L2tp architecture, Tunnel and session, Control message and data message – H3C Technologies H3C SecPath F1000-E User Manual
Page 248
236
Combining the advantages of L2F and PPTP, L2TP has become the Layer 2 tunneling industry standard of
the Internet Engineering Task Force (IETF).
L2TP architecture
shows the relationship between the PPP frame, control channel, and data channel. PPP frames
are transferred over the unreliable L2TP data channels. Control messages are transferred within the
reliable L2TP control channels.
Figure 147 L2TP architecture
Figure 148 L2TP packet encapsulation structure
depicts the encapsulation structure of an L2TP data packet between the LAC and the LNS.
Usually, L2TP data is transferred in the form of User Data Protocol (UDP) packets. The well-known UDP
port for L2TP is 1701, which is only used in the initial tunnel creation stage. The L2TP tunnel initiator
selects an idle port (which may not be 1701) to send a packet to port 1701 of the receiver. After receiving
the packet, the receiver also selects an idle port (which may not be 1701 either) to return a packet to the
specified port of the initiator. From then on, the two parties use the negotiated ports to communicate until
the tunnel is disconnected.
Tunnel and session
Two types of connections are present between an LNS and an LAC: tunnel and session.
•
A tunnel is between an LNS and an LAC.
•
A session is multiplexed on a tunnel and represents a PPP session on the tunnel.
Multiple L2TP tunnels can be established between an LNS and an LAC. A tunnel consists of a control
connection and one or more sessions. A session can be set up only after the tunnel is created. A session
corresponds to one PPP data stream between the LAC and the LNS.
Both control messages and PPP frames are transferred on the tunnel. L2TP uses Hello packets to check the
connectivity of a tunnel. The LAC and LNS regularly send Hello packets to each other. If no response
packet is received in a certain period of time, the tunnel is torn down.
Control message and data message
L2TP supports two types of messages: control messages and data messages.
•
Control messages are intended for establishment and maintenance of tunnels and sessions and for
transmission control. Control messages are transmitted over a reliable channel, which supports flow
control and congestion control.
•
Data messages are intended to encapsulate PPP frames to be tunneled. Data messages are
transmitted over an unreliable channel without flow control, congestion control, and retransmission
mechanisms.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS