L2TP Tunnel Establishment

PPP over L2TP

References:
http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/23980-l2tp-23980.html
https://tools.ietf.org/html/rfc2661

L2TP runs over UDP, port 1701. PPP sessions can be tunneled inside L2TP inside UDP (so MTU sizing is required):

An LAC (L2TP Access Concentrator) initiates an L2TP tunnel to an LNS (L2TP Network Server). Inside the tunnel "calls" are placed which can be individual PPP sessions so one L2TP tunnel can carry multiple PPP/user sessions. Either the LNS or LAC can initiate the call sessions. L2TP messages are one of two types, control messages or data messages. There is reliability built into L2TP for control messages but not for data messages, tthat relies upon the tunneled protocol.

An LTS (L2TP Tunneling Switch) can sit between an LAC and LNS which can both terminate and forward tunnels to additional LNS end-points.

 

Tunnel setup uses the following message types from RFC2661:

Control Connection Management

      0  (reserved)

      1  (SCCRQ)    Start-Control-Connection-Request
      2  (SCCRP)    Start-Control-Connection-Reply
      3  (SCCCN)    Start-Control-Connection-Connected
      4  (StopCCN)  Stop-Control-Connection-Notification
      5  (reserved)
      6  (HELLO)    Hello

   Call Management

      7  (OCRQ)     Outgoing-Call-Request
      8  (OCRP)     Outgoing-Call-Reply
      9  (OCCN)     Outgoing-Call-Connected
      10 (ICRQ)     Incoming-Call-Request
      11 (ICRP)     Incoming-Call-Reply
      12 (ICCN)     Incoming-Call-Connected
      13 (reserved)
      14 (CDN)      Call-Disconnect-Notify

   Error Reporting

      15 (WEN)      WAN-Error-Notify

   PPP Session Control

      16 (SLI)      Set-Link-Info


Another control message type is ZLBs:

   Zero-Length Body (ZLB) Message

      A control packet with only an L2TP header. ZLB messages are used
      for explicitly acknowledging packets on the reliable control
      channel.

Result and Error Codes

   Result Code (CDN, StopCCN)

      The Result Code AVP contains a mandatory 2 byte result code and option 2 byte error code with option error text

      Defined Result Code values for the StopCCN message are:

         0 - Reserved
         1 - General request to clear control connection
         2 - General error--Error Code indicates the problem
         3 - Control channel already exists
         4 - Requester is not authorized to establish a control
             channel
         5 - The protocol version of the requester is not
             supported
              Error Code indicates highest version supported
         6 - Requester is being shut down
         7 - Finite State Machine error

      Defined Result Code values for the CDN message are:

         0 - Reserved
         1 - Call disconnected due to loss of carrier
         2 - Call disconnected for the reason indicated
             in error code
         3 - Call disconnected for administrative reasons
         4 - Call failed due to lack of appropriate facilities
             being available (temporary condition)
         5 - Call failed due to lack of appropriate facilities being
             available (permanent condition)
         6 - Invalid destination
         7 - Call failed due to no carrier detected
         8 - Call failed due to detection of a busy signal
         9 - Call failed due to lack of a dial tone
         10 - Call was not established within time allotted by LAC
         11 - Call was connected but no appropriate framing was
              detected

      The Error Codes defined below pertain to types of errors that are
      not specific to any particular L2TP request, but rather to
      protocol or message format errors. If an L2TP reply indicates in
      its Result Code that a general error occurred, the General Error
      value should be examined to determine what the error was. The
      currently defined General Error codes and their meanings are:

         0 - No general error
         1 - No control connection exists yet for this LAC-LNS pair
         2 - Length is wrong
         3 - One of the field values was out of range or
             reserved field was non-zero
         4 - Insufficient resources to handle this operation now
         5 - The Session ID is invalid in this context
         6 - A generic vendor-specific error occurred in the LAC
         7 - Try another.  If LAC is aware of other possible LNS
             destinations, it should try one of them.  This can be
             used to guide an LAC based on LNS policy, for instance,
             the existence of multilink PPP bundles.
         8 - Session or tunnel was shutdown due to receipt of an unknown
             AVP with the M-bit set (see section 4.2). The Error Message
             SHOULD contain the attribute of the offending AVP in (human
             readable) text form.

      When a General Error Code of 6 is used, additional information
      about the error SHOULD be included in the Error Message field.

Example debug of incomming PPP call over existing L2TP tunnel from ADSL wholesaler

