Several tasks I’ve been up to recently have made me study solutions to interconnect Layer 2 network segments across Layer 3 infrastructure. I decided to do a series of quick review of the technologies that serve this purpose. The most detailed information could be found in standards and vendors documents, there is no point to rewrite all of it here. What I was intended to is just produce a sort of quick reference/cheatsheet for what I have studied.

The first is Layer 2 Tunneling Protocol.

Lab 

Here is a network diagram I used:

• R4 and R5 represent two hosts in the same VLAN. Those are the ones that need to be interconnected across the WAN.
• R2 and R3 represent border routers in each location.
• R1 is just a transport WAN emulation.

Starting configuration for border routers:

R2	R3
interface FastEthernet0/0   description -= WAN =-   ip address 115.0.0.2 255.255.255.252 ip route 0.0.0.0 0.0.0.0 115.0.0.1	interface FastEthernet0/0  description -= WAN =-  ip address 116.0.0.2 255.255.255.252 ip route 0.0.0.0 0.0.0.0 116.0.0.1

The starting configuration for R1, R4 and R5 is just IP addresses assigned to interfaces according to the diagram.

The basic L2TPv3 configuration

L2TP is probably the most straightforward method to implement Layer-2 interconnection across Layer-3 WAN. Basic config looks like this:

R2

pseudowire-class test-pw-class encapsulation l2tpv3 ip local interface FastEthernet0/0interface FastEthernet2/0 description -= LAN =- no ip address xconnect 116.0.0.2 123 encapsulation l2tpv3 pw-class test-pw-class

R3

pseudowire-class test-pw-class encapsulation l2tpv3 ip local interface FastEthernet0/0interface FastEthernet2/0 description -= LAN =- no ip address xconnect 116.0.0.2 123 encapsulation l2tpv3 pw-class test-pw-class

Here is the result:

All the traffic coming to FastEthernet 2/0 port of any of the border routers gets encapsulated and sent to the opposite site where it gets decapsulated while going out of another FastEthernet 2/0 interface. As a result we can ping R5 from R4 and vice versa as if they were connected directly by Layer-2 link:

R5#ping 192.168.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 88/98/120 ms

R4#ping 192.168.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 88/116/156 ms

The broadcast traffic also gets propagated successfully:

R4#ping 255.255.255.255 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 255.255.255.255, timeout is 2 seconds: Reply to request 0 from 192.168.1.5, 152 ms Reply to request 1 from 192.168.1.5, 108 ms Reply to request 2 from 192.168.1.5, 152 ms Reply to request 3 from 192.168.1.5, 104 ms

Some theory

The obvious advantage of L2TP is that in order to implement it you don’t need anything but Layer 3 connectivity between devices that will terminate both ends of the tunnel.

Here is what happens to the Layer 2 Payload when it gets transferred over the tunnel:

First, L2TPv3 Header gets added to the original Layer 2 Frame. It contains all the information needed to identify the Tunnel and the Session.

Second IP Delivery Header containing source and destination IP addresses of the tunnel peers (in our case R2 and R3 routers) and UDP Header are added to deliver the packet to the other end device that will decapsulate it. On transport layer L2TPv3 uses port 1701.

The packet flow to establish the connection is the following:

Verifying 

Checking tunnel and session states:

R2#show l2tun L2TP Tunnel and Session Information Total tunnels 1 sessions 1 LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/                                                            Count VPDN Group 1401476767 197244710  R3            est    116.0.0.2       1     l2tp_default_cl LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID                                  Vcid, Circuit 4141636091 3431548551 1401476767 123, Fa2/0           est    00:02:50 1

You can see the tunnel Virtual Circuit ID 123 configured and it’s state as established.

Here is a debug command showing tunnel establishment process where you can see packets related to tunnel setup marked bold. R2 plays the role of the server in this case, so the tunnel establishment process begins with it receiving SCCRQ, responds SCCRP and so on. Notice also the states the system passes through (Idle, Proc-SCCRQ, Wt-SCCN, etc.) till it gets to established.

R2#debug l2tp event *Dec  8 23:52:23.159: L2X  tnl   08318:________: Create logical tunnel *Dec  8 23:52:23.159: L2TP tnl   08318:________: Create tunnel *Dec  8 23:52:23.163: L2TP tnl   08318:________:     version set to Cisco-V3 *Dec  8 23:52:23.163: L2TP tnl   08318:________:     remote ip set to 116.0.0.2 *Dec  8 23:52:23.167: L2TP tnl   08318:________:     local ip set to 115.0.0.2 *Dec  8 23:52:23.175: L2TP tnl   08318:70A47756: FSM-CC ev Rx-SCCRQ *Dec  8 23:52:23.175: L2TP tnl   08318:70A47756: FSM-CC    Idle->Proc-SCCRQ *Dec  8 23:52:23.179: L2TP tnl   08318:70A47756: FSM-CC do Rx-SCCRQ *Dec  8 23:52:23.183: L2TP tnl   08318:70A47756:     class name l2tp_default_class *Dec  8 23:52:23.191: L2TP       _____:________: Check for existing cc *Dec  8 23:52:23.191: L2TP       _____:________:   115.0.0.2<->116.0.0.2 *Dec  8 23:52:23.195: L2TP       _____:________:   and peer router id: 116.0.0.2 *Dec  8 23:52:23.195: L2TP       _____:________:   and peer hostname: R3 *Dec  8 23:52:23.199: L2TP       _____:________:   and version: V3 *Dec  8 23:52:23.203: L2TP       _____:________:   No other cc exists to tie with *Dec  8 23:52:23.203: L2TP tnl   08318:70A47756: FSM-CC ev SCCRQ-OK *Dec  8 23:52:23.207: L2TP tnl   08318:70A47756: FSM-CC    Proc-SCCRQ->Wt-SCCCN *Dec  8 23:52:23.207: L2TP tnl   08318:70A47756: FSM-CC do Tx-SCCRP *Dec  8 23:52:23.211: L2X        _____:________: l2x_open_socket: is called *Dec  8 23:52:23.211: L2TP tnl   08318:70A47756: Open sock 115.0.0.2:0->116.0.0.2:0 *Dec  8 23:52:23.215: L2TP tnl   08318:70A47756: FSM-CC ev Sock-Ready *Dec  8 23:52:23.215: L2TP tnl   08318:70A47756: FSM-CC    in Wt-SCCCN *Dec  8 23:52:23.219: L2TP tnl   08318:70A47756: FSM-CC do Ignore-Sock-Up *Dec  8 23:52:23.355: L2TP tnl   08318:70A47756: FSM-CC ev Rx-SCCCN *Dec  8 23:52:23.359: L2TP tnl   08318:70A47756: FSM-CC    Wt-SCCCN->Proc-SCCCN *Dec  8 23:52:23.359: L2TP tnl   08318:70A47756: FSM-CC do Rx-SCCCN *Dec  8 23:52:23.379: L2TP tnl   08318:70A47756: FSM-CC ev SCCCN-OK *Dec  8 23:52:23.379: L2TP tnl   08318:70A47756: FSM-CC    Proc-SCCCN->established *Dec  8 23:52:23.383: L2TP tnl   08318:70A47756: FSM-CC do Established *Dec  8 23:52:23.383: L2TP tnl   08318:70A47756: Control channel up *Dec  8 23:52:23.387: L2TP tnl   08318:70A47756:   115.0.0.2<->116.0.0.2 *Dec  8 23:52:23.431: L2X  _____:_____:________: Create logical session *Dec  8 23:52:23.435: L2TP _____:_____:________: Create session *Dec  8 23:52:23.435: L2TP _____:_____:________:   Using ICRQ FSM *Dec  8 23:52:23.439: L2TP _____:_____:________: FSM-Sn ev created *Dec  8 23:52:23.439: L2TP _____:_____:________: FSM-Sn    Init->Idle *Dec  8 23:52:23.443: L2TP _____:_____:________: FSM-Sn do none *Dec  8 23:52:23.443: L2TP _____:_____:________:     remote ip set to 116.0.0.2 *Dec  8 23:52:23.447: L2TP _____:_____:________:     local ip set to 115.0.0.2 *Dec  8 23:52:23.451: L2TP tnl   08318:70A47756: FSM-CC ev Session-Conn *Dec  8 23:52:23.451: L2TP tnl   08318:70A47756: FSM-CC    in established *Dec  8 23:52:23.455: L2TP tnl   08318:70A47756: FSM-CC do Session-Conn-Est *Dec  8 23:52:23.455: L2TP tnl   08318:70A47756:   Session count now 1 *Dec  8 23:52:23.459: L2TP _____:08318:ECEDBDCE: FSM-Sn ev CC-Up *Dec  8 23:52:23.459: L2TP _____:08318:ECEDBDCE: FSM-Sn    in Idle *Dec  8 23:52:23.463: L2TP _____:08318:ECEDBDCE: FSM-Sn do CC-Up-Ignore0-1 *Dec  8 23:52:23.463: L2TP _____:08318:ECEDBDCE: Session attached *Dec  8 23:52:23.467: L2TP _____:08318:ECEDBDCE: FSM-Sn ev Rx-ICRQ *Dec  8 23:52:23.467: L2TP _____:08318:ECEDBDCE: FSM-Sn    Idle->Proc-ICRQ *Dec  8 23:52:23.467: L2TP _____:08318:ECEDBDCE: FSM-Sn do Rx-ICRQ *Dec  8 23:52:23.467: L2TP _____:08318:ECEDBDCE:   Chose application XCONNECT *Dec  8 23:52:23.471: L2TP _____:08318:ECEDBDCE:   App type set to XCONNECT *Dec  8 23:52:23.471: L2TP tnl   08318:70A47756:   XCONNECT Session count now 1 *Dec  8 23:52:23.471: L2TP _____:08318:ECEDBDCE: Remote AC is now UP *Dec  8 23:52:23.471: L2TP _____:08318:ECEDBDCE: XCONNECT: process AVPs *Dec  8 23:52:23.471: L2TP _____:08318:ECEDBDCE: Set HA epoch to 0 *Dec  8 23:52:23.475: L2TP _____:08318:ECEDBDCE: *Dec  8 23:52:23.495: L2X  _____:_____:________: Destroying logical session *Dec  8 23:52:23.495: L2TP 00001:08318:ECEDBDCE: *Dec  8 23:52:23.499: L2TP 00001:08318:ECEDBDCE:   App type set to XCONNECT *Dec  8 23:52:23.499: L2TP 00001:08318:ECEDBDCE:   Need cc version: Cisco-V3 *Dec  8 23:52:23.503: L2TP 00001:08318:ECEDBDCE:   Sequencing default tx disabled *Dec  8 23:52:23.507: L2TP 00001:08318:ECEDBDCE:   Sequencing default rx disabled *Dec  8 23:52:23.507: L2TP 00001:08318:ECEDBDCE: no cookies enabled *Dec  8 23:52:23.511: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev ICRQ-OK *Dec  8 23:52:23.511: L2TP 00001:08318:ECEDBDCE: FSM-Sn Proc-ICRQ->Wt-Tx-ICRP *Dec  8 23:52:23.515: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Tx-ICRP-Local-Check *Dec  8 23:52:23.515: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev Local-Cont *Dec  8 23:52:23.519: L2TP 00001:08318:ECEDBDCE: FSM-Sn    Wt-Tx-ICRP->Wt-Rx-ICCN *Dec  8 23:52:23.519: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Tx-ICRP *Dec  8 23:52:23.523: L2X        _____:________: l2x_open_socket: is called *Dec  8 23:52:23.527: L2TP 00001:08318:ECEDBDCE: Open sock 115.0.0.2:0->116.0.0.2:0 *Dec  8 23:52:23.527: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev Sock-Ready *Dec  8 23:52:23.531: L2TP 00001:08318:ECEDBDCE: FSM-Sn    in Wt-Rx-ICCN *Dec  8 23:52:23.535: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Ignore-Sock-Up *Dec  8 23:52:23.555: L2TP 00001:08318:ECEDBDCE: *Dec  8 23:52:23.559: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev DP-Setup *Dec  8 23:52:23.559: L2TP 00001:08318:ECEDBDCE: FSM-Sn    in Wt-Rx-ICCN *Dec  8 23:52:23.563: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Ignore-DP-Setup *Dec  8 23:52:23.799: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev Rx-ICCN *Dec  8 23:52:23.803: L2TP 00001:08318:ECEDBDCE: FSM-Sn    Wt-Rx-ICCN->Proc-ICCN *Dec  8 23:52:23.807: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Rx-ICCN *Dec  8 23:52:23.807: L2TP 00001:08318:ECEDBDCE:   MTU is 65535 *Dec  8 23:52:23.811: L2TP 00001:08318:ECEDBDCE: Session data plane UP *Dec  8 23:52:23.815: L2TP 00001:08318:ECEDBDCE: XCONNECT: process AVPs *Dec  8 23:52:23.819: L2TP 00001:08318:ECEDBDCE: *Dec  8 23:52:23.839: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev ICCN-OK *Dec  8 23:52:23.843: L2TP 00001:08318:ECEDBDCE: FSM-Sn    Proc-ICCN->established *Dec  8 23:52:23.843: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Established *Dec  8 23:52:23.847: L2TP 00001:08318:ECEDBDCE: Session up *Dec  8 23:52:23.851: L2TP 00001:08318:ECEDBDCE:   115.0.0.2<->116.0.0.2 *Dec  8 23:52:23.895: L2TP 00001:08318:ECEDBDCE: XCONNECT: process AVPs *Dec  8 23:52:23.899: L2TP 00001:08318:ECEDBDCE: *Dec  8 23:52:23.903: L2TP 00001:08318:ECEDBDCE: FSM-Sn ev DP-Up *Dec  8 23:52:23.907: L2TP 00001:08318:ECEDBDCE: FSM-Sn    in established *Dec  8 23:52:23.907: L2TP 00001:08318:ECEDBDCE: FSM-Sn do Ignore-DP-UP

Similar packet exchange information can be seen with debug vpdn command.

In case you need to reset L2TPv3-tunnel, the following command can be used:

R2#clear l2tun remote ip 116.0.0.2