Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
221222223224225226227228229230
219
LAC—An L2TP access concentrator (LAC) is a device with PPP and L2TP capabilities. It is usually a
NAS located at a local ISP, which provides access services mainly for PPP users.
An LAC is an endpoint of an L2TP tunnel and lies between an LNS and a remote system. It
encapsulates packets received from a remote system using L2TP and then sends the resulting
packets to the LNS. It de-encapsulates packets received from the LNS and then sends the resulting
packets to the intended remote system.
Usually, a PPP link is used in a VPDN application.
LNS—An L2TP network server (LNS) functions as both the L2TP server and the PPP end system. It is
usually an edge device on an enterprise network.
An LNS is the other endpoint of an L2TP tunnel and is a peer to the LAC. It is the logical termination
point of a PPP session tunneled by the LAC. The L2TP extends the termination point of a PPP session
from a NAS to an LNS, logically.
L2TP message types and encapsulation structure
L2TP supports the following types of messages:
Control messages—Used to establish, maintain, and delete tunnels and close sessions. Control
messages are transmitted over a reliable control channel, which supports flow control and
congestion control.
Data messages—Used to encapsulate PPP frames and transmit the frames over a tunnel. Data
messages are transmitted over an unreliable data channel that lacks flow control and congestion
control, and retransmission mechanisms.
Control messages and data messages share the same header format. The Type field in the L2TP header
identifies whether a message is a control message or a data message.
Figure 150 sh
ows the relatio
nship between the PPP frame, control channel, and data channel. PPP frames
are transferred over unreliable L2TP data channels. Control messages are transferred within reliable L2TP
control channels.
Figure 150 L2TP architecture
Figure 151 L2TP packet encapsulation structure
Figure 151 depicts the encapsulation structure of an L2TP data packet between the LAC and the LNS.
Usually, L2TP data is transferred as UDP packets. The well-known UDP port for L2TP is 1701, though this
is only used in the tunnel creation stage. The L2TP tunnel initiator selects an idle port (not necessarily 1701)
to send a packet to port 1701 of the receiver. After receiving the packet, the receiver also selects an idle
port (not necessarily 1701 either) to return a packet to the specified port of the initiator. Then, the two
parties use the negotiated ports to communicate until the tunnel is disconnected.