Layer Two Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used by an Internet service provider (ISP) to enable the operation of a virtual private network (VPN) over the Internet.
The two end components that make up L2TP are the L2TP Access Concentrator (LAC) which is the device that physically terminates a call and the L2TP Network Server (LNS), which is the device that terminates and possibly authenticates the PPP stream. Once a tunnel is established, the network traffic between the peers is bidirectional. To be useful for networking, higher level protocols are then run through the L2TP tunnel. To facilitate this L2TP session (or call) is established within the tunnel for each higher-level protocol such as PPP. Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel.
The packets exchanged within an L2TP tunnel are either categorized as control
packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel.
An L2TP tunnel can extend across an entire PPP session or only across one segment of a two-segment session. This can be represented by four different tunneling models :
- Voluntary Tunnel model : a tunnel is created by the user, typically by the use of an L2TP enabled client which is called the LAC client. The user will send L2TP packets to the Internet Service Provider (ISP) which will forward them on to the LNS.
- Compulsory tunnel model-incoming call: a tunnel is created between ISP LAC and the LNS home gateway.
- Compulsory tunnel model-remote dial the home gateway (LNS) initiates a tunnel to an ISP (LAC) (outgoing call) and instructs the ISP to place a local call to the PPP enabled client which is the remote user.
- L2TP Multi-hop connection : It is a way of redirecting L2TP traffic on behalf of client LACs and LNSs. A Multi-hop connection is established using an L2TP Multi-hop gateway. A tunnel is established from a client LAC to the L2TP Multi-hop gateway and then another tunnel is established between the L2TP Multi-hop gateway and a target LNS. L2TP traffic between client LAC and LNS is redirected to each other through the gateway.
Thursday, July 23, 2009
Quick Tech Tip: Layer 2 Tunneling protocol : L2TP
Quick Tech Tip: Point-to-point tunneling protocol - PPTP
Overview of Point-to-point Protocol:
The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP was originally emerged as an encapsulation protocol for transporting IP traffic between two peers.PPP is comprised of the following main components:
* Encapsulation: A method for encapsulating multi-protocol datagrams.
* Link Control Protocol: The LCP is used to automatically agree upon the encapsulation format options, handle varying limits on sizes of packets, detect a looped-back link and other common misconfiguration errors, and terminate the link.
* Network Control Protocol: An extensible Link Control Protocol (LCP) for establishing, configuring, and testing and managing the data-link connections.
* Configuration: Easy and self configuration mechanisms using Link Control Protocol. This mechanism is also used by other control protocols such as Network Control Protocols (NCPs).
Introduction TO PPTP :
PPTP packages data within PPP packets, then encapsulates the PPP packets within IP packets (datagrams) for transmission through an Internet-based VPN tunnel. PPTP supports data encryption and compression of these packets.
The PPTP protocol is designed to perform the following tasks:
* Query the status of Comm Servers
* Provide In-Band management
* Allocate channels and place outgoing calls
* Notify NT Server on incoming calls
* Transmit and Receive User Data with flow control in both directions
* Notify NT Server on disconnected calls.
PPTP-based Internet remote access VPNs are by far the most common form of PPTP VPN. In this environment, VPN tunnels are created via the following two-step process:
1. The PPTP client connects to their ISP using PPP dial-up networking.
2. Via the broker device (described earlier), PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel.
Once the VPN tunnel is established, PPTP supports two types of information flow:
* control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
* data packets that pass through the tunnel, to or from the VPN client.
PPTP also supports VPN connectivity via a LAN.
PPTP supports authentication, encryption, and packet filtering.
Though PPTP remains a popular choice for VPNs, one drawback of PPTP is its failure to choose a single standard for authentication and encryption. Two products that both fully comply with the PPTP specification may be totally incompatible with each other if they encrypt data differently.
Quick Technical Tip : Tunneling
Tunneling is a way in which data is transferred between two networks securely. All the data that is being transferred are fragmented into smaller packets or frames and then passed through the tunnel. This process is different from a normal data transfer between nodes. Every frame passing through the tunnel will be encrypted with an additional layer of tunneling encryption and encapsulation which is also used for routing the packets to the right direction. This encapsulation would then be reverted at the destination with decryption of data which is later sent to the desired destined node.
Example: People have written tunnels over ICMP, DNS, HTTP, e-mail messages, and TCP connections. Tunnels can either by of the "port redirector" style (which run on top of any TCP/IP stack) or of the network interface variety (below the TCP/IP stack requiring kernel mod).
VPN connection are of two type, PPTP (Point-to-Point tunneling protocol) and L2TP (Layer 2 tunneling protocol). Both PPTP and L2TP tunnels are nothing but local sessions between two different endpoints. Incase they have to communicate then the tunneling type must be negotiated between the endpoint, either PPTP or L2TP and then more configurable parameters like encryption, address assignment, compression etc must be configured in order to get the best possible security over the internet based private logical tunnel communication. This communication is created, maintained and terminated using a tunnel management protocol.
Data can be sent once the tunnel is in place and clients or server can use the same tunnel to send and receive data across the internetwork. The data transfer depends upon the tunneling protocols being used for the transfer.
