Network Working Group Reinaldo Penno
Internet-Draft Nortel Networks
Expires Feb 2003 Vipin Jain
Pipal Systems
Steve McGeown
Sandvine Inc.
Ly Loi
Tahoe Networks
Marc Eaton-Brown
Devoteam FrontRunner
August 2002
L2TP Tunnel Switching
draft-ietf-l2tpext-tunnel-switching-03.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The distribution of this memo is unlimited. It is filed as <draft-
ietf-l2tpext-tunnel-switching-03.txt> and expires Feb 2003. Please
send comments to the L2TP mailing list (l2tpext@ietf.org).
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
L2TP Tunnel Switching, also called L2TP Multihop, is the process of
forwarding layer2 payload from an L2TP session to another L2TP
session over a different tunnel. It facilitates moving the logical
termination point of an L2TP session, based on layer2 characteristics
or administrative policies, to a different LNS. This document
introduces the L2TP tunnel switching nomenclature, defines the
behavior of standard AVPs [L2TP] in tunnel switching deployment, and
proposes protocol extensions for inter-operable tunnel switching
implementation.
Jain, et al. expires Feb 2003 [Page 1]
INTERNET DRAFT L2TP Tunnel Switching August 2002
Contents
Status of this Memo.......................................... 1
1. Introduction.............................................. 2
2. Purpose of tunnel switching............................... 3
3. Handling standard AVPs.................................... 4
4. Proposed Extensions for tunnel switching.................. 7
5. StopCCN/CDN Messages and L2TP tunnel Switching............ 8
6. IANA Considerations....................................... 9
7. Security Considerations................................... 9
8. Authors Addresses......................................... 9
9. Acknowledgments........................................... 10
10. References............................................... 10
Appendix A................................................... 11
Terminology
Tunnel Switching Aggregator (TSA): These are the devices that switch
the layer2 data on an incoming L2TP session/tunnel on to another L2TP
session/tunnel. TSA functions as an LNS for the inbound tunnel and as
a LAC for the outbound tunnel.
Inbound Tunnel: L2TP Control Connection on TSA where TSA is acting as
LNS.
Outbound Tunnel: L2TP Control Connection on TSA where TSA is acting
as LAC.
1. Introduction
[L2TP] allows processing of layer2 packets to be divorced from the
termination of the layer2 circuit. L2TP tunnel switching facilitates
moving the termination point of a layer2 session further on to
another LNS that potentially is unknown to the first LAC. It does so
by re-tunnelling the layer2 session within another L2TP tunnel to a
different LNS. The knowledge of whether to switch a layer2 session to
Jain, et al. expires Feb 2003 [Page 2]
INTERNET DRAFT L2TP Tunnel Switching August 2002
another L2TP tunnel can be static or dynamic (for example during PPP
session is establishment).
L2 User LAC TSA LNS
[LNS LAC]
|---- L2-----|
|---- L2/L2TP ----|
|-- L2 --|
|----- L2/L2TP -----|
|------ tunnel switching ----|
The figure above presents a typical tunnel switching scenario for
incoming calls. The user opens a layer2 (for example PPP) session
to a LAC, which puts the layer2 session into a L2TP tunnel that
terminates on a TSA. The TSA being LNS, based on local policies
determines which tunnel should be used to further tunnel the
layer2 session. The same layer2 session is switched onto another L2TP
tunnel originating on the TSA and terminating on the LNS. If
the TSA decides to terminate the layer2 session it will not
re-tunnel the packet.
2. Purpose of tunnel switching
Tunnel switching enables higher administrative control on how layer2
sessions are engineered in L2TP deployments.
- L2TP tunnel switching divorces the location of the LAC that
implements administrative policies. A LAC may not always have the
administrative control/capability to know whether the LNS that
would be most appropriate to terminate a layer2 session handling.
For example, PC based LACs might not be aware of the service
provider's policies. In some cases it may not be desirable
to expose such policies to a LAC that resides on the
customer premises, whereas in other situations a LAC might not such
exhibit rich functionality. Local policies could be based on
traffic (to balance the traffic across multiple LNSs), class of
service (to allow preferred sessions onto distinguished LNSs), or
layer 2 parameters (to direct traffic for different ISPs to different
LNS, for example based on PPP user information).
- There are situations where the administrative domain of a LAC, such
as a Local Exchange Carrier (LEC) or Competitive Local Exchange
Carrier (CLEC), are not the same as that of an LNS, and often are the
Internet Service Provider (ISP) terminating the subscriber's layer2
connections. In such situations, a tunnel switched multi tier
deployment helps the Carrier.
Jain, et al. expires Feb 2003 [Page 3]
INTERNET DRAFT L2TP Tunnel Switching August 2002
(ILEC or CLEC) hide its internal network connectivity from the
ISPs. It eases the configuration/manageability across different
administrative domains. For example, for every new LAC added in
the Carrier's network, an ISPs do not need to reconfigure their LNSs.
Since for them the LAC could always be the TSA.
- Layer2 sessions wholesaling: L2TP tunnel switching allows using a
common L2TP control connection on the LAC for sessions that are
eventually destined to different LNSs (ISPs). This enables the
wholesaler to bundle layer2 sessions belonging different ISPs on
to a single tunnel. It would be administratively easier to manage
this flat configuration.
3. Handling standard AVPs
This section defines the behavior of AVPs defined in [L2TP]
on TSA, as to whether they should be RELAYED, DROPPED or REGENERATED.
RELAYED AVPs are forwarded transparently only if they are present in
the incoming message.
DROPPED AVPs are the dropped if present in the incoming message.
REGENERATED AVPs are the AVPs that are dropped on an inbound tunnel
and are regenerated as defined by [L2TP] for an outbound tunnel as
if there was no tunnel switching, possibly resulting in the same
value.
For some AVPs, to get a value to be RELAYED, the TSA might be
required to defer sending a reply to a message on an inbound
(or outbound) tunnel until it gets the reply for a corresponding
request on outbound (or inbound) tunnel.
Message Type (All Messages) - MUST be REGENERATED
Random Vector (All Messages) - MUST be REGENERATED
Result Code (CDN, StopCCN) - SHOULD be REGENERATED based on
recommendations discussed in section 5.
Protocol Version (SCCRQ, SCCRP) - MUST be REGENERATED. This
would allow TSA to switch sessions when inbound and outbound
tunnels use different versions of the L2TP protocol.
Framing Capabilities (SCCRQ, SCCRP) - On outbound tunnels, the
TSA SHOULD REGENERATE this AVP based upon Framing Capabilities
Jain, et al. expires Feb 2003 [Page 4]
INTERNET DRAFT L2TP Tunnel Switching August 2002
of one or more inbound tunnels whose sessions could be switched
to the outbound tunnel. Similarly, the inbound tunnel AVP SHOULD
be REGENERATED by the TSA based upon the Framing Capabilities of
the outbound tunnel.
Bearer Capabilities (SCCRQ, SCCRP) - For the outbound tunnel,
the AVP SHOULD be REGENERATED based upon Bearer Capabilities of
one or more inbound tunnels whose sessions may be switched to
the outbound tunnel. Similarly, the inbound tunnel AVP SHOULD be
REGENERATED by the TSA based upon the Bearer Capabilities of the
outbound tunnel.
Tie Breaker (SCCRQ) - MUST be REGENERATED
Firmware Revision (SCCRP, SCCRQ) - MUST be REGENERATED.
Host Name (SCCRP, SCCRQ) - MAY be RELAYED, REGENERATED, or
DROPPED.
Vendor Name (SCCRP, SCCRQ) - SHOULD be REGENERATED.
Assigned tunnel ID (SCCRP, SCCRQ, StopCCN) - MUST be REGENERATED.
Receive Window Size (SCCRQ, SCCRP) - MUST be REGENERATED.
For example the value of this AVP could be choosen based on
Receive Window Sizes of the tunnels the TSA is going to be
switching sessions to. Appendix A has more information on
congestion control in L2TP tunnel switching environments.
Challenge (SCCRP, SCCRQ) - MUST be REGENERATED.
Challenge Response (SCCCN, SCCRP) - MUST be REGENERATED.
Q.931 Cause Code (CDN) - MUST NOT be REGENERATED and can only be
RELAYED or DROPPED.
Assigned Session ID (CDN, ICRP, ICRQ, OCRP, OCRQ) - MUST be
REGENERATED.
Call Serial Number (ICRQ, OCRQ) - SHOULD be RELAYED. It would
best serve the intended purpose of this AVP and facilitate easier
debugging.
Minimum BPS (OCRQ) - MUST be RELAYED.
Maximum BPS (OCRQ) - MUST be RELAYED.
Jain, et al. expires Feb 2003 [Page 5]
INTERNET DRAFT L2TP Tunnel Switching August 2002
Bearer Type (ICRQ, OCRQ) - MUST be RELAYED.
Framing Type (ICCN, OCCN, OCRQ) - MUST be RELAYED.
Called Number (ICRQ, OCRQ) - SHOULD be RELAYED.
Calling Number (ICRQ) - SHOULD be RELAYED.
Sub-Address (ICRQ, OCRQ) - SHOULD be RELAYED.
(Tx) Connect Speed (ICCN, OCCN) - MUST be RELAYED
Rx Connect Speed (ICCN, OCCN) - MUST be RELAYED
Physical Channel ID (ICRQ, OCRP) - MAY be RELAYED, REGENERATED,
or DROPPED.
Private Group ID (ICCN) - MAY be RELAYED, REGENERATED, or
DROPPED.
Sequencing Required (ICCN, OCCN) - SHOULD be REGENERATED.
Initial Received LCP CONFREQ (ICCN) - MUST NOT be REGENERATED and
can only be RELAYED or DROPPED. Proxy LCP AVPs (Initial Received
LCP CONFREQ, Last Sent LCP CONFREQ and Last Received LCP CONFREQ)
MUST be either all DROPPED or all RELAYED.
Last Sent LCP CONFREQ (ICCN) - MUST NOT be REGENERATED.
Last Received LCP CONFREQ (ICCN) - MUST NOT be REGENERATED.
Proxy Authen Type (ICCN) - MUST NOT Be regenerated and can only be
RELAYED or DROPPED. Proxy Authentication AVPs (Proxy Authen
Name AVP, Proxy Authen Challenge Proxy Authen ID and Proxy
Authen Response AVP) MUST be either all DROPPED or all RELAYED.
Proxy Authen Name (ICCN) - MUST NOT be REGENERATED.
Proxy Authen Challenge (ICCN) - MUST NOT be REGENERATED.
Proxy Authen ID (ICCN) - MUST NOT be REGENERATED.
Proxy Authen Response (ICCN) - MUST NOT be REGENERATED.
Call Errors (WEN) - MUST NOT be REGENERATED.
ACCM (SLI) - MUST NOT be REGENERATED.
PPP Disconnect Cause AVP (defined by [RFC 3145]) - MUST NOT be
REGENERATED.
Jain, et al. expires Feb 2003 [Page 6]
INTERNET DRAFT L2TP Tunnel Switching August 2002
4. Proposed Extensions for tunnel switching
In this section we present new AVPs that simply permits
enhanced and interoperable tunnel switching support. Additionally
proposing to solve some trade-offs that arise by deploying
L2TP tunnel switching.
4.1 Tunnel Capacity AVP (All Messages)
The tunnel Capacity AVP, Attribute Type TBD, indicates the
sesion capacity of the sender over an L2TP control connection.
LAC/LNS could interpret this AVP to know if the peer it is
connected to has capacity of receive any more sessions.
The absolute value in this AVP is opaque to the peer,
however relative (current to maximum) could be interpreted
as a measure of peer's capacity. It could be an indicative
of bandwidth, session capacity, administrative limit, etc.
The Attribute Value field for this AVP has the following format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPN Length | Service Profile Name ... (arbitrary length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Maximum Capacity |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Current Capacity |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Service Profile Name is a configured (e.g. ISP or Domain name)
unique name between the TSA and its peer. It is up to 256 bytes
long, but MUST be at least 1 octet. It is assumed that a tunnel
might carry sessions for multiple Service Profiles and this AVP
allows specifying the capacity for a Service Profile.
The Maximum Capacity indicates the maximum (reference) capacity of
the TSA for a service profile. Its value is opaque to the TSA's
peer. For example, an implementation could choose to use this to
be an indicative of maximum number of sessions, maximum bandwidth,
etc.
The Current Capacity indicates the current capacity of the TSA.
Like Maximum Capacity AVP its value is also opaque to the TSA's
peer. The value of this AVP indicates the relatively (relative to
Maximum Capacity) how many more sessions the TSA could handle.
This AVP MAY be hidden (the H-bit can be either 0 or 1). The M-bit
for this AVP MUST be set to 0.
Jain, et al. expires Feb 2003 [Page 7]
INTERNET DRAFT L2TP Tunnel Switching August 2002
4.2 TSA ID AVP (ICRQ, OCRQ)
The TSA ID AVP, Attribute Type TBD, could be used to detect if a
session is looping in an L2TP tunnel switched network. This AVP
would occur as many times as the number of TSAs in the network. It
is inserted by TSA while generating an ICRQ or OCRQ when it
switches a session. All incoming TSA ID AVPs MUST be copied
unaltered to the REGENERATED ICRQ or OCRQ.
The TSA SHOULD check to see if its own Hostname and IP Addresses
is present in one of the TSA ID AVP. If it does then it MUST
respond with a CDN carrying a Result Code AVP indicating Result
Code to be 'General Error', Error Code indicating 'Loop Detected'
TBD, and optionally a description indicating the loop condition.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HN Length | HostName ... (arbitrary length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IP address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Hostname MUST be the same as that used on the Hostname AVP
when the tunnel was established.
