Using L2TP Protocol in Industrial Routers ZX4224

Using L2TP Protocol in Industrial Routers

L2TP (Layer 2 Tunneling Protocol), originally defined in RFC 2661, establishes point-to-point L2TP tunnels over public networks (such as the Internet) and encapsulates and transmits PPP (Point-to-Point Protocol) data frames through the L2TP tunnels, which can help remote users, such as branch offices of an enterprise and business travelers, to visit the enterprise and access the enterprise’s intranet through L2TP tunnels. Thus, it provides a secure, cost-effective and efficient way for remote access to private networks.

(1) LAC

The LAC is a device that connects to a switched network.The LAC has a PPP termination system and handles L2TP.It typically provides access to PPP subscribers.The LAC sits between the L2TP network server (LNS) and the subscriber and is used to transmit packets of information between the LNS and the subscriber.The LAC encapsulates packets received from the subscriber and transmits packets of information to the LNS based on L2TP.In addition, the LAC decapsulates packets received from the LNS and transmits them to the LNS. It also decapsulates information packets received from the LNS and transmits the information packets to the subscriber.

(2) LNS

The LNS (L2TP Network Server) acts as one of the L2TP tunnel endpoints and is the peer of the LAC. the LNS is the logical endpoint of the PPP session that is tunneled from the remote system by the LAC. By establishing an L2TP tunnel over the public network, the peer end of a PPP session logically extends from the LAC to the LNS on the corporate intranet.

Flags and Version info Flags and Version info: control flags that indicate the presence of data/control packets and the length, sequence and offset fields.

Length length (optional): total number of bytes in the message, present only when the length flag is set.

Tunnel Tunnel ID: Indicates the identifier of the control connection.

Session Session ID: Indicates the identifier of the session in the tunnel.

Ns (optional): the sequence number of this data or control message, starting from zero and increasing by one (mod 216) for each message sent. Present only when the sequence flag is set.

Nr (optional): the sequence number of the expected incoming message. nr is set to Ns plus one (modulo 216) for the last message received in sequence. Nr is reserved in data messages and must be ignored on reception if present (as indicated by the S bit).

Offset Size offset size (optional): specifies the position of the payload data after the L2TP header. If the offset field is present, the L2TP header ends after the last byte of the offset padding. This field exists if the offset flag is set.

Offset Pad offset padding (optional): variable length, specified by the offset size. The contents of this field are undefined.

Payload data Payload data: variable length (maximum payload size = maximum size of UDP packet – size of L2TP header)

How L2TP works

L2TP is a connection-based protocol. The process of establishing a tunnel to carry a PPP session consists of two steps.

(1) Establish a tunnel control connection.

(2) Trigger the establishment of a session based on an incoming or outgoing call.

When establishing an L2TP connection, many control packets are exchanged between the server and the client to establish tunnels and sessions in each direction. With these control packets, one party requests the other party to assign a specific tunnel and session ID. packets are then exchanged with compressed PPP frames as payload using this tunnel and session ID.

The list of L2TP message handshakes between LAC and LNS is as follows.

Advantages of L2TP

(1) L2TP can be paired with IPSec to provide a high level of online security.

(2) L2TP is readily available on many Windows and MAC OS platforms because it is built into those systems. It is also available on many other devices and operating systems.

(3) L2TP is relatively simple to set up, including L2TP/IPSec.