Guest

Connectivity

Layer 2 Tunnel Protocol Scalability Enhancements


Table of Contents

Layer 2 Tunnel Protocol Scalability Enhancements
Feature Overview
Supported Platforms
Supported Standards, MIBs, and RFCs
Prerequisites
Configuration Tasks
Monitoring and Maintaining VPDN and L2TP
Configuration Examples
Command Reference
l2tp tunnel retransmit
l2tp tunnel receive-window
show vtemplate
Glossary

Layer 2 Tunnel Protocol Scalability Enhancements


This feature module describes scalability enhancements to the Layer 2 Tunnel Protocol (L2TP) feature. It includes information on the benefits of the enhancements, supported platforms, related documents, and new commands.

This document includes the following sections:

Feature Overview

The L2TP scalability enhancements are included in Cisco IOS Release 12.0(7) DC. Defined by RFC 2661, L2TP is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). For a description, benefits, restrictions, and configuration information for L2TP, see the Cisco IOS Release 12.0(1) T Layer 2 Tunnel Protocol feature module.

By improving L2TP control connection processing and virtual template cloning, these enhancements provide resilience to dropouts between the L2TP access concentrator (LAC) and L2TP network server (LNS).

Benefits

Scalability

Numerous changes were made in the way PPP sessions and L2TP tunnels were handled, providing support for up to 2000 PPPoA or PPPoE sessions and up to 300 tunnels. Consult the Cisco IOS Release Notes for the latest details on session and tunnel scalability.

Precloning

Virtual access interfaces at the LNS are allocated, or precloned, at system start. This significantly reduces the load on the system during call setup.

Control Channel Retransmission Improvements

The default number of control channel retransmissions is increased from 5 to 10. Also, the retransmission timeouts now follow an exponential backoff up to 8 seconds (such as 1, 2, 4, 8, 8, 8 seconds) rather than a fixed 1-second interval. A new command enables you to change control channel retransmission parameters, including the number of retries and the minimum and maximum retransmission timeouts.

Cisco Express Forwarding and Fast Switching for Sequence Number Updates on Control Packets

L2TP control packets now use Cisco Express Forwarding (CEF) and fast switching for sequence number updates. This allows for fast acknowledgment of packets and reduces the number of retransmissions during high call rate situations.

Larger Local Control Channel Receive Window Size

By increasing the local control channel receive window size (RWS), incoming control messages can be acknowledged and waiting on the recipient's queue, instead of waiting on the peer's queue. This enables the system to open PPP sessions more quickly. The default local RWS has been increased from 4 packets to a platform-dependent value (3000 packets on the Cisco 6400 NRP), and a new command enables you to set this size.

Restrictions

The total number of precloned interfaces must not exceed 3000 on the Cisco 6400 node route processor (NRP).

Related Features and Technologies

The L2TP Scalability Enhancements feature is related to the existing L2TP feature, which is documented in the Layer 2 Tunnel Protocol feature module.

Related Documents

Supported Platforms

The Layer 2 Tunnel Protocol scalability enhancements are supported on the node route processor (NRP) of the Cisco 6400 UAC.

Supported Standards, MIBs, and RFCs

Standards

None

MIBs

None

RFCs

No new or modified RFCs are supported by these feature enhancements.

Prerequisites

Cisco Express Forwarding

To support over 1000 sessions, you must enable Cisco Express Forwarding (CEF) with the ip cef global configuration command. For more information on CEF, see the "Cisco Express Forwarding"  chapter of the Cisco IOS Switching Services Configuration Guide

Recommended Memory

Cisco recommends at least 128 MB of DRAM on the Cisco 6400 NRP while using these feature enhancements.

Recommended NSP Image

Cisco recommends that you simultaneously run Cisco IOS Release 12.0(7) DB on the NSP while using these enhancments.

Configuration Tasks

See the following sections for configuration tasks for the L2TP scalability enhancements. Each task in the list indicates if the task is optional or required.

Increasing the Input Hold-Queue Limit

To accommodate more incoming control messages in the queue, set the maximum number of packets to a high value (at least 1000 packets on the Cisco 6400). Use the following steps on the interfaces between the LAC and LNS, beginning in global configuration mode.

Command Purpose
Step 1 

Router(config)# interface atm slot/subslot/port

Select the ATM interface.

Step 2 

Router(config-if)# hold-queue length in

Specify the maximum number of packets in the input queue.

Verifying the Input Hold-Queue Limit

To display the current hold queue setting and the number of packets discarded because of hold queue overflows, use the EXEC command show interfaces.

Precloning Virtual Access Interfaces

Precloning virtual access interfaces at the LNS reduces the load on the system during call setup. Use the following commands to preclone a virtual access interface, beginning in global configuration mode.

Command Purpose
Step 1 

Router(config)# virtual-template template-number
preclone
number

Specify the number of virtual access interfaces to be created and cloned from a specific virtual template.


Note   The precloning operation might take a long time to complete (on the order of minutes for a large number of interfaces). Avoid incoming calls at the LNS until precloning is finished. You can monitor the precloning operation with the show vtemplate privileged EXEC command.

Verifying the Precloned Virtual Access Interfaces

To check the successful precloning of virtual access interfaces, use the privileged EXEC command show vtemplate.

Setting the Number of Retransmission Attempts

By default, the system uses 10 L2TP tunnel control channel retransmission attempts. To change the number of retries, use the following commands beginning in global configuration mode.

Command Purpose
Step 1 

Router(config)# vpdn-group number

Select the VPDN group.

Step 2 

Router(config-vpdn)# l2tp tunnel retransmit retries value

Specify the number of retransmission attempts.

Verifying the Number of Retransmission Attempts

To check the configured number of retransmission attempts, use the EXEC command show running-config. To check general control channel retransmission parameters, use the privileged EXEC command show vpdn tunnel all.

Setting the Minimum and Maximum Retransmission Timeouts

Control channel retransmissions follow an exponential backoff, starting at the minimum retransmission timeout, and ending at the maximum retransmission timeout. Use the following commands to change the timeout lengths beginning in global configuration mode.

Command Purpose
Step 1 

Router(config)# vpdn-group number

Select the VPDN group.

Step 2 

Router(config-vpdn)# l2tp tunnel retransmit timeout min seconds

Specify the minimum timeout for retransmissions.

Step 3 

Router(config-vpdn)# l2tp tunnel retransmit timeout max seconds

Specify the maximum timeout (up to 8 seconds) for retransmissions.

To determine the best minimum and maximum timeouts for a given topology, use the privileged EXEC command show vpdn tunnel all. Check the displayed retransmit time distribution.

Retransmit time distribution: 0 0 0 0 1 0 0 0 1

Each value corresponds to the number of retransmissions at 0, 1, 2,..., 8 seconds, respectively, displaying a histogram of all tunnel retransmission times.

Verifying the Minimum and Maximum Retransmission Timeouts

To check the configured control channel retransmission timeouts, use the EXEC command show running-config. To check general control channel retransmission parameters, use the privileged EXEC command show vpdn tunnel all.

Setting the Local Control Channel Receive Window Size

The default local receive window size (RWS) is now 3000 packets for a Cisco 6400 NRP. This allows the L2TP control channel to send requests as fast as possible. To change the local RWS, use the following commands beginning in global configuration mode.

Command Purpose
Step 1 

Router(config)# vpdn-group number

Select the VPDN group.

Step 2 

Router(config-vpdn)# l2tp tunnel receive-window packets

Specify size of advertised receive window.

Step 3 

Router(config-vpdn)# exit

Return to global configuration mode.

Step 4 

Router(config)# end

Return to privileged EXEC mode.

Step 5 

Router# clear vpdn tunnel l2tp remote-name local-name

Clear all sessions and drop the tunnel.

Verifying the Local Control Channel Receive Window Size

To display the local RWS, use the privileged EXEC command show vpdn tunnel all.

Setting the L2TP Tunnel Timeout

The tunnel timeout dictates how long a tunnel lingers after all of its sessions are gone. This feature is useful if you expect sessions to come back immediately, or if you plan to examine the tunnel status after the sessions have died. The default tunnel timeout is 10 seconds for an LNS and 15 seconds for a LAC. To set the L2TP tunnel timeout, use the following commands beginning in global configuration mode.

Command Purpose
Step 1 

Router(config)# vpdn-group number

Select the VPDN group.

Step 2 

Router(config-vpdn)# l2tp tunnel nosession-timeout seconds

Specify the tunnel timeout length.

Verifying the L2TP Tunnel Timeout

To check the configured tunnel timeout, use the EXEC command show running-config.

Troubleshooting Tips

To troubleshoot VPDN and L2TP, use the privileged EXEC command debug vpdn. For sample output of debug vpdn, see the "Debug Examples"  section in the Layer 2 Tunnel Protocol feature module.

You can also use the privileged EXEC command show vpdn tunnel all, which contains new information for these L2TP scalability enhancements. The new fields are described in Table 1.

Router# show vpdn tunnel all
L2TP Tunnel Information (Total tunnels=1 sessions=500)
Tunnel id 20 is up, remote id is 12, 500 active sessions
Tunnel state is established, time since change 00:00:33
Remote tunnel name is LAC
Internet Address 10.1.1.1, port 1701
Local tunnel name is LNS
Internet Address 10.1.1.2, port 1701
971 packets sent, 1259 received, 19892 bytes sent, 37787 received
Control Ns 501, Nr 746
Local RWS 3000 (default), Remote RWS 3000 (max)
Retransmission time 4, max 8 seconds
Unsent queuesize 0, max 0
Resend queuesize 251, max 261
Total resends 390, ZLB ACKs 251
   Current nosession queue check 0 of 5
Retransmit time distribution: 0 0 0 0 1 0 0 0 1
   Sessions disconnected due to lack of resources 0

Table 1   New show vpdn tunnel all Field Descriptions

New field, as displayed in example Description

Retransmission time 4, max 8 seconds

Current retransmit timeout for the tunnel; maximum retransmit timeout reached by the tunnel.

Unsent queuesize 0, max 0

Number of control packets waiting to be sent to the peer; maximum number of control packets in the unsent queue.

Resend queuesize 251, max 261

Number of control packets sent but not acknowledged; maximum number of unacknowledged control packets in the resend queue.

Total resends 390, ZLB ACKs 251

Total number of packets resent; number of zero length body acknowledgment messages sent.

Current nosession queue check 0 of 5

Number of tunnel timeout periods since the last session ended. Up to 5 tunnel timeouts are used if there are outstanding control packets on the unsent or resend queue. Otherwise, the tunnel is dropped after 1 tunnel timeout.

Retransmit time distribution: 0 0 0 0 1 0 0 0 1

Histogram showing the number of retransmissions at 0, 1, 2,..., 8 seconds, respectively.

Sessions disconnected due to lack of resources 0

Number of sessions for which there were no precloned interfaces available. By default, a request for a new session at an LNS is refused if a precloned interface is not available.

Monitoring and Maintaining VPDN and L2TP

The following privileged EXEC commands will help you monitor and maintain VPDNs using L2TP tunnels:

Command Purpose
show vpdn tunnel [all | packets | state | summary | transport]
[id | local-name | remote-name]

Displays VPDN tunnel information including tunnel protocol, ID, packets sent and received, receive window sizes, retransmission times, and transport status.

show vpdn session [all [interface | tunnel | username]|
packets | sequence | state | timers | window]

Displays VPDN session information including interface, tunnel, username, packets, status, and window statistics.

clear vpdn tunnel l2tp remote-name local-name

Shuts down a specific tunnel and all the sessions within the tunnel.

Configuration Examples

For general L2TP configuration examples, see the Layer 2 Tunnel Protocol feature module.

The following example shows a configuration implementing the L2TP scalability enhancements. The input hold queue limit on an ATM interface is set to 1200, and virtual template 1 is used to preclone 2000 virtual access interfaces. VPDN group 1 is set to use 7 retransmission attempts, with the retransmission timeouts beginning at 2 seconds and ending at 4 seconds, and the L2TP tunnel timeout is set to 10 seconds. The local RWS is set to 500 packets.

!
vpdn enable
!
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate from hostname LAC1
 local name LNS1
 l2tp tunnel receive-window 500
 l2tp tunnel nosession-timeout 10
 l2tp tunnel retransmit retries 7
 l2tp tunnel retransmit timeout min 2
 l2tp tunnel retransmit timeout max 4
!
virtual-template 1 pre-clone 2000
!
interface ATM 0/0/0
 hold-queue 1200 in
!
interface FastEthernet 0/0/0
 ip address negotiated
 no ip directed-broadcast
!
interface Virtual-Template 1
 ip unnumbered FastEthernet 0/0/0
 no ip directed-broadcast
 no logging event link-status
 no keepalive
peer default ip address pool pool-1
ppp authentication chap
!

Command Reference

This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.

l2tp tunnel retransmit

To set the control channel retransmission parameters, use the l2tp tunnel retransmit VPDN group command. To disable a parameter setting, use the no form of this command.

l2tp tunnel retransmit [retries value | [timeout [min | max] seconds]]
no l2tp tunnel retransmit [retries value | [timeout [min | max] seconds]]

Syntax Description

retries

Retransmission attempts.

value

Specifies number of retransmission attempts.

timeout

Length of time between retransmission attempts.

min

Sets the minimum timeout.

max

Sets the maximum timeout, up to 8 seconds.

seconds

Specifies timeout length, in seconds.

Defaults

10 retries.

1-second timeout minimum.

8-second timeout maximum.

Command Modes

VPDN group mode

Command History

Release Modification

12.0(7) DC

This command was introduced on the Cisco 6400 node route processor (NRP).

Usage Guidelines

Control channel retransmissions follow an exponential backoff, starting at the minimum retransmit timeout length, and ending at the maximum retransmit timeout length (up to 8 seconds). For example, if the minimum timeout length is set to 1 second, the next retransmission attempt occurs 2 seconds later. The following attempt occurs 4 seconds later, and all additional attempts occur in 8-second intervals.

Examples

The following example configures 8 retransmission attempts, with the minimum timeout length set at 2 seconds, and the maximum timeout length set at 4 seconds:

l2tp tunnel retransmit retries 8
l2tp tunnel retransmit timeout min 2
l2tp tunnel retransmit timeout max 4

l2tp tunnel receive-window

To set the local control channel receive window size (RWS), use the l2tp tunnel receive-window VPDN group command.

l2tp tunnel receive-window packets

Syntax Description

packets

Specifies size, in packets, of local RWS.

Defaults

The default local RWS is platform dependent. For the Cisco 6400 NRP, the local RWS is 3000 packets.

Command Modes

VPDN group mode

Command History

Release Modification

12.0(7) DC

This command was introduced on the Cisco 6400 node route processor (NRP).

Usage Guidelines

The local RWS determines the number of L2TP control packets that can be queued by the system for processing, and the new default local RWS is considerably larger than the value outlined in RFC 2661. While a large RWS enables the system to open PPP sessions more quickly, a smaller RWS is useful on networks that cannot handle large bursts of traffic.

Examples

The following example sets the local RWS to 500 packets:

l2tp tunnel receive-window 500

show vtemplate

To display a list of all configured virtual templates, use the show vtemplate privileged EXEC command.

show vtemplate

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default behavior or values.

Command Modes

Privileged EXEC

Command History

Release Modification

12.0(7) DC

This command was introduced on the Cisco 6400 node route processor (NRP).

Examples

In the following example, precloning is on for Virtual-Template 1, 250 virtual access interfaces have been precloned, and 249 virtual access interfaces are available for new L2TP sessions. Only one virtual access interface is in use by L2TP, and no virtual access interfaces were cloned during call setup.