The IP address field represents the TSA's IPv4 address on a tunnel
where a session is being switched to.
This AVP MAY be hidden (the H-bit can be either 0 or 1). The M-bit
for this AVP MUST be set to 0.
5. StopCCN/CDN Messages and L2TP tunnel Switching
The administrative policies on the TSA would always supersede how a
TSA should be interpreting or not interpreting the CDN/StopCCN
messages generated by it's peer.
However, the recommended behavior is that, if a TSA receives a
StopCCN/CDN message from a peer, it SHOULD convey the same message
received on inbound or outbound tunnel. The Result Code AVP, which is
an indicative of the type of error, should be relayed as well. The
following sections recommends the more specific situations and on how
the StopCCN/CDN Error Codes are to be interpreted.
Jain, et al. expires Feb 2003 [Page 8]
INTERNET DRAFT L2TP Tunnel Switching August 2002
5.1 TSA receiving CDN Error Code-7 from an LNS
The TSA should try to establish the session on one of the
remaining LNS peers as determined by the configured policies on
the TSA - if there are none available it should generate a CDN
message for the LAC with the Error Code-7.
5.2 TSA reaching the aggregate session limit.
In this situation the TSA SHOULD generate a CDN message with Error
Code-4 for the LAC.
5.3 TSA failing to establish an outbound tunnel
The TSA should try to establish the session on one of the
remaining LNS peers as determined by the configured policies on
the TSA - if there are none available it should generate a CDN
message for LAC with the Error Code-1.
6. IANA Considerations
This document requires two new "AVP Attributes" to be assigned
through IETF Consensus [RFC2434]:
Tunnel Capacity AVP (section 4.1)
TSA Id AVP (section 4.2)
This document defines no additional number spaces for IANA to manage.
7. Security Considerations
L2TP tunnel switching inherits all security issues from [L2TP] and
does not introduce any new security issues.
8. Author's Addresses
Reinaldo Penno
Nortel Networks
2305 Mission College Blvd
Santa Clara, CA 95054
Phone: +1 408.565.3023
Email: rpenno@nortelnetworks.com
Steve McGeown
Sandvine Inc.
Phone: +1 519.880.2230
Email: smcgeown@sandvine.com
Jain, et al. expires Feb 2003 [Page 9]
INTERNET DRAFT L2TP Tunnel Switching August 2002
Ly Loi
Tahoe Networks
3052 Orchard Drive
San Jose, CA 95134
Phone: +1 408.944.8630
Email: lll@tahoenetworks.com
Marc Eaton-Brown
Devoteam FrontRunner Ltd.
Union House
182-194 Union Street
London SE1 OLH
Phone: +44 7989 498337
Email: mebrown@devoteam-frontrunner.com
Vipin Jain
Pipal Systems
2903 Bunker Hill Ln #210
Santa Clara, CA 95054
Phone: +1 408.470.9700
Email: vipinietf@yahoo.com
9. Acknowledgments
Thanks to W. Mark Townsley of Cisco Systems and Mark Llacuna of
Nortel Networks for their valuable comments.
10. References
[L2TP] RFC 2661, W. Townsley, A. Valencia, A. Rubens, G. Pall,
G. Zorn, B. Palter, "Layer 2 Tunnel Protocol (L2TP)",
RFC2661, August 1999.
[PPP] RFC 1661, Simpson, W., "The Point-to-Point Protocol (PPP)",
STD 51, RFC 1661, July 1994.
[RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC 3145] RFC 3145, Verma, et. al.
"L2TP Disconnect Cause Information", July 2001
Jain, et al. expires Feb 2003 [Page 10]
INTERNET DRAFT L2TP Tunnel Switching August 2002
Appendix A
Considerations for Congestion Avoidance
[L2TP] recommends slow start and congestion avoidance techniques be
used on the control connection. That alone may not be sufficient to
deal with congestion problems in tunnel switched deployments.
Primarily because a TSA terminates the control connection and
initiates another one. For example, while switching incoming calls,
outbound tunnel might be more congested than inbound tunnel, in which
case even if two tunnels are implementing slow start and congestion
avoidance procedures, the effectiveness of end to end (first LAC to
last LNS in tunnel switched network) congestion control might not be
achieved. In order to deal with the situation it is recommended that
a TSA utilize the congestion information from the outbound tunnel to
provide feedback information in following manner:
- It could stop accepting new ICRQs with the issue of the
appropriate cause code in ICCNs
- It could utilize a Tunnel Capacity AVP to indicate that TSA might
not have capacity to handle more sessions on the given incoming
tunnel.
This will ensure the TSA to be as transparent as possible to the
congestion in the network and provide end to end congestion control.
Jain, et al. expires Feb 2003 [Page 11]
