L2TPv3 (Layer2 over WAN)
mbox supports L2TPv3 (Layer 2 Tunneling Protocol Version 3), which is an IETF standard related to L2TP that can be used as an alternative protocol to Multiprotocol Label Switching (MPLS) for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service, but scaled to fit carrier requirements.
Using L2TPv3 tunnels, mbox can span two layer 2 segments across any layer 2 or 3 backbone (ELAN, MPLS, FrameRelay, or even public Internet), so that hosts “feel” as if they are sitting in the same layer 2 networks, eg hosts can have the same network subnet.
This feature offers a very cost-effective alternative to traditional Metra-Ethernet services, and is widely used for connecting disaster recovery (DR) sites to the main HQ site using public Internet connectivity instead of expensive Metro-Ethernet links. mbox L2TPv3 implementation even supports trunking (Multi-VLAN) across L2TPv3 tunnel
mbox WAN interfaces build virtual L2TPv3 tunnel to remote site across Internet
Multiple VLANs are configured on mbox LAN interface (trunking over ethernet), which is connected to a external LAN switch port (trunk mode)
Multiple VLANs are configured on L2TPv3 tunnel interface (trunking over L2TPv3 tunnel), which runs across Internet WAN
mbox bridges the same VLANs between ethernet and L2TPv3 tunnel interfaces, and forward Layer 2 tagged frames (with vlan_id) across the L2TP tunnel
Users & servers on both side “feel” as if they’re sitting inside the same network
When configuring bridging interfaces, following conditions apply:
each mbox must be reachable to each each using WAN IP addresses (static IP addresses on both ends)
each VLAN interface (on LAN ethernet port and L2TPv3 tunnel) must belong to the same bridge group
tunnel is encapsulated by UDP protocol (optionally can be encrypted by IPSec). The UDP ports must be allowed by firewall rules (UDP/1701).
Sometimes it's neccessary to configure IP address under the bridge interface.
CONFIGURATION STEPS
configure a L2TPv3 tunnel
configure VLAN interfaces on LAN ethernet port, assign each VLAN to a bridge
configure VLAN interfaces on L2TPv3 tunnel, assign each VLAN to the same bridge
SUMMARY STEPS
enableconfigureinterface l2tp l2tpv3_numberlocal local_wan_ip local_port remote remote_wan_ip remote_portmtu 1460interface vlan ethernet_port_number vlan_idbridge-group bridge_group_numberinterface vlan l2tp l2tpv3_number vlan_idbridge-group bridge_group_numberCONFIGURATION EXAMPLES
mbox> enablembox#mbox# configurembox(config-if)# interface l2tp 50mbox(config-if)# local 172.16.1.42 2000 remote 172.16.1.41 1000mbox(config-if)# enablembox(config-if)# mtu 1460mbox(config-if)# exitmbox(config)#mbox(config-if)# interface eth 1mbox(config-if)# enablembox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan 1 20mbox(config-if)# enablembox(config-if)# bridge-group 20mbox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan l2tp 50 20mbox(config-if)# enablembox(config-if)# bridge-group 20mbox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan 1 30mbox(config-if)# enablembox(config-if)# bridge-group 30mbox(config-if)# exitmbox(config)#mbox(config-if)# interface vlan l2tp 50 30mbox(config-if)# enablembox(config-if)# bridge-group 30mbox(config-if)# exitmbox(config)#