1. Introduction
The Layer Two Tunneling Protocol (L2TP) provides a dynamic mechanism
for tunneling Layer 2 (L2) "circuits" across a packet-oriented data
network (e.g., over IP). L2TP, as originally defined in RFC 2661prop, is
a standard method for tunneling Point-to-Point Protocol (PPP)
[RFC1661] sessions. L2TP has since been adopted for tunneling a
number of other L2 protocols. In order to provide greater
modularity, this document describes the base L2TP protocol,
independent of the L2 payload that is being tunneled.
The base L2TP protocol defined in this document consists of (1) the
control protocol for dynamic creation, maintenance, and teardown of
L2TP sessions, and (2) the L2TP data encapsulation to multiplex and
demultiplex L2 data streams between two L2TP nodes across an IP
network. Additional documents are expected to be published for each
L2 data link emulation type (a.k.a. pseudowire-type) supported by
L2TP (i.e., PPP, Ethernet, Frame Relay, etc.). These documents will
contain any pseudowire-type specific details that are outside the
scope of this base specification.
When the designation between L2TPv2 and L2TPv3 is necessary, L2TP as
defined in RFC 2661prop will be referred to as "L2TPv2", corresponding to
the value in the Version field of an L2TP header. (Layer 2
Forwarding, L2F, [RFC2341] was defined as "version 1".) At times,
L2TP as defined in this document will be referred to as "L2TPv3".
Otherwise, the acronym "L2TP" will refer to L2TPv3 or L2TP in
general.
1.1. Changes from RFC 2661
Many of the protocol constructs described in this document are
carried over from RFC 2661prop. Changes include clarifications based on
years of interoperability and deployment experience as well as
modifications to either improve protocol operation or provide a
clearer separation from PPP. The intent of these modifications is to
achieve a healthy balance between code reuse, interoperability
experience, and a directed evolution of L2TP as it is applied to new
tasks.
Notable differences between L2TPv2 and L2TPv3 include the following:
Separation of all PPP-related AVPs, references, etc., including a
portion of the L2TP data header that was specific to the needs of
PPP. The PPP-specific constructs are described in a companion
document.
Transition from a 16-bit Session ID and Tunnel ID to a 32-bit
Session ID and Control Connection ID, respectively.
Extension of the Tunnel Authentication mechanism to cover the
entire control message rather than just a portion of certain
messages.
Details of these changes and a recommendation for transitioning to
L2TPv3 are discussed in Section 4.7.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.3. Terminology
Attribute Value Pair (AVP)
The variable-length concatenation of a unique Attribute
(represented by an integer), a length field, and a Value
containing the actual value identified by the attribute. Zero or
more AVPs make up the body of control messages, which are used in
the establishment, maintenance, and teardown of control
connections. This basic construct is sometimes referred to as a
Type-Length-Value (TLV) in some specifications. (See also:
Control Connection, Control Message.)
Call (Circuit Up)
The action of transitioning a circuit on an L2TP Access
Concentrator (LAC) to an "up" or "active" state. A call may be
dynamically established through signaling properties (e.g., an
incoming or outgoing call through the Public Switched Telephone
Network (PSTN)) or statically configured (e.g., provisioning a
Virtual Circuit on an interface). A call is defined by its
properties (e.g., type of call, called number, etc.) and its data
traffic. (See also: Circuit, Session, Incoming Call, Outgoing
Call, Outgoing Call Request.)
Circuit
A general term identifying any one of a wide range of L2
connections. A circuit may be virtual in nature (e.g., an ATM
PVC, an IEEE 802 VLAN, or an L2TP session), or it may have direct
correlation to a physical layer (e.g., an RS-232 serial line).
Circuits may be statically configured with a relatively long-lived
uptime, or dynamically established with signaling to govern the
establishment, maintenance, and teardown of the circuit. For the
purposes of this document, a statically configured circuit is
considered to be essentially the same as a very simple, long-
lived, dynamic circuit. (See also: Call, Remote System.)
Client
(See Remote System.)
Control Connection
An L2TP control connection is a reliable control channel that is
used to establish, maintain, and release individual L2TP sessions
as well as the control connection itself. (See also: Control
Message, Data Channel.)
Control Message
An L2TP message used by the control connection. (See also:
Control Connection.)
Data Message
Message used by the data channel. (a.k.a. Data Packet, See also:
Data Channel.)
Data Channel
The channel for L2TP-encapsulated data traffic that passes between
two LCCEs over a Packet-Switched Network (i.e., IP). (See also:
Control Connection, Data Message.)
Incoming Call
The action of receiving a call (circuit up event) on an LAC. The
call may have been placed by a remote system (e.g., a phone call
over a PSTN), or it may have been triggered by a local event
(e.g., interesting traffic routed to a virtual interface). An
incoming call that needs to be tunneled (as determined by the LAC)
results in the generation of an L2TP ICRQ message. (See also:
Call, Outgoing Call, Outgoing Call Request.)
L2TP Access Concentrator (LAC)
If an L2TP Control Connection Endpoint (LCCE) is being used to
cross-connect an L2TP session directly to a data link, we refer to
it as an L2TP Access Concentrator (LAC). An LCCE may act as both
an L2TP Network Server (LNS) for some sessions and an LAC for
others, so these terms must only be used within the context of a
given set of sessions unless the LCCE is in fact single purpose
for a given topology. (See also: LCCE, LNS.)
L2TP Control Connection Endpoint (LCCE)
An L2TP node that exists at either end of an L2TP control
connection. May also be referred to as an LAC or LNS, depending
on whether tunneled frames are processed at the data link (LAC) or
network layer (LNS). (See also: LAC, LNS.)
L2TP Network Server (LNS)
If a given L2TP session is terminated at the L2TP node and the
encapsulated network layer (L3) packet processed on a virtual
interface, we refer to this L2TP node as an L2TP Network Server
(LNS). A given LCCE may act as both an LNS for some sessions and
an LAC for others, so these terms must only be used within the
context of a given set of sessions unless the LCCE is in fact
single purpose for a given topology. (See also: LCCE, LAC.)
Outgoing Call
The action of placing a call by an LAC, typically in response to
policy directed by the peer in an Outgoing Call Request. (See
also: Call, Incoming Call, Outgoing Call Request.)
Outgoing Call Request
A request sent to an LAC to place an outgoing call. The request
contains specific information not known a priori by the LAC (e.g.,
a number to dial). (See also: Call, Incoming Call, Outgoing
Call.)
Packet-Switched Network (PSN)
A network that uses packet switching technology for data delivery.
For L2TPv3, this layer is principally IP. Other examples include
MPLS, Frame Relay, and ATM.
Peer
When used in context with L2TP, Peer refers to the far end of an
L2TP control connection (i.e., the remote LCCE). An LAC's peer
may be either an LNS or another LAC. Similarly, an LNS's peer may
be either an LAC or another LNS. (See also: LAC, LCCE, LNS.)
Pseudowire (PW)
An emulated circuit as it traverses a PSN. There is one
Pseudowire per L2TP Session. (See also: Packet-Switched Network,
Session.)
Pseudowire Type
The payload type being carried within an L2TP session. Examples
include PPP, Ethernet, and Frame Relay. (See also: Session.)
Remote System
An end system or router connected by a circuit to an LAC.
Session
An L2TP session is the entity that is created between two LCCEs in
order to exchange parameters for and maintain an emulated L2
connection. Multiple sessions may be associated with a single
Control Connection.
Zero-Length Body (ZLB) Message
A control message with only an L2TP header. ZLB messages are used
only to acknowledge messages on the L2TP reliable control
connection. (See also: Control Message.)