Router# show vtemplate
 Virtual-Template 1, pre-cloning is on
  Pre-clone limit: 250, current number: 249
  Active vaccess number: 1
 Generic free vaccess number:0

Table 2 describes the fields shown in the example.

Table 2   Show Vtemplate Field Descriptions

Field Description

virtual template name

Configured interface name of virtual template

pre-cloning is on/off

Indicates whether precloning is on or off for that virtual template

Pre-clone limit

Number of precloned virtual access interfaces

current number

Number of currently available precloned virtual access interfaces

Active vaccess number

Number of virtual access interfaces in use

Generic free vaccess number

Number of virtual access interfaces that were cloned at call setup (not precloned)

Glossary

call—An attempted connection between a remote system and LAC, such as a telephone call through the PSTN. An incoming or outgoing call that is successfully established between a remote system and LAC results in a corresponding L2TP session within a previously established tunnel between the LAC and LNS.

cloning—Creating and configuring a virtual access interface by applying a specific virtual template interface. The template is the source of the generic user information and router-dependent information. The result of cloning is a virtual access interface configured with all the commands in the template.

control messages—Signaling messages that provide the control of setup, maintenance, and tear down of L2TP sessions and tunnels.

L2TP—Layer 2 Tunnel Protocol. An Internet Engineering Task Force (IETF) standards track protocol defined in RFC 2661 that provides tunneling of PPP. Based upon the best features of L2F and PPTP, L2TP provides an industry-wide interoperable method of implementing VPDN.

L2TP access concentrator—See LAC.

L2TP network server—See LNS.

L2TP session—Communications transactions between the LAC and LNS that support tunneling of a single PPP connection. There is a one-to-one relationship among the PPP connection, L2TP session, and L2TP call.

LAC—L2TP access concentrator. A node that acts as one side of an L2TP tunnel endpoint and is a peer to the L2TP network server (LNS). The LAC sits between an LNS and a remote system and forwards packets to and from each. Packets sent from the LAC to the LNS requires tunneling with the L2TP protocol as defined in this document. The connection from the LAC to the remote system is either local or a PPP link.

LNS—L2TP network server. A node that acts as one side of an L2TP tunnel endpoint and is a peer to the L2TP access concentrator (LAC). The LNS is the logical termination point of a PPP session that is being tunneled from the remote system by the LAC. Analogous to the Layer 2 Forwarding (L2F) home gateway (HGW).

Layer 2 Tunnel Protocol—See L2TP.

NAS—Network access server. A device providing local network access to users across a remote access network such as the PSTN. A NAS can also serve as a LAC, LNS, or both.

network access server—See NAS.

Point-to-Point Protocol—See PPP.

Point-to-Point Tunneling Protocol—See PPTP.

PPP—Point-to-Point Protocol. A protocol that encapsulates network layer protocol information over point-to-point links. PPP is defined in RFC 1661.

PPTP—Point-to-Point Tunneling Protocol. Microsoft's Point-to-Point Tunneling Protocol. Some of the features in L2TP were derived from PPTP.

precloning—Cloning a specified number of virtual access interfaces from a virtual template at system startup or when the command is configured.

remote system—An end-system or router that is attached to a remote access network and that is either the initiator or recipient of a call.

tunnel—A virtual pipe between the LAC and LNS that can carry multiple L2TP sessions.

virtual access interface—Instance of a unique virtual interface that is created dynamically and exists temporarily. Virtual access interfaces can be created and configured differently by different applications, such as virtual profiles and virtual private dialup networks. Virtual access interfaces are cloned from virtual template interfaces

Virtual Private Dialup Networking—See VPDN.

VPDN—Virtual Private Dialup Networking. A system that permits the physical dialup connection to appear to be connected directly to a home network while actually residing elsewhere on the network. A virtual pipe is connected between the physical dialup connections and the termination point at the home network.

virtual template interface—A logical interface configured with generic configuration information for a specific purpose or configuration common to specific users, plus router-dependent information. The template takes the form of a list of Cisco IOS interface commands that are applied to virtual access interfaces, as needed.