that are supported by the router in question. Therefore, a smaller number of bits might be used by the router to depict a session ID to support a larger number of unique sessions.
The cookie contains the key for the L2TPv3 session. The cookie length can be configured on a router, but the default value for the cookie length is 4 bytes. When the originating and terminating routers are different platforms, the cookie length needs to be configured manually to be 4 bytes.
Pseudowire control encapsulation consists of 4 bytes and implements sequencing with the L2TPv3 tunnel. It uses only the first bit and bits 8 through 31. The value of the first bit defines if bits 8 through 31 contain a sequence number and if it needs to be updated.