Jan 14 18:34:39.785: L2TP tnl   90E61:00009703: I ICRQ, flg TLS, ver 2, len 76
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:  IETF v2:
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Assigned Call ID  0x00006867 (26727)
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Serial Number     16014329
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Bearer Type       digital(1)
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Calling Number        "BBEUXXXXXXXX"
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Phy Channel ID    3803A36B
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:
Jan 14 18:34:39.785: L2X  _____:_____:________: Create logical session
Jan 14 18:34:39.785: L2TP _____:_____:________: Create session
Jan 14 18:34:39.785: L2TP _____:_____:________:   Using ICRQ FSM
Jan 14 18:34:39.785: L2TP _____:_____:________: FSM-Sn ev created
Jan 14 18:34:39.785: L2TP _____:_____:________: FSM-Sn    Init->Idle
Jan 14 18:34:39.785: L2TP _____:_____:________: FSM-Sn do none
Jan 14 18:34:39.785: L2TP _____:_____:________:     remote ip set to IP.OF.ADSL.WHOLESALE-LAC
Jan 14 18:34:39.785: L2TP _____:_____:________:     local ip set to CP.ISP.LNS.IP
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703: FSM-CC ev Session-Conn
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703: FSM-CC    in established
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703: FSM-CC do Session-Conn-Est
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Session count now 10
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn ev CC-Up
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn    in Idle
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn do CC-Up-Ignore0-1
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Session attached
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn ev Rx-ICRQ
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn    Idle->Proc-ICRQ
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: FSM-Sn do Rx-ICRQ
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:   Chose application VPDN
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:   App type set to VPDN
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   VPDN Session count now 10
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: VPDN: process AVPs
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Set HA epoch to 0
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Local AC is now UP
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: Remote AC is now UP
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: APP<-L2TP: Incoming
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:            sock 00000000
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: L2TUN: add sock 001B7525
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007: APP->L2TP: Accept [6],
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:            sock 001B7525
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:            data 0C604070[138]
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:            replied on new socket
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:
Jan 14 18:34:39.785: L2TP _____:90E61:00005007:   App type set to VPDN
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:   Path MTU is enabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:   UDP checksum ignore is enabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:     VRF set to WHOLESALE-VRF
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:   Sequencing default tx disabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:   Sequencing default rx disabled
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:   Framing set to sync
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007:   Bearer set to none
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: no cookies enabled
Jan 14 18:34:39.785: L2TP tnl   90E61:00009703:   Session PMTU count now 10
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn ev ICRQ-OK
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn    Proc-ICRQ->Wt-Tx-ICRP
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn do Tx-ICRP-Local-Check
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn ev Local-Cont
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn    Wt-Tx-ICRP->Wt-Rx-ICCN
Jan 14 18:34:39.785: L2TP 0016F:90E61:00005007: FSM-Sn do Tx-ICRP
Jan 14 18:34:39.785: L2X        _____:________: l2x_open_socket: is called
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: Open sock CP.ISP.LNS.IP:1701->IP.OF.ADSL.WHOLESALE-LAC:1701
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn ev Sock-Ready
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn    in Wt-Rx-ICCN
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn do Ignore-Sock-Up
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: O ICRP to WHOLESALE-LAC-NAME 29409/26727
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:  IETF v2:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:   Assigned Call ID  0x00005007 (20487)
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: APP->L2TP: Setup dataplane [15],
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:            sock 001B7525
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:            data 1FBFB694[20]
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:            replied on same socket
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn ev DP-Setup
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn    in Wt-Rx-ICCN
Jan 14 18:34:39.789: L2TP 0016F:90E61:00005007: FSM-Sn do Ignore-DP-Setup
Jan 14 18:34:39.805: L2TP tnl   90E61:00009703: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0
Jan 14 18:34:39.805: L2TP tnl   90E61:00009703:
Jan 14 18:34:39.805: L2TP tnl   90E61:00009703: I ZLB ACK, flg TLS, ver 2, len 12
Jan 14 18:34:39.805: L2TP tnl   90E61:00009703:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: I ICCN, flg TLS, ver 2, len 243
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:  IETF v2:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Framing Type      sync(1)
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Connect Speed     8103000
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Initial LCPREQ    [10]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:     0x0506569F0A46010405DC
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Last Sent LCPREQ  [15]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:     0x010405DC0305C2230505063662CCE3
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Last Rx LCPREQ    [10]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:     0x0506569F0A46010405DC
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Proxy Auth Type   2
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Proxy Auth Name
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:     "[email protected]"
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Proxy Auth Chal   [16]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:     0x92372937493792749247
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Proxy Auth ID     1
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Proxy Auth Resp   [16]
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:     0x92372937493792749247
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   Rx Speed          1247000
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: O ZLB ACK to WHOLESALE-LAC-NAME 29409/26727
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn ev Rx-ICCN
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn    Wt-Rx-ICCN->Proc-ICCN
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn do Rx-ICCN
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   MTU is 65535
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Session data plane UP
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: VPDN: process AVPs
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: APP<-L2TP: Connected
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:            sock 001B7525
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn ev ICCN-OK
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn    Proc-ICCN->established
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: FSM-Sn do Established
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007: Session up
Jan 14 18:34:39.869: L2TP 0016F:90E61:00005007:   CP.ISP.LNS.IP<->IP.OF.ADSL.WHOLESALE-LAC
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: APP<-L2TP: Dataplane up
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:            sock 001B7525
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: FSM-Sn ev DP-Up
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: FSM-Sn    in established
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: FSM-Sn do Ignore-DP-UP
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007: APP->L2TP: Session updated [12],
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:            sock 001B7525
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:            data 0CB4BFC4[129]
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:            replied on same socket
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:   App type set to VPDN
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:   Sequencing default tx disabled
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:   Sequencing default rx disabled
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:   Framing set to sync
Jan 14 18:34:39.909: L2TP 0016F:90E61:00005007:   Bearer set to none
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007: APP->L2TP: Session updated [12],
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:            sock 001B7525
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:            serv 00DB8522
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:            data 23F12F58[84]
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:            replied on same socket
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:   App type set to VPDN
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:   Sequencing default tx disabled
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:   Sequencing default rx disabled
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:   Framing set to sync
Jan 14 18:34:39.913: L2TP 0016F:90E61:00005007:   Bearer set to none