|
|
This feature module describes scalability enhancements to the Layer 2 Tunnel Protocol (L2TP) feature. It includes information on the benefits of the enhancements, supported platforms, related documents, and new commands.
This document includes the following sections:
The L2TP scalability enhancements are included in Cisco IOS Release 12.0(7) DC. Defined by RFC 2661, L2TP is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). For a description, benefits, restrictions, and configuration information for L2TP, see the Cisco IOS Release 12.0(1) T Layer 2 Tunnel Protocol feature module.
By improving L2TP control connection processing and virtual template cloning, these enhancements provide resilience to dropouts between the L2TP access concentrator (LAC) and L2TP network server (LNS).
Numerous changes were made in the way PPP sessions and L2TP tunnels were handled, providing support for up to 2000 PPPoA or PPPoE sessions and up to 300 tunnels. Consult the Cisco IOS Release Notes for the latest details on session and tunnel scalability.
Virtual access interfaces at the LNS are allocated, or precloned, at system start. This significantly reduces the load on the system during call setup.
The default number of control channel retransmissions is increased from 5 to 10. Also, the retransmission timeouts now follow an exponential backoff up to 8 seconds (such as 1, 2, 4, 8, 8, 8 seconds) rather than a fixed 1-second interval. A new command enables you to change control channel retransmission parameters, including the number of retries and the minimum and maximum retransmission timeouts.
L2TP control packets now use Cisco Express Forwarding (CEF) and fast switching for sequence number updates. This allows for fast acknowledgment of packets and reduces the number of retransmissions during high call rate situations.
By increasing the local control channel receive window size (RWS), incoming control messages can be acknowledged and waiting on the recipient's queue, instead of waiting on the peer's queue. This enables the system to open PPP sessions more quickly. The default local RWS has been increased from 4 packets to a platform-dependent value (3000 packets on the Cisco 6400 NRP), and a new command enables you to set this size.
The total number of precloned interfaces must not exceed 3000 on the Cisco 6400 node route processor (NRP).
The L2TP Scalability Enhancements feature is related to the existing L2TP feature, which is documented in the Layer 2 Tunnel Protocol feature module.
The Layer 2 Tunnel Protocol scalability enhancements are supported on the node route processor (NRP) of the Cisco 6400 UAC.
No new or modified RFCs are supported by these feature enhancements.
To support over 1000 sessions, you must enable Cisco Express Forwarding (CEF) with the ip cef global configuration command. For more information on CEF, see the "Cisco Express Forwarding" chapter of the Cisco IOS Switching Services Configuration Guide .
Cisco recommends at least 128 MB of DRAM on the Cisco 6400 NRP while using these feature enhancements.
Cisco recommends that you simultaneously run Cisco IOS Release 12.0(7) DB on the NSP while using these enhancments.
See the following sections for configuration tasks for the L2TP scalability enhancements. Each task in the list indicates if the task is optional or required.
To accommodate more incoming control messages in the queue, set the maximum number of packets to a high value (at least 1000 packets on the Cisco 6400). Use the following steps on the interfaces between the LAC and LNS, beginning in global configuration mode.
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 |
To display the current hold queue setting and the number of packets discarded because of hold queue overflows, use the EXEC command show interfaces.
Precloning virtual access interfaces at the LNS reduces the load on the system during call setup. Use the following commands to preclone a virtual access interface, beginning in global configuration mode.
| Command | Purpose | |
|---|---|---|
| Step 1 | Specify the number of virtual access interfaces to be created and cloned from a specific virtual template. |
 |
Note The precloning operation might take a long time to complete (on the order of minutes for a large number of interfaces). Avoid incoming calls at the LNS until precloning is finished. You can monitor the precloning operation with the show vtemplate privileged EXEC command. |
To check the successful precloning of virtual access interfaces, use the privileged EXEC command show vtemplate.
By default, the system uses 10 L2TP tunnel control channel retransmission attempts. To change the number of retries, use the following commands beginning in global configuration mode.
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 |
To check the configured number of retransmission attempts, use the EXEC command show running-config. To check general control channel retransmission parameters, use the privileged EXEC command show vpdn tunnel all.
Control channel retransmissions follow an exponential backoff, starting at the minimum retransmission timeout, and ending at the maximum retransmission timeout. Use the following commands to change the timeout lengths beginning in global configuration mode.
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 | ||
| Step 3 | Specify the maximum timeout (up to 8 seconds) for retransmissions. |
To determine the best minimum and maximum timeouts for a given topology, use the privileged EXEC command show vpdn tunnel all. Check the displayed retransmit time distribution.
Each value corresponds to the number of retransmissions at 0, 1, 2,..., 8 seconds, respectively, displaying a histogram of all tunnel retransmission times.
To check the configured control channel retransmission timeouts, use the EXEC command show running-config. To check general control channel retransmission parameters, use the privileged EXEC command show vpdn tunnel all.
The default local receive window size (RWS) is now 3000 packets for a Cisco 6400 NRP. This allows the L2TP control channel to send requests as fast as possible. To change the local RWS, use the following commands beginning in global configuration mode.
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 | ||
| Step 3 | ||
| Step 4 | ||
| Step 5 |
To display the local RWS, use the privileged EXEC command show vpdn tunnel all.
The tunnel timeout dictates how long a tunnel lingers after all of its sessions are gone. This feature is useful if you expect sessions to come back immediately, or if you plan to examine the tunnel status after the sessions have died. The default tunnel timeout is 10 seconds for an LNS and 15 seconds for a LAC. To set the L2TP tunnel timeout, use the following commands beginning in global configuration mode.
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 |
To check the configured tunnel timeout, use the EXEC command show running-config.
To troubleshoot VPDN and L2TP, use the privileged EXEC command debug vpdn. For sample output of debug vpdn, see the "Debug Examples" section in the Layer 2 Tunnel Protocol feature module.
You can also use the privileged EXEC command show vpdn tunnel all, which contains new information for these L2TP scalability enhancements. The new fields are described in Table 1.
The following privileged EXEC commands will help you monitor and maintain VPDNs using L2TP tunnels:
For general L2TP configuration examples, see the Layer 2 Tunnel Protocol feature module.
The following example shows a configuration implementing the L2TP scalability enhancements. The input hold queue limit on an ATM interface is set to 1200, and virtual template 1 is used to preclone 2000 virtual access interfaces. VPDN group 1 is set to use 7 retransmission attempts, with the retransmission timeouts beginning at 2 seconds and ending at 4 seconds, and the L2TP tunnel timeout is set to 10 seconds. The local RWS is set to 500 packets.
This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
To set the control channel retransmission parameters, use the l2tp tunnel retransmit VPDN group command. To disable a parameter setting, use the no form of this command.
Syntax Description
Defaults
Command Modes
Command History
Usage Guidelines
Control channel retransmissions follow an exponential backoff, starting at the minimum retransmit timeout length, and ending at the maximum retransmit timeout length (up to 8 seconds). For example, if the minimum timeout length is set to 1 second, the next retransmission attempt occurs 2 seconds later. The following attempt occurs 4 seconds later, and all additional attempts occur in 8-second intervals.
Examples
The following example configures 8 retransmission attempts, with the minimum timeout length set at 2 seconds, and the maximum timeout length set at 4 seconds:
To set the local control channel receive window size (RWS), use the l2tp tunnel receive-window VPDN group command.
Syntax Description
Defaults
The default local RWS is platform dependent. For the Cisco 6400 NRP, the local RWS is 3000 packets.
Command Modes
Command History
Usage Guidelines
The local RWS determines the number of L2TP control packets that can be queued by the system for processing, and the new default local RWS is considerably larger than the value outlined in RFC 2661. While a large RWS enables the system to open PPP sessions more quickly, a smaller RWS is useful on networks that cannot handle large bursts of traffic.
Examples
The following example sets the local RWS to 500 packets:
To display a list of all configured virtual templates, use the show vtemplate privileged EXEC command.
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default behavior or values.
Command Modes
Command History
Examples
In the following example, precloning is on for Virtual-Template 1, 250 virtual access interfaces have been precloned, and 249 virtual access interfaces are available for new L2TP sessions. Only one virtual access interface is in use by L2TP, and no virtual access interfaces were cloned during call setup.
Table 2 describes the fields shown in the example.
call—An attempted connection between a remote system and LAC, such as a telephone call through the PSTN. An incoming or outgoing call that is successfully established between a remote system and LAC results in a corresponding L2TP session within a previously established tunnel between the LAC and LNS.
cloning—Creating and configuring a virtual access interface by applying a specific virtual template interface. The template is the source of the generic user information and router-dependent information. The result of cloning is a virtual access interface configured with all the commands in the template.
control messages—Signaling messages that provide the control of setup, maintenance, and tear down of L2TP sessions and tunnels.
L2TP—Layer 2 Tunnel Protocol. An Internet Engineering Task Force (IETF) standards track protocol defined in RFC 2661 that provides tunneling of PPP. Based upon the best features of L2F and PPTP, L2TP provides an industry-wide interoperable method of implementing VPDN.
L2TP access concentrator—See LAC.
L2TP session—Communications transactions between the LAC and LNS that support tunneling of a single PPP connection. There is a one-to-one relationship among the PPP connection, L2TP session, and L2TP call.
LAC—L2TP access concentrator. A node that acts as one side of an L2TP tunnel endpoint and is a peer to the L2TP network server (LNS). The LAC sits between an LNS and a remote system and forwards packets to and from each. Packets sent from the LAC to the LNS requires tunneling with the L2TP protocol as defined in this document. The connection from the LAC to the remote system is either local or a PPP link.
LNS—L2TP network server. A node that acts as one side of an L2TP tunnel endpoint and is a peer to the L2TP access concentrator (LAC). The LNS is the logical termination point of a PPP session that is being tunneled from the remote system by the LAC. Analogous to the Layer 2 Forwarding (L2F) home gateway (HGW).
Layer 2 Tunnel Protocol—See L2TP.
NAS—Network access server. A device providing local network access to users across a remote access network such as the PSTN. A NAS can also serve as a LAC, LNS, or both.
network access server—See NAS.
Point-to-Point Protocol—See PPP.
Point-to-Point Tunneling Protocol—See PPTP.
PPP—Point-to-Point Protocol. A protocol that encapsulates network layer protocol information over point-to-point links. PPP is defined in RFC 1661.
PPTP—Point-to-Point Tunneling Protocol. Microsoft's Point-to-Point Tunneling Protocol. Some of the features in L2TP were derived from PPTP.
precloning—Cloning a specified number of virtual access interfaces from a virtual template at system startup or when the command is configured.
remote system—An end-system or router that is attached to a remote access network and that is either the initiator or recipient of a call.
tunnel—A virtual pipe between the LAC and LNS that can carry multiple L2TP sessions.
virtual access interface—Instance of a unique virtual interface that is created dynamically and exists temporarily. Virtual access interfaces can be created and configured differently by different applications, such as virtual profiles and virtual private dialup networks. Virtual access interfaces are cloned from virtual template interfaces
Virtual Private Dialup Networking—See VPDN.
VPDN—Virtual Private Dialup Networking. A system that permits the physical dialup connection to appear to be connected directly to a home network while actually residing elsewhere on the network. A virtual pipe is connected between the physical dialup connections and the termination point at the home network.
virtual template interface—A logical interface configured with generic configuration information for a specific purpose or configuration common to specific users, plus router-dependent information. The template takes the form of a list of Cisco IOS interface commands that are applied to virtual access interfaces, as needed.
Posted: Fri Jan 17 01:45:58 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.