Guest

Connectivity

L2TP Support for the Cisco 800, 1800, 2800, and 3800 Integrated Services Routers

Hierarchical Navigation

Downloads

This application note provides Layer 2 Tunneling Protocol (L2TP) positioning information for the Cisco® integrated services router portfolio of access routers. It outlines the high-level positioning of the products for the L2TP network server (LNS) role and provides recommended performance and scalability information.

L2TP Overview

L2TP is an IETF standard that combines the best features of two existing tunneling protocols: the Cisco Layer 2 Forwarding (L2F) and Microsoft Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for VPNs. VPNs allow users and telecommuters to connect to their corporate intranets or extranets.

L2TP Terms

L2TP access concentrator (LAC): A LAC device is attached to the switched network fabric, such as public switched telephone network (PSTN) or ISDN, or co-located with a PPP end system capable of handling the L2TP protocol. A LAC needs only to implement the media over which L2TP operates in order to pass traffic to one or more LNSs. It can tunnel any protocol carried within PPP. It is also known as the network access server (NAS) in L2F.

L2TP network server (LNS): An LNS operates on any platform capable of PPP termination. LNS handles the server side of the L2TP protocol. Because L2TP relies only on the single media over which L2TP tunnels arrive, LNS may only have a single LAN or WAN interface, yet still be able to terminate calls arriving at any LAC with a full range of PPP interfaces (asynchronous, ISDN, PPP over ATM, or PPP over Frame Relay). LNS is also known as home gateway (HGW) in L2F terminology.

Network access server (NAS): This device provides temporary, on-demand network access to users. This access is point-to-point, typically using PSTN or ISDN lines. In the Cisco implementation, a NAS serves as a LAC.

Tunnel: A tunnel is a virtual pipe between LAC and LNS that can carry multiple PPP sessions.

Session: A session is a single, tunneled PPP event (also referred to as a call). Multiple sessions can reside within a single tunnel.

L2TP Architecture

L2TP tunnels are used primarily in compulsory mode (that is, dialup LAC to LNS) access VPNs for both IP and non-IP traffic.
Traditional dialup networking services support only registered IP addresses, limiting the types of applications that are implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet, allowing use of the existing access infrastructure, such as the Internet, modems, access servers, and ISDN terminal adapters. Figure 1 shows the L2TP architecture in a typical dialup environment.

Figure 1. L2TP Compulsory Mode

L2TP Client-Initiated Tunneling Mode

L2TP client-initiated tunneling allows the client router to initiate L2TP tunnels. The client can initiate an L2TP tunnel to the LNS without the intermediate NAS participating in tunnel negotiation or establishment. The benefit of this feature is that client routers now can initiate L2TP tunnels.
In the client-initiated tunneling scenario depicted in Figure 2, the client connects to the NAS through a media that supports PPP, such as a dialup modem, DSL, ISDN, or a cable modem. The client can initiate an L2TP tunnel to the LNS.
The L2TP Client-Initiated Tunneling feature uses a virtual-PPP interface, which adds Layer 2 encapsulation to Layer 3 packets, allowing them to be sent to the LNS over an L2TP or L2TPv3 tunnel.

Figure 2. L2TP Client-Initiated Tunneling

Cisco Integrated Services Routers as LNSs

Cisco 800, 1800, 2800, and 3800 Integrated Services Routers are positioned for the LNS role.
From a platform positioning point of view, Table 1 recommends the number of L2TP tunnels per platform.

Table 1.

LNS: Cisco Integrated Services Router

L2TP Tunnel or Session

Cisco 3845

1200

Cisco 3825

1100

Cisco 2851

850

Cisco 2821

800

Cisco 2811

750

Cisco 2801

700

Cisco 1841

500

Cisco 1812

100

Cisco 871

20

Note: Numbers in the table are based on one session per L2TP tunnel.

Note: For all applications requiring higher or more specific performance characteristics than those discussed in this document, please evaluate the Cisco 7200 and 7300 Series platforms. These routers are designed specifically for provider edge roles in aggregated environments.

L2TP Performance

Table 2 lists the recommended performance positioning for all the Cisco integrated services routers in terms of aggregate throughput for the maximum number of L2TP tunnels.

Note: For all applications requiring higher or more specific performance characteristics than those discussed in this document, please evaluate the Cisco 7200 and 7300 Series platforms. These routers are designed specifically for provider edge roles in aggregated environments.

Table 2. Recommended Aggregate Throughputs

Cisco Integrated Services Router Platform

Recommended Aggregate Throughput for Platform Configured as L2TP LNS

Cisco 3845

Up to 150 Mbps

Cisco 3825

Up to 100 Mbps

Cisco 2851

Up to 50 Mbps

Cisco 2821

Up to 40 Mbps

Cisco 2811

Up to 30 Mbps

Cisco 2801

Up to 25 Mbps

Cisco 1841

Up to 20 Mbps

Cisco 1812

Up to 20 Mbps

Cisco 871

Up to 5 Mbps

Additional Resources

• Layer 2 Tunneling Protocol white paper: http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800a43e9.shtml

• Layer 2 Tunneling Protocol (L2TP) over IP Security (IPsec): http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f6f.shtml