- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - The Layer 2 Tunneling Protocol (L2TP) is a standard protocol for tunneling L2 traffic over an IP network. Its ability to carry almost any L2 data format over IP or other L3 networks makes it particularly useful. But L2TP remains little-known outside of certain niches, perhaps because early versions of the specification were limited to carrying PPP -- a limitation that is now removed.
It is desirable to tunnel L2 traffic over routed L3 networks because L2 networks are generally more transparent, easier to configure and easier to manage than L3 networks. These are desirable properties for a range of applications. In data centers, a flat network is essential for promoting virtual machine (VM) mobility between physical hosts. In companies with multiple premises, the sharing of infrastructure and resources between remote offices can be simplified by L2 tunneling.
The L2TP protocol itself is an open standard defined by the IETF. This article concentrates on the latest Version 3 of the specification, which describes tunneling multiple L2 protocols over various types of packet-switched networks (PSN). The standard discusses tunneling over IP, UDP, Frame Relay and ATM PSNs.
[ IN DEPTH: Complete guide to network virtualization ]
An L2TP connection comprises two components: a tunnel and a session. The tunnel provides a reliable transport between two L2TP Control Connection Endpoints (LCCEs) and carries only control packets. The session is logically contained within the tunnel and carries user data. A single tunnel may contain multiple sessions, with user data kept separate by session identifier numbers in the L2TP data encapsulation headers.
Conspicuously absent from the L2TP specification are any security or authentication mechanisms. It is typical to deploy L2TP alongside other technologies, for example IPSec, to provide these features. This gives L2TP the flexibility to interoperate with various different security mechanisms within a network.
The four use cases discussed below illustrate how L2TP works in a variety of scenarios, from simple point-to-point links to large networks. Whether you're running a single-site corporate LAN or a complicated multi-site network, L2TP has the scalability to fit into your architecture.
Today, with diverse mobile devices used throughout businesses, and pervasive availability of broadband in the home, most corporate networks must provide remote access as a basic necessity. Virtual private network (VPN) technologies are an essential part of meeting that need.
Since L2TP doesn't provide any authentication or encryption mechanisms directly, both of which are key features of a VPN, L2TP is usually paired with IPSec to provide encryption of user and control packets within the L2TP tunnel. Figure 1 shows a simplified VPN configuration. Here the corporate network on the right contains an L2TP Network Server (LNS) providing access to the network. Remote workers and mobile devices may join the corporate network via IPSec-secured L2TP tunnels over any intermediate network (most likely the Internet).
Clients attaching to the VPN will often run L2TP and IPSec software directly. It is normally unnecessary to install extra software in client systems to communicate with an L2TP VPN server: L2TP VPN software is provided with Windows, OS X, iOS, Android and Linux systems.