store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
L2TP
Layer 2 Tunneling Protocol – L2TP packet structure
Variable length (Max payload size = Max size of UDP packet ? size of L2TP header)
Layer 2 Tunneling Protocol – L2TP packet exchange
At the time of setup of L2TP connection, many control packets are exchanged between server and client to establish tunnel and session for each direction. One peer requests the other peer to assign a specific tunnel and session id through these control packets. Then using this tunnel and session id, data packets are exchanged with the compressed PPP frames as payload.
Layer 2 Tunneling Protocol – L2TP packet exchange
The list of L2TP Control messages exchanged between LAC and LNS, for handshaking before establishing a tunnel and session in voluntary tunneling method are
Layer 2 Tunneling Protocol – L2TP/IPsec
Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:
Layer 2 Tunneling Protocol – L2TP/IPsec
Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA’s secure channel, within the IPsec encryption. L2TP uses UDP port 1701.
Layer 2 Tunneling Protocol – L2TP/IPsec
When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.
Layer 2 Tunneling Protocol – L2TP/IPsec
A potential point of confusion in L2TP/IPsec is the use of the terms tunnel and secure channel. The term tunnel refers to a channel which allows untouched packets of one network to be transported over another network. In the case of L2TP/PPP, it allows L2TP/PPP packets to be transported over IP. A secure channel refers to a connection within which the confidentiality of all data is guaranteed. In L2TP/IPsec, first IPsec provides a secure channel, then L2TP provides a tunnel.
Layer 2 Tunneling Protocol – L2TP in ISPs’ networks
See example of reseller ISPs using L2TP.
L2TPv3
‘Layer 2 Tunneling Protocol Version 3’ is an IETF standard related to Layer 2 Tunneling Protocol|L2TP that can be used as an alternative protocol to Multiprotocol Label Switching (MPLS) for encapsulation (networking)|encapsulation of Multiprotocol Encapsulation|multiprotocol Layer 2 communications traffic over Internet Protocol|IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service, but scaled to fit carrier requirements.
L2TPv3
The communications protocol|protocol Engineering overhead|overhead of L2TPv3 is also significantly bigger than MPLS.
L2TPv3 – Implementations
*[http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/l2tpv30s.html Cisco]
L2TPv3 – Implementations
*[http://www.kernel.org/doc/Documentation/networking/l2tp.txt Linux]
L2TP
In computer networking, ‘Layer 2 Tunneling Protocol’ (‘L2TP’) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.IETF (1999), RFC 2661, Layer Two Tunneling Protocol L2TP
L2TP – History
L2TPv3 provides additional security features, improved encapsulation, and the ability to carry data links other than simply Point-to-Point Protocol|PPP (PPP) over an IP network (e.g., Frame Relay, Ethernet, Asynchronous Transfer Mode|ATM, etc.).
L2TP – Description
The entire L2TP packet, including Payload (computing)|payload and L2TP Header (computing)|header, is sent within a User Datagram Protocol (UDP) datagram. It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec (discussed below).
L2TP – Description
Maximum transmission unit|MTU should be considered when implementing L2TP.
L2TP – Description
The packet (information technology)|packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.
L2TP – Description
L2TP allows the creation of a virtual private dialup network (VPDN)http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094586.shtml to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider’s network.
L2TP – Tunneling models
An L2TP tunnel can extend across an entire PPP session or only across one segment of a two-segment session. This can be represented by four different tunneling models, namely:
L2TP – Tunneling models
L2TP – L2TP packet structure
;Payload data: Variable length (Max payload size = Max size of UDP packet ? size of L2TP header)
L2TP – L2TP/IPsec
:#Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA’s secure channel, within the IPsec encryption. L2TP uses UDP port 1701.
L2TP – L2TP/IPsec
A potential point of confusion in L2TP/IPsec is the use of the terms ‘tunnel’ and ‘secure channel’. The term ‘tunnel’ refers to a channel which allows untouched packets of one network to be transported over another network. In the case of L2TP/PPP, it allows L2TP/PPP packets to be transported over IP. A ‘secure channel’ refers to a connection within which the confidentiality of all data is guaranteed. In L2TP/IPsec, first IPsec provides a secure channel, then L2TP provides a tunnel.
L2TP – Windows implementation
Windows Vista provides two new configuration utilities that attempt to make using L2TP without IPsec easier, both described in sections that follow below:
For More Information, Visit: