From aebda049dcd1999080d52c813a40cc85f8377d04 Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Mon, 11 Oct 2010 18:19:37 +0400 Subject: started work on L2TPv2 server --- rfc/rfc2661.txt | 4483 ++++++++++++++++++++++++++++++++++++++++++++++ rfc/rfc3931.txt | 5267 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 9750 insertions(+) create mode 100644 rfc/rfc2661.txt create mode 100644 rfc/rfc3931.txt (limited to 'rfc') diff --git a/rfc/rfc2661.txt b/rfc/rfc2661.txt new file mode 100644 index 0000000..78f01d7 --- /dev/null +++ b/rfc/rfc2661.txt @@ -0,0 +1,4483 @@ + + + + + + +Network Working Group W. Townsley +Request for Comments: 2661 A. Valencia +Category: Standards Track cisco Systems + A. Rubens + Ascend Communications + G. Pall + G. Zorn + Microsoft Corporation + B. Palter + Redback Networks + August 1999 + + + Layer Two Tunneling Protocol "L2TP" + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (1999). All Rights Reserved. + +Abstract + + This document describes the Layer Two Tunneling Protocol (L2TP). STD + 51, RFC 1661 specifies multi-protocol access via PPP [RFC1661]. L2TP + facilitates the tunneling of PPP packets across an intervening + network in a way that is as transparent as possible to both end-users + and applications. + +Table of Contents + + 1.0 Introduction.......................................... 3 + 1.1 Specification of Requirements......................... 4 + 1.2 Terminology........................................... 4 + 2.0 Topology.............................................. 8 + 3.0 Protocol Overview..................................... 9 + 3.1 L2TP Header Format.................................... 9 + 3.2 Control Message Types................................. 11 + 4.0 Control Message Attribute Value Pairs................. 12 + 4.1 AVP Format............................................ 13 + 4.2 Mandatory AVPs........................................ 14 + 4.3 Hiding of AVP Attribute Values........................ 14 + + + +Townsley, et al. Standards Track [Page 1] + +RFC 2661 L2TP August 1999 + + + 4.4 AVP Summary........................................... 17 + 4.4.1 AVPs Applicable To All Control Messages.......... 17 + 4.4.2 Result and Error Codes........................... 18 + 4.4.3 Control Connection Management AVPs............... 20 + 4.4.4 Call Management AVPs............................. 27 + 4.4.5 Proxy LCP and Authentication AVPs................ 34 + 4.4.6 Call Status AVPs................................. 39 + 5.0 Protocol Operation.................................... 41 + 5.1 Control Connection Establishment...................... 41 + 5.1.1 Tunnel Authentication............................ 42 + 5.2 Session Establishment................................. 42 + 5.2.1 Incoming Call Establishment...................... 42 + 5.2.2 Outgoing Call Establishment...................... 43 + 5.3 Forwarding PPP Frames................................. 43 + 5.4 Using Sequence Numbers on the Data Channel............ 44 + 5.5 Keepalive (Hello)..................................... 44 + 5.6 Session Teardown...................................... 45 + 5.7 Control Connection Teardown........................... 45 + 5.8 Reliable Delivery of Control Messages................. 46 + 6.0 Control Connection Protocol Specification............. 48 + 6.1 Start-Control-Connection-Request (SCCRQ).............. 48 + 6.2 Start-Control-Connection-Reply (SCCRP)................ 48 + 6.3 Start-Control-Connection-Connected (SCCCN)............ 49 + 6.4 Stop-Control-Connection-Notification (StopCCN)........ 49 + 6.5 Hello (HELLO)......................................... 49 + 6.6 Incoming-Call-Request (ICRQ).......................... 50 + 6.7 Incoming-Call-Reply (ICRP)............................ 51 + 6.8 Incoming-Call-Connected (ICCN)........................ 51 + 6.9 Outgoing-Call-Request (OCRQ).......................... 52 + 6.10 Outgoing-Call-Reply (OCRP)........................... 53 + 6.11 Outgoing-Call-Connected (OCCN)....................... 53 + 6.12 Call-Disconnect-Notify (CDN)......................... 53 + 6.13 WAN-Error-Notify (WEN)............................... 54 + 6.14 Set-Link-Info (SLI).................................. 54 + 7.0 Control Connection State Machines..................... 54 + 7.1 Control Connection Protocol Operation................. 55 + 7.2 Control Connection States............................. 56 + 7.2.1 Control Connection Establishment................. 56 + 7.3 Timing considerations................................. 58 + 7.4 Incoming calls........................................ 58 + 7.4.1 LAC Incoming Call States......................... 60 + 7.4.2 LNS Incoming Call States......................... 62 + 7.5 Outgoing calls........................................ 63 + 7.5.1 LAC Outgoing Call States......................... 64 + 7.5.2 LNS Outgoing Call States......................... 66 + 7.6 Tunnel Disconnection.................................. 67 + 8.0 L2TP Over Specific Media.............................. 67 + 8.1 L2TP over UDP/IP...................................... 68 + + + +Townsley, et al. Standards Track [Page 2] + +RFC 2661 L2TP August 1999 + + + 8.2 IP.................................................... 69 + 9.0 Security Considerations............................... 69 + 9.1 Tunnel Endpoint Security.............................. 70 + 9.2 Packet Level Security................................. 70 + 9.3 End to End Security................................... 70 + 9.4 L2TP and IPsec........................................ 71 + 9.5 Proxy PPP Authentication.............................. 71 + 10.0 IANA Considerations.................................. 71 + 10.1 AVP Attributes....................................... 71 + 10.2 Message Type AVP Values.............................. 72 + 10.3 Result Code AVP Values............................... 72 + 10.3.1 Result Code Field Values........................ 72 + 10.3.2 Error Code Field Values......................... 72 + 10.4 Framing Capabilities & Bearer Capabilities........... 72 + 10.5 Proxy Authen Type AVP Values......................... 72 + 10.6 AVP Header Bits...................................... 73 + 11.0 References........................................... 73 + 12.0 Acknowledgments...................................... 74 + 13.0 Authors' Addresses................................... 75 + Appendix A: Control Channel Slow Start and Congestion + Avoidance..................................... 76 + Appendix B: Control Message Examples...................... 77 + Appendix C: Intellectual Property Notice.................. 79 + Full Copyright Statement.................................. 80 + +1.0 Introduction + + PPP [RFC1661] defines an encapsulation mechanism for transporting + multiprotocol packets across layer 2 (L2) point-to-point links. + Typically, a user obtains a L2 connection to a Network Access Server + (NAS) using one of a number of techniques (e.g., dialup POTS, ISDN, + ADSL, etc.) and then runs PPP over that connection. In such a + configuration, the L2 termination point and PPP session endpoint + reside on the same physical device (i.e., the NAS). + + L2TP extends the PPP model by allowing the L2 and PPP endpoints to + reside on different devices interconnected by a packet-switched + network. With L2TP, a user has an L2 connection to an access + concentrator (e.g., modem bank, ADSL DSLAM, etc.), and the + concentrator then tunnels individual PPP frames to the NAS. This + allows the actual processing of PPP packets to be divorced from the + termination of the L2 circuit. + + One obvious benefit of such a separation is that instead of requiring + the L2 connection terminate at the NAS (which may require a + long-distance toll charge), the connection may terminate at a (local) + circuit concentrator, which then extends the logical PPP session over + + + + +Townsley, et al. Standards Track [Page 3] + +RFC 2661 L2TP August 1999 + + + a shared infrastructure such as frame relay circuit or the Internet. + From the user's perspective, there is no functional difference between + having the L2 circuit terminate in a NAS directly or using L2TP. + + L2TP may also solve the multilink hunt-group splitting problem. + Multilink PPP [RFC1990] requires that all channels composing a + multilink bundle be grouped at a single Network Access Server (NAS). + Due to its ability to project a PPP session to a location other than + the point at which it was physically received, L2TP can be used to + make all channels terminate at a single NAS. This allows multilink + operation even when the calls are spread across distinct physical + NASs. + + This document defines the necessary control protocol for on-demand + creation of tunnels between two nodes and the accompanying + encapsulation for multiplexing multiple, tunneled PPP sessions. + +1.1 Specification of Requirements + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +1.2 Terminology + + Analog Channel + + A circuit-switched communication path which is intended to carry + 3.1 kHz audio in each direction. + + Attribute Value Pair (AVP) + + The variable length concatenation of a unique Attribute + (represented by an integer) and a Value containing the actual + value identified by the attribute. Multiple AVPs make up Control + Messages which are used in the establishment, maintenance, and + teardown of tunnels. + + Call + + A connection (or attempted connection) between a Remote System and + LAC. For example, a telephone call through the PSTN. A Call + (Incoming or Outgoing) which is successfully established between a + Remote System and LAC results in a corresponding L2TP Session + within a previously established Tunnel between the LAC and LNS. + (See also: Session, Incoming Call, Outgoing Call). + + + + + +Townsley, et al. Standards Track [Page 4] + +RFC 2661 L2TP August 1999 + + + Called Number + + An indication to the receiver of a call as to what telephone + number the caller used to reach it. + + Calling Number + + An indication to the receiver of a call as to the telephone number + of the caller. + + CHAP + + Challenge Handshake Authentication Protocol [RFC1994], a PPP + cryptographic challenge/response authentication protocol in which + the cleartext password is not passed over the line. + + Control Connection + + A control connection operates in-band over a tunnel to control the + establishment, release, and maintenance of sessions and of the + tunnel itself. + + Control Messages + + Control messages are exchanged between LAC and LNS pairs, + operating in-band within the tunnel protocol. Control messages + govern aspects of the tunnel and sessions within the tunnel. + + Digital Channel + + A circuit-switched communication path which is intended to carry + digital information in each direction. + + DSLAM + + Digital Subscriber Line (DSL) Access Module. A network device used + in the deployment of DSL service. This is typically a concentrator + of individual DSL lines located in a central office (CO) or local + exchange. + + Incoming Call + + A Call received at an LAC to be tunneled to an LNS (see Call, + Outgoing Call). + + + + + + + +Townsley, et al. Standards Track [Page 5] + +RFC 2661 L2TP August 1999 + + + L2TP Access Concentrator (LAC) + + A node that acts as one side of an L2TP tunnel endpoint and is a + peer to the L2TP Network Server (LNS). The LAC sits between an + LNS and a remote system and forwards packets to and from each. + Packets sent from the LAC to the LNS requires tunneling with the + L2TP protocol as defined in this document. The connection from + the LAC to the remote system is either local (see: Client LAC) or + a PPP link. + + L2TP Network Server (LNS) + + A node that acts as one side of an L2TP tunnel endpoint and is a + peer to the L2TP Access Concentrator (LAC). The LNS is the + logical termination point of a PPP session that is being tunneled + from the remote system by the LAC. + + Management Domain (MD) + + A network or networks under the control of a single + administration, policy or system. For example, an LNS's Management + Domain might be the corporate network it serves. An LAC's + Management Domain might be the Internet Service Provider that owns + and manages it. + + Network Access Server (NAS) + + A device providing local network access to users across a remote + access network such as the PSTN. An NAS may also serve as an LAC, + LNS or both. + + Outgoing Call + + A Call placed by an LAC on behalf of an LNS (see Call, Incoming + Call). + + Peer + + When used in context with L2TP, peer refers to either the LAC or + LNS. An LAC's Peer is an LNS and vice versa. When used in context + with PPP, a peer is either side of the PPP connection. + + POTS + + Plain Old Telephone Service. + + + + + + +Townsley, et al. Standards Track [Page 6] + +RFC 2661 L2TP August 1999 + + + Remote System + + An end-system or router attached to a remote access network (i.e. + a PSTN), which is either the initiator or recipient of a call. + Also referred to as a dial-up or virtual dial-up client. + + Session + + L2TP is connection-oriented. The LNS and LAC maintain state for + each Call that is initiated or answered by an LAC. An L2TP Session + is created between the LAC and LNS when an end-to-end PPP + connection is established between a Remote System and the LNS. + Datagrams related to the PPP connection are sent over the Tunnel + between the LAC and LNS. There is a one to one relationship + between established L2TP Sessions and their associated Calls. (See + also: Call). + + Tunnel + + A Tunnel exists between a LAC-LNS pair. The Tunnel consists of a + Control Connection and zero or more L2TP Sessions. The Tunnel + carries encapsulated PPP datagrams and Control Messages between + the LAC and the LNS. + + Zero-Length Body (ZLB) Message + + A control packet with only an L2TP header. ZLB messages are used + for explicitly acknowledging packets on the reliable control + channel. + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 7] + +RFC 2661 L2TP August 1999 + + +2.0 Topology + + The following diagram depicts a typical L2TP scenario. The goal is to + tunnel PPP frames between the Remote System or LAC Client and an LNS + located at a Home LAN. + + [Home LAN] + [LAC Client]----------+ | + ____|_____ +--[Host] + | | | + [LAC]---------| Internet |-----[LNS]-----+ + | |__________| | + _____|_____ : + | | + | PSTN | + [Remote]--| Cloud | + [System] | | [Home LAN] + |___________| | + | ______________ +---[Host] + | | | | + [LAC]-------| Frame Relay |---[LNS]-----+ + | or ATM Cloud | | + |______________| : + + The Remote System initiates a PPP connection across the PSTN Cloud to + an LAC. The LAC then tunnels the PPP connection across the Internet, + Frame Relay, or ATM Cloud to an LNS whereby access to a Home LAN is + obtained. The Remote System is provided addresses from the HOME LAN + + via PPP NCP negotiation. Authentication, Authorization and Accounting + may be provided by the Home LAN's Management Domain as if the user + were connected to a Network Access Server directly. + + A LAC Client (a Host which runs L2TP natively) may also participate + in tunneling to the Home LAN without use of a separate LAC. In this + case, the Host containing the LAC Client software already has a + connection to the public Internet. A "virtual" PPP connection is then + created and the local L2TP LAC Client software creates a tunnel to + the LNS. As in the above case, Addressing, Authentication, + Authorization and Accounting will be provided by the Home LAN's + Management Domain. + + + + + + + + + + +Townsley, et al. Standards Track [Page 8] + +RFC 2661 L2TP August 1999 + + +3.0 Protocol Overview + + L2TP utilizes two types of messages, control messages and data + messages. Control messages are used in the establishment, maintenance + and clearing of tunnels and calls. Data messages are used to + encapsulate PPP frames being carried over the tunnel. Control + messages utilize a reliable Control Channel within L2TP to guarantee + delivery (see section 5.1 for details). Data messages are not + retransmitted when packet loss occurs. + + +-------------------+ + | PPP Frames | + +-------------------+ +-----------------------+ + | L2TP Data Messages| | L2TP Control Messages | + +-------------------+ +-----------------------+ + | L2TP Data Channel | | L2TP Control Channel | + | (unreliable) | | (reliable) | + +------------------------------------------------+ + | Packet Transport (UDP, FR, ATM, etc.) | + +------------------------------------------------+ + + Figure 3.0 L2TP Protocol Structure + + Figure 3.0 depicts the relationship of PPP frames and Control + Messages over the L2TP Control and Data Channels. PPP Frames are + passed over an unreliable Data Channel encapsulated first by an L2TP + header and then a Packet Transport such as UDP, Frame Relay, ATM, + etc. Control messages are sent over a reliable L2TP Control Channel + which transmits packets in-band over the same Packet Transport. + + Sequence numbers are required to be present in all control messages + and are used to provide reliable delivery on the Control Channel. + Data Messages may use sequence numbers to reorder packets and detect + lost packets. + + All values are placed into their respective fields and sent in + network order (high order octets first). + +3.1 L2TP Header Format + + L2TP packets for the control channel and data channel share a common + header format. In each case where a field is optional, its space does + not exist in the message if the field is marked not present. Note + that while optional on data messages, the Length, Ns, and Nr fields + marked as optional below, are required to be present on all control + messages. + + + + + +Townsley, et al. Standards Track [Page 9] + +RFC 2661 L2TP August 1999 + + + This header is formatted: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Tunnel ID | Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Ns (opt) | Nr (opt) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Offset Size (opt) | Offset pad... (opt) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 3.1 L2TP Message Header + + The Type (T) bit indicates the type of message. It is set to 0 for a + data message and 1 for a control message. + + If the Length (L) bit is 1, the Length field is present. This bit + MUST be set to 1 for control messages. + + The x bits are reserved for future extensions. All reserved bits MUST + be set to 0 on outgoing messages and ignored on incoming messages. + + If the Sequence (S) bit is set to 1 the Ns and Nr fields are present. + The S bit MUST be set to 1 for control messages. + + If the Offset (O) bit is 1, the Offset Size field is present. The O + bit MUST be set to 0 (zero) for control messages. + + If the Priority (P) bit is 1, this data message should receive + preferential treatment in its local queuing and transmission. LCP + echo requests used as a keepalive for the link, for instance, should + generally be sent with this bit set to 1. Without it, a temporary + interval of local congestion could result in interference with + keepalive messages and unnecessary loss of the link. This feature is + only for use with data messages. The P bit MUST be set to 0 for all + control messages. + + Ver MUST be 2, indicating the version of the L2TP data message header + described in this document. The value 1 is reserved to permit + detection of L2F [RFC2341] packets should they arrive intermixed with + L2TP packets. Packets received with an unknown Ver field MUST be + discarded. + + The Length field indicates the total length of the message in octets. + + + + +Townsley, et al. Standards Track [Page 10] + +RFC 2661 L2TP August 1999 + + + Tunnel ID indicates the identifier for the control connection. L2TP + tunnels are named by identifiers that have local significance only. + That is, the same tunnel will be given different Tunnel IDs by each + end of the tunnel. Tunnel ID in each message is that of the intended + recipient, not the sender. Tunnel IDs are selected and exchanged as + Assigned Tunnel ID AVPs during the creation of a tunnel. + + Session ID indicates the identifier for a session within a tunnel. + L2TP sessions are named by identifiers that have local significance + only. That is, the same session will be given different Session IDs + by each end of the session. Session ID in each message is that of the + intended recipient, not the sender. Session IDs are selected and + exchanged as Assigned Session ID AVPs during the creation of a + session. + + Ns indicates the sequence number for this data or control message, + beginning at zero and incrementing by one (modulo 2**16) for each + message sent. See Section 5.8 and 5.4 for more information on using + this field. + + Nr indicates the sequence number expected in the next control message + to be received. Thus, Nr is set to the Ns of the last in-order + message received plus one (modulo 2**16). In data messages, Nr is + reserved and, if present (as indicated by the S-bit), MUST be ignored + upon receipt. See section 5.8 for more information on using this + field in control messages. + + The Offset Size field, if present, specifies the number of octets + past the L2TP header at which the payload data is expected to start. + Actual data within the offset padding is undefined. If the offset + field is present, the L2TP header ends after the last octet of the + offset padding. + +3.2 Control Message Types + + The Message Type AVP (see section 4.4.1) defines the specific type of + control message being sent. Recall from section 3.1 that this is only + for control messages, that is, messages with the T-bit set to 1. + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 11] + +RFC 2661 L2TP August 1999 + + + This document defines the following control message types (see + Section 6.1 through 6.14 for details on the construction and use of + each message): + + Control Connection Management + + 0 (reserved) + + 1 (SCCRQ) Start-Control-Connection-Request + 2 (SCCRP) Start-Control-Connection-Reply + 3 (SCCCN) Start-Control-Connection-Connected + 4 (StopCCN) Stop-Control-Connection-Notification + 5 (reserved) + 6 (HELLO) Hello + + Call Management + + 7 (OCRQ) Outgoing-Call-Request + 8 (OCRP) Outgoing-Call-Reply + 9 (OCCN) Outgoing-Call-Connected + 10 (ICRQ) Incoming-Call-Request + 11 (ICRP) Incoming-Call-Reply + 12 (ICCN) Incoming-Call-Connected + 13 (reserved) + 14 (CDN) Call-Disconnect-Notify + + Error Reporting + + 15 (WEN) WAN-Error-Notify + + PPP Session Control + + 16 (SLI) Set-Link-Info + +4.0 Control Message Attribute Value Pairs + + To maximize extensibility while still permitting interoperability, a + uniform method for encoding message types and bodies is used + throughout L2TP. This encoding will be termed AVP (Attribute-Value + Pair) in the remainder of this document. + + + + + + + + + + + +Townsley, et al. Standards Track [Page 12] + +RFC 2661 L2TP August 1999 + + +4.1 AVP Format + + Each AVP is encoded as: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |M|H| rsvd | Length | Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Attribute Type | Attribute Value... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + [until Length is reached]... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The first six bits are a bit mask, describing the general attributes + of the AVP. + + Two bits are defined in this document, the remaining are reserved for + future extensions. Reserved bits MUST be set to 0. An AVP received + with a reserved bit set to 1 MUST be treated as an unrecognized AVP. + + Mandatory (M) bit: Controls the behavior required of an + implementation which receives an AVP which it does not recognize. If + the M bit is set on an unrecognized AVP within a message associated + with a particular session, the session associated with this message + MUST be terminated. If the M bit is set on an unrecognized AVP within + a message associated with the overall tunnel, the entire tunnel (and + all sessions within) MUST be terminated. If the M bit is not set, an + unrecognized AVP MUST be ignored. The control message must then + continue to be processed as if the AVP had not been present. + + Hidden (H) bit: Identifies the hiding of data in the Attribute Value + field of an AVP. This capability can be used to avoid the passing of + sensitive data, such as user passwords, as cleartext in an AVP. + Section 4.3 describes the procedure for performing AVP hiding. + + Length: Encodes the number of octets (including the Overall Length + and bitmask fields) contained in this AVP. The Length may be + calculated as 6 + the length of the Attribute Value field in octets. + The field itself is 10 bits, permitting a maximum of 1023 octets of + data in a single AVP. The minimum Length of an AVP is 6. If the + length is 6, then the Attribute Value field is absent. + + Vendor ID: The IANA assigned "SMI Network Management Private + Enterprise Codes" [RFC1700] value. The value 0, corresponding to + IETF adopted attribute values, is used for all AVPs defined within + this document. Any vendor wishing to implement their own L2TP + extensions can use their own Vendor ID along with private Attribute + + + +Townsley, et al. Standards Track [Page 13] + +RFC 2661 L2TP August 1999 + + + values, guaranteeing that they will not collide with any other + vendor's extensions, nor with future IETF extensions. Note that there + are 16 bits allocated for the Vendor ID, thus limiting this feature + to the first 65,535 enterprises. + + Attribute Type: A 2 octet value with a unique interpretation across + all AVPs defined under a given Vendor ID. + + Attribute Value: This is the actual value as indicated by the Vendor + ID and Attribute Type. It follows immediately after the Attribute + Type field, and runs for the remaining octets indicated in the Length + (i.e., Length minus 6 octets of header). This field is absent if the + Length is 6. + +4.2 Mandatory AVPs + + Receipt of an unknown AVP that has the M-bit set is catastrophic to + the session or tunnel it is associated with. Thus, the M bit should + only be defined for AVPs which are absolutely crucial to proper + operation of the session or tunnel. Further, in the case where the + LAC or LNS receives an unknown AVP with the M-bit set and shuts down + the session or tunnel accordingly, it is the full responsibility of + the peer sending the Mandatory AVP to accept fault for causing an + non-interoperable situation. Before defining an AVP with the M-bit + set, particularly a vendor-specific AVP, be sure that this is the + intended consequence. + + When an adequate alternative exists to use of the M-bit, it should be + utilized. For example, rather than simply sending an AVP with the M- + bit set to determine if a specific extension exists, availability may + be identified by sending an AVP in a request message and expecting a + corresponding AVP in a reply message. + + Use of the M-bit with new AVPs (those not defined in this document) + MUST provide the ability to configure the associated feature off, + such that the AVP is either not sent, or sent with the M-bit not set. + +4.3 Hiding of AVP Attribute Values + + The H bit in the header of each AVP provides a mechanism to indicate + to the receiving peer whether the contents of the AVP are hidden or + present in cleartext. This feature can be used to hide sensitive + control message data such as user passwords or user IDs. + + The H bit MUST only be set if a shared secret exists between the LAC + and LNS. The shared secret is the same secret that is used for tunnel + authentication (see Section 5.1.1). If the H bit is set in any + + + + +Townsley, et al. Standards Track [Page 14] + +RFC 2661 L2TP August 1999 + + + AVP(s) in a given control message, a Random Vector AVP must also be + present in the message and MUST precede the first AVP having an H bit + of 1. + + Hiding an AVP value is done in several steps. The first step is to + take the length and value fields of the original (cleartext) AVP and + encode them into a Hidden AVP Subformat as follows: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Length of Original Value | Original Attribute Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... | Padding ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Length of Original Attribute Value: This is length of the Original + Attribute Value to be obscured in octets. This is necessary to + determine the original length of the Attribute Value which is lost + when the additional Padding is added. + + Original Attribute Value: Attribute Value that is to be obscured. + + Padding: Random additional octets used to obscure length of the + Attribute Value that is being hidden. + + To mask the size of the data being hidden, the resulting subformat + MAY be padded as shown above. Padding does NOT alter the value placed + in the Length of Original Attribute Value field, but does alter the + length of the resultant AVP that is being created. For example, If an + Attribute Value to be hidden is 4 octets in length, the unhidden AVP + length would be 10 octets (6 + Attribute Value length). After hiding, + the length of the AVP will become 6 + Attribute Value length + size + of the Length of Original Attribute Value field + Padding. Thus, if + Padding is 12 octets, the AVP length will be 6 + 4 + 2 + 12 = 24 + octets. + + Next, An MD5 hash is performed on the concatenation of: + + + the 2 octet Attribute number of the AVP + + the shared secret + + an arbitrary length random vector + + The value of the random vector used in this hash is passed in the + value field of a Random Vector AVP. This Random Vector AVP must be + placed in the message by the sender before any hidden AVPs. The same + random vector may be used for more than one hidden AVP in the same + + + + +Townsley, et al. Standards Track [Page 15] + +RFC 2661 L2TP August 1999 + + + message. If a different random vector is used for the hiding of + subsequent AVPs then a new Random Vector AVP must be placed in the + command message before the first AVP to which it applies. + + The MD5 hash value is then XORed with the first 16 octet (or less) + segment of the Hidden AVP Subformat and placed in the Attribute Value + field of the Hidden AVP. If the Hidden AVP Subformat is less than 16 + octets, the Subformat is transformed as if the Attribute Value field + had been padded to 16 octets before the XOR, but only the actual + octets present in the Subformat are modified, and the length of the + AVP is not altered. + + If the Subformat is longer than 16 octets, a second one-way MD5 hash + is calculated over a stream of octets consisting of the shared secret + followed by the result of the first XOR. That hash is XORed with the + second 16 octet (or less) segment of the Subformat and placed in the + corresponding octets of the Value field of the Hidden AVP. + + If necessary, this operation is repeated, with the shared secret used + along with each XOR result to generate the next hash to XOR the next + segment of the value with. + + The hiding method was adapted from RFC 2138 [RFC2138] which was taken + from the "Mixing in the Plaintext" section in the book "Network + Security" by Kaufman, Perlman and Speciner [KPS]. A detailed + explanation of the method follows: + + Call the shared secret S, the Random Vector RV, and the Attribute + Value AV. Break the value field into 16-octet chunks p1, p2, etc. + with the last one padded at the end with random data to a 16-octet + boundary. Call the ciphertext blocks c(1), c(2), etc. We will also + define intermediate values b1, b2, etc. + + b1 = MD5(AV + S + RV) c(1) = p1 xor b1 + b2 = MD5(S + c(1)) c(2) = p2 xor b2 + . . + . . + . . + bi = MD5(S + c(i-1)) c(i) = pi xor bi + + The String will contain c(1)+c(2)+...+c(i) where + denotes + concatenation. + + On receipt, the random vector is taken from the last Random Vector + AVP encountered in the message prior to the AVP to be unhidden. The + above process is then reversed to yield the original value. + + + + + +Townsley, et al. Standards Track [Page 16] + +RFC 2661 L2TP August 1999 + + +4.4 AVP Summary + + The following sections contain a list of all L2TP AVPs defined in + this document. + + Following the name of the AVP is a list indicating the message types + that utilize each AVP. After each AVP title follows a short + description of the purpose of the AVP, a detail (including a graphic) + of the format for the Attribute Value, and any additional information + needed for proper use of the avp. + +4.4.1 AVPs Applicable To All Control Messages + + Message Type (All Messages) + + The Message Type AVP, Attribute Type 0, identifies the control + message herein and defines the context in which the exact meaning + of the following AVPs will be determined. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Message Type is a 2 octet unsigned integer. + + The Message Type AVP MUST be the first AVP in a message, + immediately following the control message header (defined in + section 3.1). See Section 3.2 for the list of defined control + message types and their identifiers. + + The Mandatory (M) bit within the Message Type AVP has special + meaning. Rather than an indication as to whether the AVP itself + should be ignored if not recognized, it is an indication as to + whether the control message itself should be ignored. Thus, if the + M-bit is set within the Message Type AVP and the Message Type is + unknown to the implementation, the tunnel MUST be cleared. If the + M-bit is not set, then the implementation may ignore an unknown + message type. The M-bit MUST be set to 1 for all message types + defined in this document. This AVP may not be hidden (the H-bit + MUST be 0). The Length of this AVP is 8. + + + + + + + +Townsley, et al. Standards Track [Page 17] + +RFC 2661 L2TP August 1999 + + + Random Vector (All Messages) + + The Random Vector AVP, Attribute Type 36, is used to enable the + hiding of the Attribute Value of arbitrary AVPs. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Random Octet String ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Random Octet String may be of arbitrary length, although a + random vector of at least 16 octets is recommended. The string + contains the random vector for use in computing the MD5 hash to + retrieve or hide the Attribute Value of a hidden AVP (see Section + 4.2). + + More than one Random Vector AVP may appear in a message, in which + case a hidden AVP uses the Random Vector AVP most closely + preceding it. This AVP MUST precede the first AVP with the H bit + set. + + The M-bit for this AVP MUST be set to 1. This AVP MUST NOT be + hidden (the H-bit MUST be 0). The Length of this AVP is 6 plus the + length of the Random Octet String. + +4.4.2 Result and Error Codes + + Result Code (CDN, StopCCN) + + The Result Code AVP, Attribute Type 1, indicates the reason for + terminating the control channel or session. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Result Code | Error Code (opt) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Error Message (opt) ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Result Code is a 2 octet unsigned integer. The optional Error + Code is a 2 octet unsigned integer. An optional Error Message can + follow the Error Code field. Presence of the Error Code and + + + +Townsley, et al. Standards Track [Page 18] + +RFC 2661 L2TP August 1999 + + + Message are indicated by the AVP Length field. The Error Message + contains an arbitrary string providing further (human readable) + text associated with the condition. Human readable text in all + error messages MUST be provided in the UTF-8 charset using the + Default Language [RFC2277]. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length is 8 if there is no Error + Code or Message, 10 if there is an Error Code and no Error Message + or 10 + the length of the Error Message if there is an Error Code + and Message. + + Defined Result Code values for the StopCCN message are: + + 0 - Reserved + 1 - General request to clear control connection + 2 - General error--Error Code indicates the problem + 3 - Control channel already exists + 4 - Requester is not authorized to establish a control + channel + 5 - The protocol version of the requester is not + supported + Error Code indicates highest version supported + 6 - Requester is being shut down + 7 - Finite State Machine error + + Defined Result Code values for the CDN message are: + + 0 - Reserved + 1 - Call disconnected due to loss of carrier + 2 - Call disconnected for the reason indicated + in error code + 3 - Call disconnected for administrative reasons + 4 - Call failed due to lack of appropriate facilities + being available (temporary condition) + 5 - Call failed due to lack of appropriate facilities being + available (permanent condition) + 6 - Invalid destination + 7 - Call failed due to no carrier detected + 8 - Call failed due to detection of a busy signal + 9 - Call failed due to lack of a dial tone + 10 - Call was not established within time allotted by LAC + 11 - Call was connected but no appropriate framing was + detected + + The Error Codes defined below pertain to types of errors that are + not specific to any particular L2TP request, but rather to + protocol or message format errors. If an L2TP reply indicates in + + + +Townsley, et al. Standards Track [Page 19] + +RFC 2661 L2TP August 1999 + + + its Result Code that a general error occurred, the General Error + value should be examined to determine what the error was. The + currently defined General Error codes and their meanings are: + + 0 - No general error + 1 - No control connection exists yet for this LAC-LNS pair + 2 - Length is wrong + 3 - One of the field values was out of range or + reserved field was non-zero + 4 - Insufficient resources to handle this operation now + 5 - The Session ID is invalid in this context + 6 - A generic vendor-specific error occurred in the LAC + 7 - Try another. If LAC is aware of other possible LNS + destinations, it should try one of them. This can be + used to guide an LAC based on LNS policy, for instance, + the existence of multilink PPP bundles. + 8 - Session or tunnel was shutdown due to receipt of an unknown + AVP with the M-bit set (see section 4.2). The Error Message + SHOULD contain the attribute of the offending AVP in (human + readable) text form. + + When a General Error Code of 6 is used, additional information + about the error SHOULD be included in the Error Message field. + +4.4.3 Control Connection Management AVPs + + Protocol Version (SCCRP, SCCRQ) + + The Protocol Version AVP, Attribute Type 2, indicates the L2TP + protocol version of the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Ver | Rev | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Ver field is a 1 octet unsigned integer containing the value + 1. Rev field is a 1 octet unsigned integer containing 0. This + pertains to L2TP protocol version 1, revision 0. Note this is not + the same version number that is included in the header of each + message. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 8. + + + + +Townsley, et al. Standards Track [Page 20] + +RFC 2661 L2TP August 1999 + + + Framing Capabilities (SCCRP, SCCRQ) + + The Framing Capabilities AVP, Attribute Type 3, provides the peer + with an indication of the types of framing that will be accepted + or requested by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future framing type definitions |A|S| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Attribute Value field is a 32-bit mask, with two bits defined. + If bit A is set, asynchronous framing is supported. If bit S is + set, synchronous framing is supported. + + A peer MUST NOT request an incoming or outgoing call with a + Framing Type AVP specifying a value not advertised in the Framing + Capabilities AVP it received during control connection + establishment. Attempts to do so will result in the call being + rejected. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) is 10. + + Bearer Capabilities (SCCRP, SCCRQ) + + The Bearer Capabilities AVP, Attribute Type 4, provides the peer + with an indication of the bearer device types supported by the + hardware interfaces of the sender for outgoing calls. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future bearer type definitions |A|D| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + This is a 32-bit mask, with two bits defined. If bit A is set, + analog access is supported. If bit D is set, digital access is + supported. + + + + + + + +Townsley, et al. Standards Track [Page 21] + +RFC 2661 L2TP August 1999 + + + An LNS should not request an outgoing call specifying a value in + the Bearer Type AVP for a device type not advertised in the Bearer + Capabilities AVP it received from the LAC during control + connection establishment. Attempts to do so will result in the + call being rejected. + + This AVP MUST be present if the sender can place outgoing calls + when requested. + + Note that an LNS that cannot act as an LAC as well will not + support hardware devices for handling incoming and outgoing calls + and should therefore set the A and D bits of this AVP to 0, or + should not send the AVP at all. An LNS that can also act as an LAC + and place outgoing calls should set A or D as appropriate. + Presence of this message is not a guarantee that a given outgoing + call will be placed by the sender if requested, just that the + physical capability exists. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) is 10. + + Tie Breaker (SCCRQ) + + The Tie Breaker AVP, Attribute Type 5, indicates that the sender + wishes a single tunnel to exist between the given LAC-LNS pair. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Tie Break Value... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ...(64 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Tie Breaker Value is an 8 octet value that is used to choose a + single tunnel where both LAC and LNS request a tunnel + concurrently. The recipient of a SCCRQ must check to see if a + SCCRQ has been sent to the peer, and if so, must compare its Tie + Breaker value with the received one. The lower value "wins", and + the "loser" MUST silently discard its tunnel. In the case where a + tie breaker is present on both sides, and the value is equal, both + sides MUST discard their tunnels. + + + + + + + +Townsley, et al. Standards Track [Page 22] + +RFC 2661 L2TP August 1999 + + + If a tie breaker is received, and an outstanding SCCRQ had no tie + breaker value, the initiator which included the Tie Breaker AVP + "wins". If neither side issues a tie breaker, then two separate + tunnels are opened. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 0. The Length of this AVP is 14. + + Firmware Revision (SCCRP, SCCRQ) + + The Firmware Revision AVP, Attribute Type 6, indicates the + firmware revision of the issuing device. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Firmware Revision | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Firmware Revision is a 2 octet unsigned integer encoded in a + vendor specific format. + + For devices which do not have a firmware revision (general purpose + computers running L2TP software modules, for instance), the + revision of the L2TP software module may be reported instead. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) is 8. + + Host Name (SCCRP, SCCRQ) + + The Host Name AVP, Attribute Type 7, indicates the name of the + issuing LAC or LNS. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Host Name ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Host Name is of arbitrary length, but MUST be at least 1 + octet. + + + + + +Townsley, et al. Standards Track [Page 23] + +RFC 2661 L2TP August 1999 + + + This name should be as broadly unique as possible; for hosts + participating in DNS [RFC1034], a hostname with fully qualified + domain would be appropriate. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 6 plus the + length of the Host Name. + + Vendor Name (SCCRP, SCCRQ) + + The Vendor Name AVP, Attribute Type 8, contains a vendor specific + (possibly human readable) string describing the type of LAC or LNS + being used. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Vendor Name ...(arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Vendor Name is the indicated number of octets representing the + vendor string. Human readable text for this AVP MUST be provided + in the UTF-8 charset using the Default Language [RFC2277]. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the Vendor Name. + + Assigned Tunnel ID (SCCRP, SCCRQ, StopCCN) + + The Assigned Tunnel ID AVP, Attribute Type 9, encodes the ID being + assigned to this tunnel by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assigned Tunnel ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Assigned Tunnel ID is a 2 octet non-zero unsigned integer. + + The Assigned Tunnel ID AVP establishes a value used to multiplex + and demultiplex multiple tunnels between the LNS and LAC. The L2TP + peer MUST place this value in the Tunnel ID header field of all + + + +Townsley, et al. Standards Track [Page 24] + +RFC 2661 L2TP August 1999 + + + control and data messages that it subsequently transmits over the + associated tunnel. Before the Assigned Tunnel ID AVP is received + from a peer, messages MUST be sent to that peer with a Tunnel ID + value of 0 in the header of all control messages. + + In the StopCCN control message, the Assigned Tunnel ID AVP MUST be + the same as the Assigned Tunnel ID AVP first sent to the receiving + peer, permitting the peer to identify the appropriate tunnel even + if a StopCCN is sent before an Assigned Tunnel ID AVP is received. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 8. + + Receive Window Size (SCCRQ, SCCRP) + + The Receive Window Size AVP, Attribute Type 10, specifies the + receive window size being offered to the remote peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Window Size | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Window Size is a 2 octet unsigned integer. + + If absent, the peer must assume a Window Size of 4 for its + transmit window. The remote peer may send the specified number of + control messages before it must wait for an acknowledgment. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 8. + + Challenge (SCCRP, SCCRQ) + + The Challenge AVP, Attribute Type 11, indicates that the issuing + peer wishes to authenticate the tunnel endpoints using a CHAP- + style authentication mechanism. + + + + + + + + + + +Townsley, et al. Standards Track [Page 25] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Challenge ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Challenge is one or more octets of random data. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Challenge. + + Challenge Response (SCCCN, SCCRP) + + The Response AVP, Attribute Type 13, provides a response to a + challenge received. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Response ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... (16 octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Response is a 16 octet value reflecting the CHAP-style + [RFC1994] response to the challenge. + + This AVP MUST be present in an SCCRP or SCCCN if a challenge was + received in the preceding SCCRQ or SCCRP. For purposes of the ID + value in the CHAP response calculation, the value of the Message + Type AVP for this message is used (e.g. 2 for an SCCRP, and 3 for + an SCCCN). + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 22. + + + + + + +Townsley, et al. Standards Track [Page 26] + +RFC 2661 L2TP August 1999 + + +4.4.4 Call Management AVPs + + Q.931 Cause Code (CDN) + + The Q.931 Cause Code AVP, Attribute Type 12, is used to give + additional information in case of unsolicited call disconnection. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Cause Code | Cause Msg | Advisory Msg... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Cause Code is the returned Q.931 Cause code, and Cause Msg is the + returned Q.931 message code (e.g., DISCONNECT) associated with the + Cause Code. Both values are returned in their native ITU + encodings [DSS1]. An additional ASCII text Advisory Message may + also be included (presence indicated by the AVP Length) to further + explain the reason for disconnecting. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 9, plus the + size of the Advisory Message. + + Assigned Session ID (CDN, ICRP, ICRQ, OCRP, OCRQ) + + The Assigned Session ID AVP, Attribute Type 14, encodes the ID + being assigned to this session by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assigned Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Assigned Session ID is a 2 octet non-zero unsigned integer. + + The Assigned Session ID AVP is establishes a value used to + multiplex and demultiplex data sent over a tunnel between the LNS + and LAC. The L2TP peer MUST place this value in the Session ID + header field of all control and data messages that it subsequently + transmits over the tunnel that belong to this session. Before the + + + + + +Townsley, et al. Standards Track [Page 27] + +RFC 2661 L2TP August 1999 + + + Assigned Session ID AVP is received from a peer, messages MUST be + sent to that peer with a Session ID of 0 in the header of all + control messages. + + In the CDN control message, the same Assigned Session ID AVP first + sent to the receiving peer is used, permitting the peer to + identify the appropriate tunnel even if CDN is sent before an + Assigned Session ID is received. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 8. + + Call Serial Number (ICRQ, OCRQ) + + The Call Serial Number AVP, Attribute Type 15, encodes an + identifier assigned by the LAC or LNS to this call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Call Serial Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Call Serial Number is a 32 bit value. + + The Call Serial Number is intended to be an easy reference for + administrators on both ends of a tunnel to use when investigating + call failure problems. Call Serial Numbers should be set to + progressively increasing values, which are likely to be unique for + a significant period of time across all interconnected LNSs and + LACs. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Minimum BPS (OCRQ) + + The Minimum BPS AVP, Attribute Type 16, encodes the lowest + acceptable line speed for this call. + + + + + + + + +Townsley, et al. Standards Track [Page 28] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Minimum BPS | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Minimum BPS is a 32 bit value indicates the speed in bits per + second. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Maximum BPS (OCRQ) + + The Maximum BPS AVP, Attribute Type 17, encodes the highest + acceptable line speed for this call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Maximum BPS | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Maximum BPS is a 32 bit value indicates the speed in bits per + second. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Bearer Type (ICRQ, OCRQ) + + The Bearer Type AVP, Attribute Type 18, encodes the bearer type + for the incoming or outgoing call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future Bearer Types |A|D| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Townsley, et al. Standards Track [Page 29] + +RFC 2661 L2TP August 1999 + + + The Bearer Type is a 32-bit bit mask, which indicates the bearer + capability of the call (ICRQ) or required for the call (OCRQ). If + set, bit A indicates that the call refers to an analog channel. If + set, bit D indicates that the call refers to a digital channel. + Both may be set, indicating that the call was either + indistinguishable, or can be placed on either type of channel. + + Bits in the Value field of this AVP MUST only be set by the LNS + for an OCRQ if it was set in the Bearer Capabilities AVP received + from the LAC during control connection establishment. + + It is valid to set neither the A nor D bits in an ICRQ. Such a + setting may indicate that the call was not received over a + physical link (e.g if the LAC and PPP are located in the same + subsystem). + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Framing Type (ICCN, OCCN, OCRQ) + + The Framing Type AVP, Attribute Type 19, encodes the framing type + for the incoming or outgoing call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future Framing Types |A|S| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Framing Type is a 32-bit mask, which indicates the type of PPP + framing requested for an OCRQ, or the type of PPP framing + negotiated for an OCCN or ICCN. The framing type MAY be used as an + indication to PPP on the LNS as to what link options to use for + LCP negotiation [RFC1662]. + + Bit A indicates asynchronous framing. Bit S indicates synchronous + framing. For an OCRQ, both may be set, indicating that either type + of framing may be used. + + Bits in the Value field of this AVP MUST only be set by the LNS + for an OCRQ if it was set in the Framing Capabilities AVP received + from the LAC during control connection establishment. + + + + + +Townsley, et al. Standards Track [Page 30] + +RFC 2661 L2TP August 1999 + + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Called Number (ICRQ, OCRQ) + + The Called Number AVP, Attribute Type 21, encodes the telephone + number to be called for an OCRQ, and the Called number for an + ICRQ. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Called Number... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Called Number is an ASCII string. Contact between the + administrator of the LAC and the LNS may be necessary to + coordinate interpretation of the value needed in this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Called Number. + + Calling Number (ICRQ) + + The Calling Number AVP, Attribute Type 22, encodes the originating + number for the incoming call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Calling Number... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Calling Number is an ASCII string. Contact between the + administrator of the LAC and the LNS may be necessary to + coordinate interpretation of the value in this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Calling Number. + + + + + +Townsley, et al. Standards Track [Page 31] + +RFC 2661 L2TP August 1999 + + + Sub-Address (ICRQ, OCRQ) + + The Sub-Address AVP, Attribute Type 23, encodes additional dialing + information. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sub-Address ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Sub-Address is an ASCII string. Contact between the + administrator of the LAC and the LNS may be necessary to + coordinate interpretation of the value in this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Sub-Address. + + (Tx) Connect Speed (ICCN, OCCN) + + The (Tx) Connect Speed BPS AVP, Attribute Type 24, encodes the + speed of the facility chosen for the connection attempt. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | BPS | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The (Tx) Connect Speed BPS is a 4 octet value indicating the speed + in bits per second. + + When the optional Rx Connect Speed AVP is present, the value in + this AVP represents the transmit connect speed, from the + perspective of the LAC (e.g. data flowing from the LAC to the + remote system). When the optional Rx Connect Speed AVP is NOT + present, the connection speed between the remote system and LAC is + assumed to be symmetric and is represented by the single value in + this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + + +Townsley, et al. Standards Track [Page 32] + +RFC 2661 L2TP August 1999 + + + Rx Connect Speed (ICCN, OCCN) + + The Rx Connect Speed AVP, Attribute Type 38, represents the speed + of the connection from the perspective of the LAC (e.g. data + flowing from the remote system to the LAC). + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | BPS (H) | BPS (L) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + BPS is a 4 octet value indicating the speed in bits per second. + + Presence of this AVP implies that the connection speed may be + asymmetric with respect to the transmit connect speed given in the + (Tx) Connect Speed AVP. + + This AVP may be hidden (the H-bit MAY be 1 or 0). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 10. + + Physical Channel ID (ICRQ, OCRP) + + The Physical Channel ID AVP, Attribute Type 25, encodes the vendor + specific physical channel number used for a call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Physical Channel ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Physical Channel ID is a 4 octet value intended to be used for + logging purposes only. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 10. + + + + + + + + +Townsley, et al. Standards Track [Page 33] + +RFC 2661 L2TP August 1999 + + + Private Group ID (ICCN) + + The Private Group ID AVP, Attribute Type 37, is used by the LAC to + indicate that this call is to be associated with a particular + customer group. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Private Group ID ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Private Group ID is a string of octets of arbitrary length. + + The LNS MAY treat the PPP session as well as network traffic + through this session in a special manner determined by the peer. + For example, if the LNS is individually connected to several + private networks using unregistered addresses, this AVP may be + included by the LAC to indicate that a given call should be + associated with one of the private networks. + + The Private Group ID is a string corresponding to a table in the + LNS that defines the particular characteristics of the selected + group. A LAC MAY determine the Private Group ID from a RADIUS + response, local configuration, or some other source. + + This AVP may be hidden (the H-bit MAY be 1 or 0). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the Private Group ID. + + Sequencing Required (ICCN, OCCN) + + The Sequencing Required AVP, Attribute Type 39, indicates to the + LNS that Sequence Numbers MUST always be present on the data + channel. + + This AVP has no Attribute Value field. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 6. + +4.4.5 Proxy LCP and Authentication AVPs + + The LAC may have answered the call and negotiated LCP with the + remote system, perhaps in order to establish the system's apparent + identity. In this case, these AVPs may be included to indicate the + + + +Townsley, et al. Standards Track [Page 34] + +RFC 2661 L2TP August 1999 + + + link properties the remote system initially requested, properties + the remote system and LAC ultimately negotiated, as well as PPP + authentication information sent and received by the LAC. This + information may be used to initiate the PPP LCP and authentication + systems on the LNS, allowing PPP to continue without renegotiation + of LCP. Note that the LNS policy may be to enter an additional + round of LCP negotiation and/or authentication if the LAC is not + trusted. + + Initial Received LCP CONFREQ (ICCN) + + In the Initial Received LCP CONFREQ AVP, Attribute Type 26, + provides the LNS with the Initial CONFREQ received by the LAC from + the PPP Peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | LCP CONFREQ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + LCP CONFREQ is a copy of the body of the initial CONFREQ received, + starting at the first option within the body of the LCP message. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the CONFREQ. + + Last Sent LCP CONFREQ (ICCN) + + In the Last Sent LCP CONFREQ AVP, Attribute Type 27, provides the + LNS with the Last CONFREQ sent by the LAC to the PPP Peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | LCP CONFREQ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The LCP CONFREQ is a copy of the body of the final CONFREQ sent to + the client to complete LCP negotiation, starting at the first + option within the body of the LCP message. + + + + + +Townsley, et al. Standards Track [Page 35] + +RFC 2661 L2TP August 1999 + + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the CONFREQ. + + Last Received LCP CONFREQ (ICCN) + + The Last Received LCP CONFREQ AVP, Attribute Type 28, provides the + LNS with the Last CONFREQ received by the LAC from the PPP Peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | LCP CONFREQ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The LCP CONFREQ is a copy of the body of the final CONFREQ + received from the client to complete LCP negotiation, starting at + the first option within the body of the LCP message. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the CONFREQ. + + Proxy Authen Type (ICCN) + + The Proxy Authen Type AVP, Attribute Type 29, determines if proxy + authentication should be used. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Authen Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Authen Type is a 2 octet unsigned integer, holding: + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 8. + + + + + + + + +Townsley, et al. Standards Track [Page 36] + +RFC 2661 L2TP August 1999 + + + Defined Authen Type values are: + 0 - Reserved + 1 - Textual username/password exchange + 2 - PPP CHAP + 3 - PPP PAP + 4 - No Authentication + 5 - Microsoft CHAP Version 1 (MSCHAPv1) + + This AVP MUST be present if proxy authentication is to be + utilized. If it is not present, then it is assumed that this + peer cannot perform proxy authentication, requiring + a restart of the authentication phase at the LNS if the client + has already entered this phase with the + LAC (which may be determined by the Proxy LCP AVP if present). + + Associated AVPs for each type of authentication follow. + + Proxy Authen Name (ICCN) + + The Proxy Authen Name AVP, Attribute Type 30, specifies the name + of the authenticating client when using proxy authentication. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Authen Name... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Authen Name is a string of octets of arbitrary length. It + contains the name specified in the client's authentication + response. + + This AVP MUST be present in messages containing a Proxy Authen + Type AVP with an Authen Type of 1, 2, 3 or 5. It may be desirable + to employ AVP hiding for obscuring the cleartext name. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) is 6 plus + the length of the cleartext name. + + Proxy Authen Challenge (ICCN) + + The Proxy Authen Challenge AVP, Attribute Type 31, specifies the + challenge sent by the LAC to the PPP Peer, when using proxy + authentication. + + + + +Townsley, et al. Standards Track [Page 37] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Challenge... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Challenge is a string of one or more octets. + + This AVP MUST be present for Proxy Authen Types 2 and 5. The + Challenge field contains the CHAP challenge presented to the + client by the LAC. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6, plus the length of the Challenge. + + Proxy Authen ID (ICCN) + + The Proxy Authen ID AVP, Attribute Type 32, specifies the ID value + of the PPP Authentication that was started between the LAC and the + PPP Peer, when proxy authentication is being used. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + ID is a 2 octet unsigned integer, the most significant octet MUST + be 0. + + The Proxy Authen ID AVP MUST be present for Proxy authen types 2, + 3 and 5. For 2 and 5, the ID field contains the byte ID value + presented to the client by the LAC in its Challenge. For 3, it is + the Identifier value of the Authenticate-Request. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. + + Proxy Authen Response (ICCN) + + The Proxy Authen Response AVP, Attribute Type 33, specifies the + PPP Authentication response received by the LAC from the PPP Peer, + when proxy authentication is used. + + + +Townsley, et al. Standards Track [Page 38] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Response... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Response is a string of octets. + + This AVP MUST be present for Proxy authen types 1, 2, 3 and 5. The + Response field contains the client's response to the challenge. + For Proxy authen types 2 and 5, this field contains the response + value received by the LAC. For types 1 or 3, it contains the clear + text password received from the client by the LAC. In the case of + cleartext passwords, AVP hiding is recommended. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the Response. + +4.4.6 Call Status AVPs + + Call Errors (WEN) + + The Call Errors AVP, Attribute Type 34, is used by the LAC to send + error information to the LNS. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | CRC Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | CRC Errors (L) | Framing Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Framing Errors (L) | Hardware Overruns (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Hardware Overruns (L) | Buffer Overruns (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Buffer Overruns (L) | Time-out Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Time-out Errors (L) | Alignment Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Alignment Errors (L) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Townsley, et al. Standards Track [Page 39] + +RFC 2661 L2TP August 1999 + + + The following fields are defined: + + Reserved - Not used, MUST be 0 + CRC Errors - Number of PPP frames received with CRC errors + since call was established + Framing Errors - Number of improperly framed PPP packets + received + Hardware Overruns - Number of receive buffer over-runs since + call was established + Buffer Overruns - Number of buffer over-runs detected since + call was established + Time-out Errors - Number of time-outs since call was + established + Alignment Errors - Number of alignment errors since call was + established + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 32. + + ACCM (SLI) + + The ACCM AVP, Attribute Type 35, is used by the LNS to inform LAC + of the ACCM negotiated with the PPP Peer by the LNS. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | Send ACCM (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Send ACCM (L) | Receive ACCM (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Receive ACCM (L) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Send ACCM and Receive ACCM are each 4 octet values preceded by a 2 + octet reserved quantity. The send ACCM value should be used by the + LAC to process packets it sends on the connection. The receive + ACCM value should be used by the LAC to process incoming packets + on the connection. The default values used by the LAC for both + these fields are 0xFFFFFFFF. The LAC should honor these fields + unless it has specific configuration information to indicate that + the requested mask must be modified to permit operation. + + This AVP may be hidden (the H-bit MAY be 1 or 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 16. + + + +Townsley, et al. Standards Track [Page 40] + +RFC 2661 L2TP August 1999 + + +5.0 Protocol Operation + + The necessary setup for tunneling a PPP session with L2TP consists of + two steps, (1) establishing the Control Connection for a Tunnel, and + (2) establishing a Session as triggered by an incoming or outgoing + call request. The Tunnel and corresponding Control Connection MUST be + established before an incoming or outgoing call is initiated. An L2TP + Session MUST be established before L2TP can begin to tunnel PPP + frames. Multiple Sessions may exist across a single Tunnel and + multiple Tunnels may exist between the same LAC and LNS. + + +-----+ +-----+ + | |~~~~~~~~~~L2TP Tunnel~~~~~~~~~~| | + | LAC | | LNS | + | #######Control Connection######## | + [Remote] | | | | + [System]------Call----------*============L2TP Session=============* | + PPP +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | + | | | | + [Remote] | | | | + [System]------Call----------*============L2TP Session=============* | + PPP +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | + | | | | + | |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | + +-----+ +-----+ + + Figure 5.1 Tunneling PPP + +5.1 Control Connection Establishment + + The Control Connection is the initial connection that must be + achieved between an LAC and LNS before sessions may be brought up. + Establishment of the control connection includes securing the + identity of the peer, as well as identifying the peer's L2TP version, + framing, and bearer capabilities, etc. + + A three message exchange is utilized to setup the control connection. + Following is a typical message exchange: + + LAC or LNS LAC or LNS + ---------- ---------- + SCCRQ -> + <- SCCRP + SCCCN -> + <- ZLB ACK + + The ZLB ACK is sent if there are no further messages waiting in queue + for that peer. + + + +Townsley, et al. Standards Track [Page 41] + +RFC 2661 L2TP August 1999 + + +5.1.1 Tunnel Authentication + + L2TP incorporates a simple, optional, CHAP-like [RFC1994] tunnel + authentication system during control connection establishment. If an + LAC or LNS wishes to authenticate the identity of the peer it is + contacting or being contacted by, a Challenge AVP is included in the + SCCRQ or SCCRP message. If a Challenge AVP is received in an SCCRQ or + SCCRP, a Challenge Response AVP MUST be sent in the following SCCRP + or SCCCN, respectively. If the expected response and response + received from a peer does not match, establishment of the tunnel MUST + be disallowed. + + To participate in tunnel authentication, a single shared secret MUST + exist between the LAC and LNS. This is the same shared secret used + for AVP hiding (see Section 4.3). See Section 4.4.3 for details on + construction of the Challenge and Response AVPs. + +5.2 Session Establishment + + After successful control connection establishment, individual + sessions may be created. Each session corresponds to single PPP + stream between the LAC and LNS. Unlike control connection + establishment, session establishment is directional with respect to + the LAC and LNS. The LAC requests the LNS to accept a session for an + incoming call, and the LNS requests the LAC to accept a session for + placing an outgoing call. + +5.2.1 Incoming Call Establishment + + A three message exchange is employed to setup the session. Following + is a typical sequence of events: + + LAC LNS + --- --- + (Call + Detected) + + ICRQ -> + <- ICRP + ICCN -> + <- ZLB ACK + + The ZLB ACK is sent if there are no further messages waiting in queue + for that peer. + + + + + + + +Townsley, et al. Standards Track [Page 42] + +RFC 2661 L2TP August 1999 + + +5.2.2 Outgoing Call Establishment + + A three message exchange is employed to setup the session. Following + is a typical sequence of events: + + LAC LNS + --- --- + <- OCRQ + OCRP -> + + (Perform + Call + Operation) + + OCCN -> + <- ZLB ACK + + The ZLB ACK is sent if there are no further messages waiting in queue + for that peer. + +5.3 Forwarding PPP Frames + + Once tunnel establishment is complete, PPP frames from the remote + system are received at the LAC, stripped of CRC, link framing, and + transparency bytes, encapsulated in L2TP, and forwarded over the + appropriate tunnel. The LNS receives the L2TP packet, and processes + the encapsulated PPP frame as if it were received on a local PPP + interface. + + The sender of a message associated with a particular session and + tunnel places the Session ID and Tunnel ID (specified by its peer) in + the Session ID and Tunnel ID header for all outgoing messages. In + this manner, PPP frames are multiplexed and demultiplexed over a + single tunnel between a given LNS-LAC pair. Multiple tunnels may + exist between a given LNS-LAC pair, and multiple sessions may exist + within a tunnel. + + The value of 0 for Session ID and Tunnel ID is special and MUST NOT + be used as an Assigned Session ID or Assigned Tunnel ID. For the + cases where a Session ID has not yet been assigned by the peer (i.e., + during establishment of a new session or tunnel), the Session ID + field MUST be sent as 0, and the Assigned Session ID AVP within the + message MUST be used to identify the session. Similarly, for cases + where the Tunnel ID has not yet been assigned from the peer, the + Tunnel ID MUST be sent as 0 and Assigned Tunnel ID AVP used to + identify the tunnel. + + + + + +Townsley, et al. Standards Track [Page 43] + +RFC 2661 L2TP August 1999 + + +5.4 Using Sequence Numbers on the Data Channel + + Sequence numbers are defined in the L2TP header for control messages + and optionally for data messages (see Section 3.1). These are used to + provide a reliable control message transport (see Section 5.8) and + optional data message sequencing. Each peer maintains separate + sequence numbers for the control connection and each individual data + session within a tunnel. + + Unlike the L2TP control channel, the L2TP data channel does not use + sequence numbers to retransmit lost data messages. Rather, data + messages may use sequence numbers to detect lost packets and/or + restore the original sequence of packets that may have been reordered + during transport. The LAC may request that sequence numbers be + present in data messages via the Sequencing Required AVP (see Section + 4.4.6). If this AVP is present during session setup, sequence numbers + MUST be present at all times. If this AVP is not present, sequencing + presence is under control of the LNS. The LNS controls enabling and + disabling of sequence numbers by sending a data message with or + without sequence numbers present at any time during the life of a + session. Thus, if the LAC receives a data message without sequence + numbers present, it MUST stop sending sequence numbers in future data + messages. If the LAC receives a data message with sequence numbers + present, it MUST begin sending sequence numbers in future outgoing + data messages. If the LNS enables sequencing after disabling it + earlier in the session, the sequence number state picks up where it + left off before. + + The LNS may initiate disabling of sequencing at any time during the + session (including the first data message sent). It is recommended + that for connections where reordering or packet loss may occur, + sequence numbers always be enabled during the initial negotiation + stages of PPP and disabled only when and if the risk is considered + acceptable. For example, if the PPP session being tunneled is not + utilizing any stateful compression or encryption protocols and is + only carrying IP (as determined by the PPP NCPs that are + established), then the LNS might decide to disable sequencing as IP + is tolerant to datagram loss and reordering. + +5.5 Keepalive (Hello) + + A keepalive mechanism is employed by L2TP in order to differentiate + tunnel outages from extended periods of no control or data activity + on a tunnel. This is accomplished by injecting Hello control messages + (see Section 6.5) after a specified period of time has elapsed since + the last data or control message was received on a tunnel. As for any + other control message, if the Hello message is not reliably delivered + then the tunnel is declared down and is reset. The transport reset + + + +Townsley, et al. Standards Track [Page 44] + +RFC 2661 L2TP August 1999 + + + mechanism along with the injection of Hello messages ensures that a + connectivity failure between the LNS and the LAC will be detected at + both ends of a tunnel. + +5.6 Session Teardown + + Session teardown may be initiated by either the LAC or LNS and is + accomplished by sending a CDN control message. After the last session + is cleared, the control connection MAY be torn down as well (and + typically is). Following is an example of a typical control message + exchange: + + LAC or LNS LAC or LNS + + CDN -> + (Clean up) + + <- ZLB ACK + (Clean up) + +5.7 Control Connection Teardown + + Control connection teardown may be initiated by either the LAC or LNS + and is accomplished by sending a single StopCCN control message. The + receiver of a StopCCN MUST send a ZLB ACK to acknowledge receipt of + the message and maintain enough control connection state to properly + accept StopCCN retransmissions over at least a full retransmission + cycle (in case the ZLB ACK is lost). The recommended time for a full + retransmission cycle is 31 seconds (see section 5.8). Following is an + example of a typical control message exchange: + + LAC or LNS LAC or LNS + + StopCCN -> + (Clean up) + + <- ZLB ACK + (Wait) + (Clean up) + + An implementation may shut down an entire tunnel and all sessions on + the tunnel by sending the StopCCN. Thus, it is not necessary to clear + each session individually when tearing down the whole tunnel. + + + + + + + + +Townsley, et al. Standards Track [Page 45] + +RFC 2661 L2TP August 1999 + + +5.8 Reliable Delivery of Control Messages + + L2TP provides a lower level reliable transport service for all + control messages. The Nr and Ns fields of the control message header + (see section 3.1) belong to this transport. The upper level + functions of L2TP are not concerned with retransmission or ordering + of control messages. The reliable control message is a sliding window + transport that provides control message retransmission and congestion + control. Each peer maintains separate sequence number state for the + control connection within a tunnel. + + The message sequence number, Ns, begins at 0. Each subsequent message + is sent with the next increment of the sequence number. The sequence + number is thus a free running counter represented modulo 65536. The + sequence number in the header of a received message is considered + less than or equal to the last received number if its value lies in + the range of the last received number and the preceding 32767 values, + inclusive. For example, if the last received sequence number was 15, + then messages with sequence numbers 0 through 15, as well as 32784 + through 65535, would be considered less than or equal. Such a message + would be considered a duplicate of a message already received and + ignored from processing. However, in order to ensure that all + messages are acknowledged properly (particularly in the case of a + lost ZLB ACK message), receipt of duplicate messages MUST be + acknowledged by the reliable transport. This acknowledgement may + either piggybacked on a message in queue, or explicitly via a ZLB + ACK. + + All control messages take up one slot in the control message sequence + number space, except the ZLB acknowledgement. Thus, Ns is not + incremented after a ZLB message is sent. + + The last received message number, Nr, is used to acknowledge messages + received by an L2TP peer. It contains the sequence number of the + message the peer expects to receive next (e.g. the last Ns of a non- + ZLB message received plus 1, modulo 65536). While the Nr in a + received ZLB is used to flush messages from the local retransmit + queue (see below), Nr of the next message sent is not be updated by + the Ns of the ZLB. + + The reliable transport at a receiving peer is responsible for making + sure that control messages are delivered in order and without + duplication to the upper level. Messages arriving out of order may be + queued for in-order delivery when the missing messages are received, + or they may be discarded requiring a retransmission by the peer. + + + + + + +Townsley, et al. Standards Track [Page 46] + +RFC 2661 L2TP August 1999 + + + Each tunnel maintains a queue of control messages to be transmitted + to its peer. The message at the front of the queue is sent with a + given Ns value, and is held until a control message arrives from the + peer in which the Nr field indicates receipt of this message. After a + period of time (a recommended default is 1 second) passes without + acknowledgement, the message is retransmitted. The retransmitted + message contains the same Ns value, but the Nr value MUST be updated + with the sequence number of the next expected message. + + Each subsequent retransmission of a message MUST employ an + exponential backoff interval. Thus, if the first retransmission + occurred after 1 second, the next retransmission should occur after 2 + seconds has elapsed, then 4 seconds, etc. An implementation MAY place + a cap upon the maximum interval between retransmissions. This cap + MUST be no less than 8 seconds per retransmission. If no peer + response is detected after several retransmissions, (a recommended + default is 5, but SHOULD be configurable), the tunnel and all + sessions within MUST be cleared. + + When a tunnel is being shut down for reasons other than loss of + connectivity, the state and reliable delivery mechanisms MUST be + maintained and operated for the full retransmission interval after + the final message exchange has occurred. + + A sliding window mechanism is used for control message transmission. + Consider two peers A & B. Suppose A specifies a Receive Window Size + AVP with a value of N in the SCCRQ or SCCRP messages. B is now + allowed to have up to N outstanding control messages. Once N have + been sent, it must wait for an acknowledgment that advances the + window before sending new control messages. An implementation may + support a receive window of only 1 (i.e., by sending out a Receive + Window Size AVP with a value of 1), but MUST accept a window of up to + 4 from its peer (e.g. have the ability to send 4 messages before + backing off). A value of 0 for the Receive Window Size AVP is + invalid. + + When retransmitting control messages, a slow start and congestion + avoidance window adjustment procedure SHOULD be utilized. The + recommended procedure for this is described in Appendix A. + + A peer MUST NOT withhold acknowledgment of messages as a technique + for flow controlling control messages. An L2TP implementation is + expected to be able to keep up with incoming control messages, + possibly responding to some with errors reflecting an inability to + honor the requested action. + + Appendix B contains examples of control message transmission, + acknowledgement, and retransmission. + + + +Townsley, et al. Standards Track [Page 47] + +RFC 2661 L2TP August 1999 + + +6.0 Control Connection Protocol Specification + + The following control connection messages are used to establish, + clear and maintain L2TP tunnels. All data is sent in network order + (high order octets