3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Introduction to L2TP Protocol 105
L2TP data channel. Control message is transmitted in reliable L2TP control
channel.
Usually L2TP data is carried in UDP packets for transmission. L2TP registers the
UDP port 1701, but this port is only used for the Tunnel setup at the early stage.
L2TP Tunnel initiator selects an arbitrary port from available ones (unnecessarily
being 1701) and forwards packets to 1701 port of the receiver. After the receiver
receives the packets, it also selects a free port randomly (unnecessarily being 1701)
and forwards packets again to the specified port of the initiator. Thus, ports of the
two sides are determined. They will remain unchanged until the Tunnel connection
is disconnected.
2 Definitions of Tunnel and session
There are two kinds of connections between LNS-LAC pairs: Tunnel connection
and Session connection. Tunnel connections define pairs of LNS and LAC while
Session connections are multiplexed in a Tunnel connection to present PPP
sessions in it. Several L2TP Tunnels can be created between a LNS-LAC pair, which
consist of a control connection, and one or several Sessions. Session connections
can be set up only after Tunnels are created successfully (including such
information exchange as ID protection, L2TP version, frame type, hardware
transmission type, etc.). Each session connection corresponds to a PPP data stream
between LAC and LNS. Both control messages and PPP data packets are
transmitted in the Tunnels.
L2TP uses Hello packets to check the connectivity of a Tunnel. LAC and LNS
forward Hello packets to peer ends at regular intervals. If no response to Hello
packet is received in a certain period of time, the session will be cleared.
3 Definitions of control message and data message
There are two kinds of messages in L2TP: control messages and data messages.
Control messages are used for the setup, maintenance and transmission control of
Tunnel and session connections, while data messages are for PPP frame
encapsulation and transmission in Tunnels. The transmission of control messages is
reliable, delivering flow and congestion control. On the contrary, the transmission
of data messages is unreliable, meaning it lacks mechanisms of retransmission,
flow control, and congestion control.
Control messages and data messages share the same type of packet headers.
Tunnel ID and Session ID are included in L2TP packet header, to identify different
Tunnels and sessions. The packets with the same Tunnel ID but different Session
IDs will be multiplexed in the same Tunnel. Tunnel ID and Session ID in the packet
header are assigned by peer ends.
Two typical L2TP Tunnel modes
The following figure shows the Tunnel modes available between remote system or
LAC clients (hosts running L2TP) and LNS: