Presentation is loading. Please wait.

Presentation is loading. Please wait.

Softwires L2TPv2 Hubs & Spokes for Phase I

Published byMarjory Poole Modified over 6 years ago

Similar presentations

Presentation on theme: "Softwires L2TPv2 Hubs & Spokes for Phase I"— Presentation transcript:

1 Softwires L2TPv2 Hubs & Spokes for Phase I
Maria Alice Dos Santos, Cisco Jean Francois Tremblay, Hexago Bill Storer, Cisco Jordi Palet, Consulintel Carl Williams, KDDI and others 65th IETF - Dallas, TX, USA

2 L2TPv2 VS TSP At Softwires interim meeting in Hong Kong, multiple protocols (ATS6, TSP, L2TPv2) have been proposed as the Phase I Hubs & Spokes Softwire solution At interim meeting, non-technical requirement evaluation for the proposed protocols was conducted: The two leading protocols are L2TPv2 and TSP L2TPv2 average score is 97 (rounded) TSP average score is 86 (rounded) Technical comparison between L2TPv2 and TSP has been conducted and discussed on mailing list WG selected L2TPv2 as the Phase I Hubs & Spokes solution based on the comparison results of the following categories

3 Standardization Status
L2TPv2 (RFC2661) has been standardized since 1999 RFC Layer Two Tunneling Protocol (PS) RFC RADIUS Accounting Modifications for Tunnel Protocol Support (Inf.) RFC Layer Two Tunneling Protocol "L2TP" Management Information Base (PS) RFC Securing L2TP using IPsec (PS) RFC UDP Encapsulation of IPsec ESP Packet (PS) RFC L2TP Disconnect Cause Information (PS) RFC Layer Two Tunneling Protocol Differentiated Services Extension (PS) TSP has been sent to the RFC editor as individual submission draft-vg-ngtrans-tsp-00.txt submitted in 2001 draft-blanchet-v6ops-tunnelbroker-tsp-03.txt

4 Interoperability L2TPv2 protocol has been proven by numerous independent / interoperable implementations Major Router Vendors Cisco, Juniper, Redback, Nortel, Laurel (with IPv6 support) Linux/POSIX-based OSs (GPL) Sourceforge.net, Roaring Penguin, etc CPE Implementations Linksys v6 o v4 clients have been implemented by Point6 and NTT (GPL-based) Native Microsoft Windows Client v4 o v4 client supported on all Windows v6 o v4 client supported on Vista / Longhorn (PPPv6, DHCPv6 included, to be released end of 2006) Downloadable Windows XP Client v6 o v4 client by NTT, Trumpet v6 o v4 and v4 o v6 client by SixXs (to be released in 2 months) Source Code Availability GPL: Roaring Penguin, etc Commercial Windows / Linux / Mac implementations: Paravirtual and others One TSP server implementation exists while TSP client has been implemented by multiple entities: TSP Server Hexago TSP CPE Client Draytek, Panasonic, NEC (GPL-based) Independent Implementations ENST, University of Southampton, SixXs (Windows and Unix)

5 Scalability L2TPv2 scalability has been proven in large scale commercial VPN deployments: L2TPv2 is proven to be scalable to the millions of subscribers in multiple IPv4 o IPv4 VPN deployments Upper Tens of thousands of concurrent L2TPv2 sessions on a single node (or "LNS") Call setup rates in the hundreds per second TSP scalability has yet to be demonstrated in multiple-server commercial settings: Freenet6 has 10,000 tunnels now on single server Have tested 50,000 tunnels on one broker

6 Deployment Experience
L2TPv2 Deployment Experience L2TPv2 is widely used in large scale IPv4 o IPv4 VPN commercial deployments , with AAA, Accounting and MIB well integrated in the solutions Cases in point being NTT, BT, AOL (Millions tunnels each) L2TPv2 is used in IPv6 o IPv4 deployments: Point6 NTT commercial IPv6 tunnel service TSP deployment Experience: Freenet6 TSP commercial IPv6 over IPv4 deployment since 2003 (10K tunnels) KDDI TSP trial IPv4 over IPv6 deployment (1000 tunnels) AT&T and Wanadoo trials, no numbers. NTT and DoD have on-going trials

7 OAM L2TPv2 TSP Standardized Accounting and MIB:
RFC 2867 “RADIUS Accounting extension for tunnel” (Inf.) RFC 3371 “L2TP MIB” (PS) RFC 3145 “L2TP Disconnect Cause Information” (PS) TSP has no standardized Accounting and MIB L2TPv2 uses in-band signaling (control plane in sync with data connectivity status) L2TPv2 control plane stays for the life of tunnel (tunnel maintenance supported after setup phase) TSP uses in-band signaling also TSP control plane is ephemeral; goes away after tunnel setup phase (i.e. TSP server has to tear down / re-establish tunnel if keepalive interval needs adjustment) L2TPv2 High-availability draft-ietf-l2tpext-failover-06.txt - "Fail Over extensions for L2TP "failover“

8 Authentication/Security
L2TPv2 TSP Standardized Full Tunnel Protection with IPsec (L2TPv2 o IPsec) RFC 3193 “Securing L2TP using IPsec” RFC 3948 “UDP Encapsulation of IPsec ESP Packets No security or encryption draft or standard specified for TSP L2TPv2 supports a built-in mutual tunnel authentication L2TPv2 inherits PPP per-user authentication TSP supports mutual authentication Data encapsulated in session header with tunnel / session Ids (provides better security than IP-in-IP protocol 41 encapsulation) TSP uses IP-in-IP (protocol 41) encapsulation, “easy to spoof” (RPF check is to be used)

9 L2TPv2 Phase I Hubs & Spokes Softwire Solution
L2TPv2 Hubs & Spokes Softwire framework draft to be delivered (LC) in July 2006 Document / recommend / define L2TPv2 Hubs & Spokes Softwire solution implementation specifics Examples of topics to be covered by framework draft: (credits to Jean Francois Tremblay, Jordi Palet, Ole Troan for initial list of topics) How L2TPv2 satisfies H&S Softwire requirements Deployment scenarios with L2TPv2 and other components involved in the H&S solution Standardization status of L2TPv2 and other components involved in H&S solution Provisioning models (Addresses, Prefix Delegation, DNS, etc) L2TPv2 tunnel setup / maintenance specifics in H&S solution AAA integration / infrastructure and statistics Security analysis for L2TPv2 H&S Implementation Status others?

10 IPv6 over IPv4 Softwire with L2TPv2: Case 1 – Host CPE as Softwire Initiator
LNS LAC IPv4 Dual AF Host CPE IPv6 o PPP L2TPv2 o UDP o IPv4 IPv6CP: capable of /64 interface ID assignment or uniqueness check /64 prefix RA DNS, etc DHCPv4/v6 ISP to Dual AF Host CPE Auto-Config

11 ISP to Dual AF CPE PD and Auto-Config
IPv6 over IPv4 Softwire with L2TPv2: Case 2 – CPE as Softwire Initiator LNS LAC Dual AF CPE IPv4 IPv6 o PPP L2TPv2 o UDP o IPv4 IPv6CP: capable of /64 interface ID assignment or uniqueness check /64 prefix RA /48 prefix DNS, etc /64 prefixes DHCPv6 PD RA DNS, etc DHCPv4/v6 ISP to Dual AF CPE PD and Auto-Config Dual AF CPE to Hosts Auto-Config

12 IPv6 over IPv4 Softwire with L2TPv2: Case 3 – Host behind CPE as Softwire Initiator
LNS IPv4 CPE LAC Dual AF Host IPv6 o PPP L2TPv2 o UDP o IPv4 IPv6CP: capable of /64 interface ID assignment or uniqueness check /64 prefix RA DNS, etc DHCPv4/v6 ISP to Dual AF Host Auto-Config

13 IPv6 over IPv4 Softwire with L2TPv2: Case 4 – Router behind CPE as Softwire Initiator
LNS IPv4 CPE LAC Dual AF Router IPv6 o PPP L2TPv2 o UDP o IPv4 IPv6CP: capable of /64 interface ID assignment or uniqueness check /64 prefix RA /48 prefix DNS, etc /64 prefixes DHCPv6 PD RA DNS, etc DHCPv4/v6 ISP to Dual AF Router PD and Auto-Config Dual AF Router to Hosts Auto-Config

14 ISP to Dual AF Host IP Assignment and Auto-Config
IPv4 over IPv6 Softwire with L2TPv2: Case 1 – Host CPE as Softwire Initiator LNS LAC IPv6 Dual AF Host CPE IPv4 o PPP L2TPv2 o UDP o IPv6 IPCP: assigns global IPv4 address and DNS, etc ISP to Dual AF Host IP Assignment and Auto-Config

