Basic concepts of l2tp, Background of l2tp – H3C Technologies H3C SecPath F1000-E User Manual

Page 247

235

Figure 146 VPDN built by using L2TP

A VPDN built by using L2TP includes three components:

•

Remote system
A remote system is usually the host of a remote user or the routing device of a remote branch that
needs to access the VPDN network.

•

LAC
An L2TP access concentrator (LAC) is a device that is attached to a packet-switched network and

has a PPP end system and the L2TP capability. An LAC is usually a NAS located at a local ISP,
which provides access services mainly for PPP users.
An LAC lies between LNSs and remote systems. Upon receiving a packet from a remote system, it
encapsulates the packet by using L2TP and sends the encapsulated packet to the LNS. Upon

receiving a packet from an LNS, it de-encapsulates the packet and sends it to the intended remote

system.
Between an LAC and a remote system is a local connection or a PPP link. Usually, a PPP link is used

in a VPDN application.

•

LNS
An L2TP network server (LNS) is a PPP end system as well as the L2TP protocol server. It is usually

an edge device of an enterprise network.
As an end system of an L2TP tunnel, an LNS is the peer of an LAC. It is the logical termination point
of a PPP session that is tunneled by the LAC. That is, with L2TP, the PPP termination point of a

remote system is logically extended from the LAC to the LNS, which resides on the enterprise

network.

Basic concepts of L2TP

Background of L2TP

The point-to-Point Protocol (PPP) defines an encapsulation mechanism that allows a point-to-point link to

carry packets of various protocols. When PPP runs between a user and a NAS, the PPP session terminates
at the same physical device where the Layer 2 link terminates—the NAS.
L2TP (RFC 2661) is intended to tunnel PPP packets. It extends the PPP model by allowing the Layer 2 link

and the PPP session endpoints to reside on different devices interconnected by a packet-switched network.

This makes PPP sessions be able to traverse frame relay networks or the Internet.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS