Date created: Friday, April 17, 2015 3:01:26 PM. Last modified: Friday, May 10, 2024 5:55:06 PM
L2TP Tunnel Establishment
PPP over L2TP
References:
http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/23980-l2tp-23980.html
https://tools.ietf.org/html/rfc2661
L2TP runs over UDP, port 1701. PPP sessions can be tunneled inside L2TP inside UDP (so MTU sizing is required):
An LAC (L2TP Access Concentrator) initiates an L2TP tunnel to an LNS (L2TP Network Server). Inside the tunnel "calls" are placed which can be individual PPP sessions so one L2TP tunnel can carry multiple PPP/user sessions. Either the LNS or LAC can initiate the call sessions. L2TP messages are one of two types, control messages or data messages. There is reliability built into L2TP for control messages but not for data messages, tthat relies upon the tunneled protocol.
An LTS (L2TP Tunneling Switch) can sit between an LAC and LNS which can both terminate and forward tunnels to additional LNS end-points.
Tunnel setup uses the following message types from RFC2661:
Control Connection Management 0 (reserved) 1 (SCCRQ) Start-Control-Connection-Request 2 (SCCRP) Start-Control-Connection-Reply 3 (SCCCN) Start-Control-Connection-Connected 4 (StopCCN) Stop-Control-Connection-Notification 5 (reserved) 6 (HELLO) Hello Call Management 7 (OCRQ) Outgoing-Call-Request 8 (OCRP) Outgoing-Call-Reply 9 (OCCN) Outgoing-Call-Connected 10 (ICRQ) Incoming-Call-Request 11 (ICRP) Incoming-Call-Reply 12 (ICCN) Incoming-Call-Connected 13 (reserved) 14 (CDN) Call-Disconnect-Notify Error Reporting 15 (WEN) WAN-Error-Notify PPP Session Control 16 (SLI) Set-Link-Info Another control message type is ZLBs: Zero-Length Body (ZLB) Message A control packet with only an L2TP header. ZLB messages are used for explicitly acknowledging packets on the reliable control channel.
Result and Error Codes Result Code (CDN, StopCCN) The Result Code AVP contains a mandatory 2 byte result code and option 2 byte error code with option error text Defined Result Code values for the StopCCN message are: 0 - Reserved 1 - General request to clear control connection 2 - General error--Error Code indicates the problem 3 - Control channel already exists 4 - Requester is not authorized to establish a control channel 5 - The protocol version of the requester is not supported Error Code indicates highest version supported 6 - Requester is being shut down 7 - Finite State Machine error Defined Result Code values for the CDN message are: 0 - Reserved 1 - Call disconnected due to loss of carrier 2 - Call disconnected for the reason indicated in error code 3 - Call disconnected for administrative reasons 4 - Call failed due to lack of appropriate facilities being available (temporary condition) 5 - Call failed due to lack of appropriate facilities being available (permanent condition) 6 - Invalid destination 7 - Call failed due to no carrier detected 8 - Call failed due to detection of a busy signal 9 - Call failed due to lack of a dial tone 10 - Call was not established within time allotted by LAC 11 - Call was connected but no appropriate framing was detected The Error Codes defined below pertain to types of errors that are not specific to any particular L2TP request, but rather to protocol or message format errors. If an L2TP reply indicates in its Result Code that a general error occurred, the General Error value should be examined to determine what the error was. The currently defined General Error codes and their meanings are: 0 - No general error 1 - No control connection exists yet for this LAC-LNS pair 2 - Length is wrong 3 - One of the field values was out of range or reserved field was non-zero 4 - Insufficient resources to handle this operation now 5 - The Session ID is invalid in this context 6 - A generic vendor-specific error occurred in the LAC 7 - Try another. If LAC is aware of other possible LNS destinations, it should try one of them. This can be used to guide an LAC based on LNS policy, for instance, the existence of multilink PPP bundles. 8 - Session or tunnel was shutdown due to receipt of an unknown AVP with the M-bit set (see section 4.2). The Error Message SHOULD contain the attribute of the offending AVP in (human readable) text form. When a General Error Code of 6 is used, additional information about the error SHOULD be included in the Error Message field.