15 IPv4 over IPv6 Softwire with L2TPv2: Case 2 – CPE as Softwire Initiator
LNS LAC Dual AF CPE IPv6 IPv4 o PPP L2TPv2 o UDP o IPv6 Private IPv4 addresses and DNS, etc. IPCP: assigns global IPv4 address and DNS, etc DHCP ISP to Dual AF CPE IP Assignment and Auto-Config Dual AF CPE to Hosts IP Assignment and Auto-Config

16 ISP to Dual AF Host IP Assignment and Auto-Config
IPv4 over IPv6 Softwire with L2TPv2: Case 3 – Host behind CPE as Softwire Initiator LNS IPv6 CPE LAC Dual AF Host IPv4 o PPP L2TPv2 o UDP o IPv6 IPCP: assigns global IPv4 address and DNS, etc ISP to Dual AF Host IP Assignment and Auto-Config

17 IPv4 over IPv6 Softwire with L2TPv2: Case 4 – Router behind CPE as Softwire Initiator
LNS IPv6 CPE LAC Dual AF Router IPv4 o PPP L2TPv2 o UDP o IPv6 Private IPv4 addresses and DNS, etc. IPCP: assigns global IPv4 address and DNS, etc DHCP ISP to Dual AF Router IP Assignment and Auto-Config Dual AF Router to Hosts IP Assignment and Auto-Config

18 IPv6 o L2TPv2 o IPv4 Today NTT Point6 Cisco
Point6 draft-toutain-softwire-point6box-00 Cisco

19 L2TPv3 proposed as Phase II Hubs & Spokes Softwire Standard
L2TPv3 is a superset of L2TPv2, with enhancements in security, scalability and flexibility for future extensions L2TPv3 RFC3991 automatic fallback to L2TPv2 allows seamless transition from L2TPv2 to L2TPv3 (Backward compatibility is key requirement for Phase II) L2TPv3 isn’t as widely implemented as L2TPv2

20 L2TPv3 for the Future IPv4 or IPv6 Header Payload PPP HDLC Frame Relay
1 2 3 4 5 6 7 8 9 IPv4 or IPv6 Header HDLC Frame Relay UDP + L2TP Version (Optional) Session ID (32 Bits) Ethernet Cookie (Up to 64 Bits, Optional) Payload ATM (Cell or Packet) MPLS IP

21 Why move to L2TPv3? Improvements with L2TPv3:
Stronger Tunnel Authentication mechanism covering all control messages rather than just portions at tunnel setup Built-in lightweight data plane security. Still works with IPsec transport mode, but the built-in cryptographically random cookie gives extra protection against blind insertion attacks More efficient header encapsulation 32-bit flat session ID, more efficient lookup in forwarding plane Runs over either IP or UDP L2TPv3 can tunnel IP directly without PPP Reduce tunnel/session setup time Reduce data encap size

22 Phase II Hubs & Spokes Softwires with L2TPv3
L2TPv3 Hubs & Spokes Softwire framework draft Investigation starts in March (in background of Phase I work) Progress will be presented in post-July 2006 Interim meeting Framework draft to be delivered (LC) in November 2006 Document / recommend / define L2TPv3 Hubs & Spokes Softwire solution implementation specifics PPP over L2TPv3 IP over L2TPv3 Additional potential items for Phase II: DHCP Integration (as an AAA mechanism in addition to RADIUS) Softwire Concentrator Auto Discovery IP over L2TPv3 solution: Investigate solution without PPP NAT Discovery Mobility and Nomadicity

23 To be continued...

Download ppt "Softwires L2TPv2 Hubs & Spokes for Phase I"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
IPv6 over xDSL: The DIODOS Proposal Athanassios Liakopoulos Greek Research & Technology Network International IPv6 Workshop, Kopaonik,

IPv6 over xDSL: The DIODOS Proposal Athanassios Liakopoulos Greek Research & Technology Network International IPv6 Workshop, Kopaonik,
W. Mark Townsley townsley@cisco.com Pseudowires and L2TPv3 W. Mark Townsley townsley@cisco.com.

W. Mark Townsley Pseudowires and L2TPv3 W. Mark Townsley
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
Softwires Hub & Spoke using L2TPv3

Softwires Hub & Spoke using L2TPv3
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
24/10/2005 1 Point6 Pôle de compétences IPv6 en Bretagne Avec le soutien de : Softwires interim meeting L2TP tunnels Laurent Toutain

24/10/ Point6 Pôle de compétences IPv6 en Bretagne Avec le soutien de : Softwires interim meeting L2TP tunnels Laurent Toutain
A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.

A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

Similar presentations

Ads by Google