L2TP Profile Configuration
The Layer 2 Tunnel Protocol (L2TPv2) profile configuration is an optional step in subscriber management configuration which is mandatory to enable L2TP tunneling.
The way that the L2TP profile configuration relates to all subscriber management configuration tasks is shown in the picture below.
Configuring the L2TP Profile
supervisor@switch: cfg> set access l2tp-profile <profile-name> Name of the L2TP profile supervisor@switch: cfg> set access l2tp-profile l2tp-default <cr> client-ipv4 Default value for L2TP tunnel client IPv4 address client-name Default value for L2TP tunnel client name connect-speed-update Enable L2TP Connect-Speed-Update-Notification (CSUN) dead-timeout-interval L2TP tunnel dead timeout interval in seconds hello-interval L2TP tunnel hello interval in seconds hide-authentication Hide L2TP tunnel authentication idle-timeout-interval L2TP tunnel idle timeout interval in seconds inactive-timeout-interval L2TP tunnel inactive timeout interval in seconds instance Instance name pon-access-line-version PON Access Line Information Version pool-name L2TP tunnel pool name receive-window L2TP tunnel receive window request-retries L2TP session request retries request-timeout-interval L2TP session request timeout interval in seconds retransmit-interval L2TP tunnel retransmission interval in seconds selection-algorithm L2TP tunnel selection algorithm service-label MPLS service label session-limit L2TP tunnel session limit
The following example shows a typical L2TPv2 LAC configuration profile.
supervisor@switch: cfg> show config access l2tp-profile l2tp-default { "rtbrick-config:l2tp-profile": { "profile-name": "l2tp-default", "session-limit": 4000, "hello-interval": 60, "client-name": "BNG", "client-ipv4": "198.51.100.200", "hide-authentication": true "service-label": 1234 } }
Attribute | Description | ||
---|---|---|---|
client-ipv4 |
This is the default value for the local L2TP tunnel client (LAC) IPv4 address if not explicitly provided for the tunnel via L2TP pool or RADIUS. |
||
client-name |
This is the default value for the local L2TP tunnel client (LAC) hostname if not explicitly provided for the tunnel via L2TP pool or RADIUS. Default: system hostname |
||
instance |
The routing instance in which the L2TP endpoint (LNS) is reachable. Default: default |
||
service-label |
The service label must be defined to support L2TP over MPLS
(Configuring L2TP over MPLS). |
||
selection-algorithm |
This defines how to select a tunnel from a pool of available LNS servers as described in [L2TP Tunnel Selection]. The RANDOM algorithm selects the tunnel randomly whereas BALANCED selects the least filled tunnel based on number of sessions. Default:: BALANCED Values: BALANCED, RANDOM |
||
session-limit |
This is the default tunnel session limit if not further specified. Tunnels with session limit reached are not considered for further sessions. Default: 64000 Range: 1 - 65535 |
||
pool-name |
This attribute allows to assign a default L2TP tunnel pool ([L2TP Tunnel Pool Configuration]) which can be overwritten by user defined pool names from local user profiles ([User Profile Configuration]) or received via RADIUS attribute RtBrick-L2TP-Pool (VSA 26-50058-40). |
||
hello-interval |
L2TP tunnel hello interval in seconds where 0 means disabled. The HELLO keep alive messages are part of the L2TP control channel ([L2TP Control Channel]) and only send if there is no other message send if queue is empty and no other message send during the hello interval. Default: 30 Range: 0 - 86400 |
||
idle-timeout-interval |
This interval defines the maximum time in seconds to keep a tunnel without sessions established. The session will remain forever if this value is set to 0. Default: 600 Range: 0 - 4294966 |
||
dead-timeout-interval |
This interval defines the time in seconds to keep an unreachable tunnel in DEAD state. After interval expiration the tunnel changes back to DOWN state to be available for new sessions. Default: 300 Range: 1 - 4294966 |
||
inactive-timeout-interval |
This interval defines the time in seconds to keep an inactive tunnel before removal. This interval is reset with every new session request which considers this tunnel as potential candidate. Default: 900 Range: 1 - 4294966 |
||
receive-window |
This value specifies the receive window size being offered to the remote peer trough Receive Window Size AVP (10) in SCCRQ, SCCRP. Suppose advertising a receive window size of 8 in the SCCRQ or SCCRP messages. The remote peer is now allowed to have up to 8 outstanding control messages. Once 8 have been sent, it must wait for an acknowledgment that advances the window before sending new control messages. Default: 8 Range: 1 - 256 |
||
request-retries |
This value is explained together with request-timeout-interval. Default: 5 Range: 1 - 600 |
||
request-timeout-interval |
This interval multiplied with the request-retries defines the maximum time in seconds to wait for selected tunnel to become established before selecting another tunnel from list. Default: 1 Range: 1 - 30
|
||
retransmit-interval |
This value specifies the retransmission interval in seconds. Each subsequent retransmission of a message employ an exponential backoff interval. Thus, if the first retransmission occurred after 1 second, the next retransmission occur after 2 seconds has elapsed, then 4 seconds, 8 seconds, 16 seconds, 32 seconds and finally 64 seconds. This maximum value is reached after maximum 6 retransmissions resulting in max 64 seconds for an retransmit interval of 1, 128 seconds for 2, etc. Default: 1 Range: 1 - 30 |
||
hide-authentication |
If enabled, the L2TP proxy authentication response AVP will be hidden if authentication type is PAP to not transmit the password in clear text. Default: false |
||
pon-access-line-version |
Adding additional PON attributes to the L2TP access line information ([L2TP Access Line Information (RFC5515)]) as defined in draft-lihawi-ancp-protocol-access-extension which can be optionally enabled using this configuration attribute.
The value DRAFT-LIHAWI-00 enables PON attributes based on the definition in draft-lihawi-ancp-protocol-access-extension-00 whereas DRAFT-LIHAWI-04 uses draft-lihawi-ancp-protocol-access-extension-04. Default:: DISABLED Values: DRAFT-LIHAWI-00, DRAFT-LIHAWI-04 |
||
connect-speed-update |
Enable L2TP Connect-Speed-Update-Notification (CSUN) requests as defined in RFC5515 ([Connect-Speed-Update-Notification (CSUN)]). CSUN is an L2TP control message sent by the LAC to the LNS to provide transmit and receive connection speed updates for one or more sessions which is disabled per default and can be enabled using this configuration. Default: false |
Configuring L2TP over MPLS
L2TP over MPLS requires a dedicated L2TP service label which needs to be configured manually.
Following an example L2TP configuration with L2TP service label.
set access l2tp-profile l2tp-default service-label 1234
Advertising this label via BGP must be configured manually as shown in the example below. The exact policy configuration depends on the actual network and existing policy concept.
supervisor@switch: cfg> show config policy { "rtbrick-config:policy": { "statement": [ { "name": "L2TP_MPLS", "ordinal": [ { "ordinal": 1, "match": { "rule": [ { "rule": 1, "type": "ipv4-prefix", "value-type": "discrete", "match-type": "exact", "value": "198.51.100.200/24" } ] }, "action": { "rule": [ { "rule": 1, "type": "label", "operation": "overwrite", "value": "label:1337,bos:1" } ] } }, { "ordinal": 2, "action": { "rule": [ { "rule": 1, "operation": "return-permit" } ] } } ] } ] } } supervisor@switch: cfg> show config instance internet { "rtbrick-config:instance": { "name": "internet", "address-family": [ { "afi": "ipv4", "safi": "unicast", "policy": { "export": "L2TP_MPLS" } } ] } }