L2TPv3 (Layer2 over WAN)

mbox supports L2TPv3 (Layer 2 Tunneling Protocol Version 3), which is an IETF standard related to L2TP that can be used as an alternative protocol to Multiprotocol Label Switching (MPLS) for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service, but scaled to fit carrier requirements.

Using L2TPv3 tunnels, mbox can span two layer 2 segments across any layer 2 or 3 backbone (ELAN, MPLS, FrameRelay, or even public Internet), so that hosts “feel” as if they are sitting in the same layer 2 networks, eg hosts can have the same network subnet.

This feature offers a very cost-effective alternative to traditional Metra-Ethernet services, and is widely used for connecting disaster recovery (DR) sites to the main HQ site using public Internet connectivity instead of expensive Metro-Ethernet links. mbox L2TPv3 implementation even supports trunking (Multi-VLAN) across L2TPv3 tunnel

    • mbox WAN interfaces build virtual L2TPv3 tunnel to remote site across Internet
    • Multiple VLANs are configured on mbox LAN interface (trunking over ethernet), which is connected to a external LAN switch port (trunk mode)
    • Multiple VLANs are configured on L2TPv3 tunnel interface (trunking over L2TPv3 tunnel), which runs across Internet WAN
    • mbox bridges the same VLANs between ethernet and L2TPv3 tunnel interfaces, and forward Layer 2 tagged frames (with vlan_id) across the L2TP tunnel
    • Users & servers on both side “feel” as if they’re sitting inside the same network

When configuring bridging interfaces, following conditions apply:

    • each mbox must be reachable to each each using WAN IP addresses (static IP addresses on both ends)
    • each VLAN interface (on LAN ethernet port and L2TPv3 tunnel) must belong to the same bridge group
    • tunnel is encapsulated by UDP protocol (optionally can be encrypted by IPSec). The UDP ports must be allowed by firewall rules (UDP/1701).
    • Sometimes it's neccessary to configure IP address under the bridge interface.

CONFIGURATION STEPS

    • configure a L2TPv3 tunnel
    • configure VLAN interfaces on LAN ethernet port, assign each VLAN to a bridge
    • configure VLAN interfaces on L2TPv3 tunnel, assign each VLAN to the same bridge


SUMMARY STEPS

enableconfigureinterface l2tp l2tpv3_numbertunnel local local_wan_ip local_tunnel_id local_port remote remote_wan_ip remote_tunnel_id remote_portmtu 1460interface vlan ethernet_port_number vlan_idbridge-group bridge_group_numberinterface vlan l2tp l2tpv3_number vlan_idbridge-group bridge_group_number

CONFIGURATION EXAMPLES

mbox> enablembox#mbox# configurembox(config-if)# interface l2tp 50mbox(config-if)# tunnel local 172.16.1.42 200 2000 remote 172.16.1.41 100 1000mbox(config-if)# enablembox(config-if)# mtu 1460mbox(config-if)# exitmbox(config)#mbox(config-if)# interface eth 1mbox(config-if)# enablembox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan 1 20mbox(config-if)# enablembox(config-if)# bridge-group 20mbox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan l2tp 50 20mbox(config-if)# enablembox(config-if)# bridge-group 20mbox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan 1 30mbox(config-if)# enablembox(config-if)# bridge-group 30mbox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan l2tp 50 30mbox(config-if)# enablembox(config-if)# bridge-group 30mbox(config-if)# exitmbox(config)#