Example debug of incomming PPP call over existing L2TP tunnel from ADSL wholesaler
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: I ICRQ, flg TLS, ver 2, len 76
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: IETF v2:
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Assigned Call ID 0x00006867 (26727)
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Serial Number 16014329
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Bearer Type digital(1)
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Calling Number "BBEUXXXXXXXX"
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Phy Channel ID 3803A36B
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703:
Jan 14 18:34:39.785: L2X _____:_____:________: Create logical session
Jan 14 18:34:39.785: L2TP _____:_____:________: Create session
Jan 14 18:34:39.785: L2TP _____:_____:________: Using ICRQ FSM
Jan 14 18:34:39.785: L2TP _____:_____:________: FSM-Sn ev created
Jan 14 18:34:39.785: L2TP _____:_____:________: FSM-Sn Init->Idle
Jan 14 18:34:39.785: L2TP _____:_____:________: FSM-Sn do none
Jan 14 18:34:39.785: L2TP _____:_____:________: remote ip set to IP.OF.ADSL.WHOLESALE-LAC
Jan 14 18:34:39.785: L2TP _____:_____:________: local ip set to CP.ISP.LNS.IP
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: FSM-CC ev Session-Conn
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: FSM-CC in established
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: FSM-CC do Session-Conn-Est
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Session count now 10
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn ev CC-Up
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn in Idle
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn do CC-Up-Ignore0-1
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Session attached
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn ev Rx-ICRQ
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn Idle->Proc-ICRQ
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn do Rx-ICRQ
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Chose application VPDN
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: App type set to VPDN
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: VPDN Session count now 10
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: VPDN: process AVPs
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Set HA epoch to 0
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Local AC is now UP
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Remote AC is now UP
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: APP<-L2TP: Incoming
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: sock 00000000
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: L2TUN: add sock 001B7525
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: APP->L2TP: Accept [6],
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: sock 001B7525
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: data 0C604070[138]
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: replied on new socket
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: App type set to VPDN
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: Path MTU is enabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: UDP checksum ignore is enabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: VRF set to WHOLESALE-VRF
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: Sequencing default tx disabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: Sequencing default rx disabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: Framing set to sync
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: Bearer set to none
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: no cookies enabled
Jan 14 18:34:39.785: L2TP tnl 90E61:00009703: Session PMTU count now 10
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn ev ICRQ-OK
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn Proc-ICRQ->Wt-Tx-ICRP
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn do Tx-ICRP-Local-Check
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn ev Local-Cont
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn Wt-Tx-ICRP->Wt-Rx-ICCN
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn do Tx-ICRP
Jan 14 18:34:39.785: L2X _____:________: l2x_open_socket: is called
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: Open sock CP.ISP.LNS.IP:1701->IP.OF.ADSL.WHOLESALE-LAC:1701
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn ev Sock-Ready
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn in Wt-Rx-ICCN
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn do Ignore-Sock-Up
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: O ICRP to WHOLESALE-LAC-NAME 29409/26727
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: IETF v2:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: Assigned Call ID 0x00005007 (20487)
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: APP->L2TP: Setup dataplane [15],
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: sock 001B7525
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: data 1FBFB694[20]
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: replied on same socket
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn ev DP-Setup
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn in Wt-Rx-ICCN
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn do Ignore-DP-Setup
Jan 14 18:34:39.805: L2TP tnl 90E61:00009703: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0
Jan 14 18:34:39.805: L2TP tnl 90E61:00009703:
Jan 14 18:34:39.805: L2TP tnl 90E61:00009703: I ZLB ACK, flg TLS, ver 2, len 12
Jan 14 18:34:39.805: L2TP tnl 90E61:00009703:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: I ICCN, flg TLS, ver 2, len 243
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: IETF v2:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Framing Type sync(1)
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Connect Speed 8103000
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Initial LCPREQ [10]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: 0x0506569F0A46010405DC
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Last Sent LCPREQ [15]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: 0x010405DC0305C2230505063662CCE3
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Last Rx LCPREQ [10]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: 0x0506569F0A46010405DC
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Proxy Auth Type 2
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Proxy Auth Name
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: "user@realm.net"
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Proxy Auth Chal [16]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: 0x92372937493792749247
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Proxy Auth ID 1
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Proxy Auth Resp [16]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: 0x92372937493792749247
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Rx Speed 1247000
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: O ZLB ACK to WHOLESALE-LAC-NAME 29409/26727
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn ev Rx-ICCN
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn Wt-Rx-ICCN->Proc-ICCN
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn do Rx-ICCN
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: MTU is 65535
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Session data plane UP
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: VPDN: process AVPs
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: APP<-L2TP: Connected
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: sock 001B7525
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn ev ICCN-OK
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn Proc-ICCN->established
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn do Established
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Session up
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: CP.ISP.LNS.IP<->IP.OF.ADSL.WHOLESALE-LAC
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: APP<-L2TP: Dataplane up
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: sock 001B7525
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: FSM-Sn ev DP-Up
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: FSM-Sn in established
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: FSM-Sn do Ignore-DP-UP
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: APP->L2TP: Session updated [12],
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: sock 001B7525
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: data 0CB4BFC4[129]
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: replied on same socket
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: App type set to VPDN
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: Sequencing default tx disabled
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: Sequencing default rx disabled
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: Framing set to sync
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: Bearer set to none
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: APP->L2TP: Session updated [12],
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: sock 001B7525
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: serv 00DB8522
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: data 23F12F58[84]
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: replied on same socket
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: App type set to VPDN
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: Sequencing default tx disabled
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: Sequencing default rx disabled
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: Framing set to sync
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: Bearer set to none
Previous page: IPv6
Next page: Multicast Recap