first). Any "reserved" or "empty" fields MUST be + sent as 0 values to allow for protocol extensibility. + +6.1 Start-Control-Connection-Request (SCCRQ) + + Start-Control-Connection-Request (SCCRQ) is a control message used to + initialize a tunnel between an LNS and an LAC. It is sent by either + the LAC or the LNS to being the tunnel establishment process. + + The following AVPs MUST be present in the SCCRQ: + + Message Type AVP + Protocol Version + Host Name + Framing Capabilities + Assigned Tunnel ID + + The Following AVPs MAY be present in the SCCRQ: + + Bearer Capabilities + Receive Window Size + Challenge + Tie Breaker + Firmware Revision + Vendor Name + +6.2 Start-Control-Connection-Reply (SCCRP) + + Start-Control-Connection-Reply (SCCRP) is a control message sent in + reply to a received SCCRQ message. SCCRP is used to indicate that the + SCCRQ was accepted and establishment of the tunnel should continue. + + The following AVPs MUST be present in the SCCRP: + + Message Type + Protocol Version + Framing Capabilities + Host Name + Assigned Tunnel ID + + + + + + + + +Townsley, et al. Standards Track [Page 48] + +RFC 2661 L2TP August 1999 + + + The following AVPs MAY be present in the SCCRP: + + Bearer Capabilities + Firmware Revision + Vendor Name + Receive Window Size + Challenge + Challenge Response + +6.3 Start-Control-Connection-Connected (SCCCN) + + Start-Control-Connection-Connected (SCCCN) is a control message sent + in reply to an SCCRP. SCCCN completes the tunnel establishment + process. + + The following AVP MUST be present in the SCCCN: + + Message Type + + The following AVP MAY be present in the SCCCN: + + Challenge Response + +6.4 Stop-Control-Connection-Notification (StopCCN) + + Stop-Control-Connection-Notification (StopCCN) is a control message + sent by either the LAC or LNS to inform its peer that the tunnel is + being shutdown and the control connection should be closed. In + addition, all active sessions are implicitly cleared (without sending + any explicit call control messages). The reason for issuing this + request is indicated in the Result Code AVP. There is no explicit + reply to the message, only the implicit ACK that is received by the + reliable control message transport layer. + + The following AVPs MUST be present in the StopCCN: + + Message Type + Assigned Tunnel ID + Result Code + +6.5 Hello (HELLO) + + The Hello (HELLO) message is an L2TP control message sent by either + peer of a LAC-LNS control connection. This control message is used as + a "keepalive" for the tunnel. + + + + + + +Townsley, et al. Standards Track [Page 49] + +RFC 2661 L2TP August 1999 + + + The sending of HELLO messages and the policy for sending them are + left up to the implementation. A peer MUST NOT expect HELLO messages + at any time or interval. As with all messages sent on the control + connection, the receiver will return either a ZLB ACK or an + (unrelated) message piggybacking the necessary acknowledgement + information. + + Since a HELLO is a control message, and control messages are reliably + sent by the lower level transport, this keepalive function operates + by causing the transport level to reliably deliver a message. If a + media interruption has occurred, the reliable transport will be + unable to deliver the HELLO across, and will clean up the tunnel. + + Keepalives for the tunnel MAY be implemented by sending a HELLO if a + period of time (a recommended default is 60 seconds, but SHOULD be + configurable) has passed without receiving any message (data or + control) from the peer. + + HELLO messages are global to the tunnel. The Session ID in a HELLO + message MUST be 0. + + The Following AVP MUST be present in the HELLO message: + + Message Type + +6.6 Incoming-Call-Request (ICRQ) + + Incoming-Call-Request (ICRQ) is a control message sent by the LAC to + the LNS when an incoming call is detected. It is the first in a three + message exchange used for establishing a session within an L2TP + tunnel. + + ICRQ is used to indicate that a session is to be established between + the LAC and LNS for this call and provides the LNS with parameter + information for the session. The LAC may defer answering the call + until it has received an ICRP from the LNS indicating that the + session should be established. This mechanism allows the LNS to + obtain sufficient information about the call before determining + whether it should be answered or not. Alternatively, the LAC may + answer the call, negotiate LCP and PPP authentication, and use the + information gained to choose the LNS. In this case, the call has + already been answered by the time the ICRP message is received; the + LAC simply spoofs the "call indication" and "call answer" steps in + this case. + + + + + + + +Townsley, et al. Standards Track [Page 50] + +RFC 2661 L2TP August 1999 + + + The following AVPs MUST be present in the ICRQ: + + Message Type + Assigned Session ID + Call Serial Number + + The following AVPs MAY be present in the ICRQ: + + Bearer Type + Physical Channel ID + Calling Number + Called Number + Sub-Address + +6.7 Incoming-Call-Reply (ICRP) + + Incoming-Call-Reply (ICRP) is a control message sent by the LNS to + the LAC in response to a received ICRQ message. It is the second in + the three message exchange used for establishing sessions within an + L2TP tunnel. + + ICRP is used to indicate that the ICRQ was successful and for the LAC + to answer the call if it has not already done so. It also allows the + LNS to indicate necessary parameters for the L2TP session. + + The following AVPs MUST be present in the ICRP: + + Message Type + Assigned Session ID + +6.8 Incoming-Call-Connected (ICCN) + + Incoming-Call-Connected (ICCN) is a control message sent by the LAC + to the LNS in response to a received ICRP message. It is the third + message in the three message exchange used for establishing sessions + within an L2TP tunnel. + + ICCN is used to indicate that the ICRP was accepted, the call has + been answered, and that the L2TP session should move to the + established state. It also provides additional information to the + LNS about parameters used for the answered call (parameters that may + not always available at the time the ICRQ is issued). + + The following AVPs MUST be present in the ICCN: + + Message Type + (Tx) Connect Speed + Framing Type + + + +Townsley, et al. Standards Track [Page 51] + +RFC 2661 L2TP August 1999 + + + The following AVPs MAY be present in the ICCN: + + Initial Received LCP CONFREQ + Last Sent LCP CONFREQ + Last Received LCP CONFREQ + Proxy Authen Type + Proxy Authen Name + Proxy Authen Challenge + Proxy Authen ID + Proxy Authen Response + Private Group ID + Rx Connect Speed + Sequencing Required + +6.9 Outgoing-Call-Request (OCRQ) + + Outgoing-Call-Request (OCRQ) is a control message sent by the LNS to + the LAC to indicate that an outbound call from the LAC is to be + established. It is the first in a three message exchange used for + establishing a session within an L2TP tunnel. + + OCRQ is used to indicate that a session is to be established between + the LNS and LAC for this call and provides the LAC with parameter + information for both the L2TP session, and the call that is to be + placed + + An LNS MUST have received a Bearer Capabilities AVP during tunnel + establishment from an LAC in order to request an outgoing call to + that LAC. + + The following AVPs MUST be present in the OCRQ: + + Message Type + Assigned Session ID + Call Serial Number + Minimum BPS + Maximum BPS + Bearer Type + Framing Type + Called Number + + The following AVPs MAY be present in the OCRQ: + + Sub-Address + + + + + + + +Townsley, et al. Standards Track [Page 52] + +RFC 2661 L2TP August 1999 + + +6.10 Outgoing-Call-Reply (OCRP) + + Outgoing-Call-Reply (OCRP) is a control message sent by the LAC to + the LNS in response to a received OCRQ message. It is the second in a + three message exchange used for establishing a session within an L2TP + tunnel. + + OCRP is used to indicate that the LAC is able to attempt the outbound + call and returns certain parameters regarding the call attempt. + + The following AVPs MUST be present in the OCRP: + + Message Type + Assigned Session ID + + The following AVPs MAY be present in the OCRP: + + Physical Channel ID + +6.11 Outgoing-Call-Connected (OCCN) + + Outgoing-Call-Connected (OCCN) is a control message sent by the LAC + to the LNS following the OCRP and after the outgoing call has been + completed. It is the final message in a three message exchange used + for establishing a session within an L2TP tunnel. + + OCCN is used to indicate that the result of a requested outgoing call + was successful. It also provides information to the LNS about the + particular parameters obtained after the call was established. + + The following AVPs MUST be present in the OCCN: + + Message Type + (Tx) Connect Speed + Framing Type + + The following AVPs MAY be present in the OCCN: + + Rx Connect Speed + Sequencing Required + +6.12 Call-Disconnect-Notify (CDN) + + The Call-Disconnect-Notify (CDN) message is an L2TP control message + sent by either the LAC or LNS to request disconnection of a specific + call within the tunnel. Its purpose is to inform the peer of the + + + + + +Townsley, et al. Standards Track [Page 53] + +RFC 2661 L2TP August 1999 + + + disconnection and the reason why the disconnection occurred. The peer + MUST clean up any resources, and does not send back any indication of + success or failure for such cleanup. + + The following AVPs MUST be present in the CDN: + + Message Type + Result Code + Assigned Session ID + + The following AVPs MAY be present in the CDN: + + Q.931 Cause Code + +6.13 WAN-Error-Notify (WEN) + + The WAN-Error-Notify message is an L2TP control message sent by the + LAC to the LNS to indicate WAN error conditions (conditions that + occur on the interface supporting PPP). The counters in this message + are cumulative. This message should only be sent when an error + occurs, and not more than once every 60 seconds. The counters are + reset when a new call is established. + + The following AVPs MUST be present in the WEN: + + Message Type + Call Errors + +6.14 Set-Link-Info (SLI) + + The Set-Link-Info message is an L2TP control message sent by the LNS + to the LAC to set PPP-negotiated options. These options can change + at any time during the life of the call, thus the LAC MUST be able to + update its internal call information and behavior on an active PPP + session. + + The following AVPs MUST be present in the SLI: + + Message Type + ACCM + +7.0 Control Connection State Machines + + The control messages defined in section 6 are exchanged by way of + state tables defined in this section. Tables are defined for incoming + call placement, outgoing call placement, as well as for initiation of + + + + + +Townsley, et al. Standards Track [Page 54] + +RFC 2661 L2TP August 1999 + + + the tunnel itself. The state tables do not encode timeout and + retransmission behavior, as this is handled in the underlying + semantics defined in Section 5.8. + +7.1 Control Connection Protocol Operation + + This section describes the operation of various L2TP control + connection functions and the Control Connection messages which are + used to support them. + + Receipt of an invalid or unrecoverable malformed control message + should be logged appropriately and the control connection cleared to + ensure recovery to a known state. The control connection may then be + restarted by the initiator. + + An invalid control message is defined as a message which contains a + Message Type that is marked mandatory (see Section 4.4.1) and is + unknown to the implementation, or a control message that is received + in an improper sequence (e.g. an SCCCN sent in reply to an SCCRQ). + + Examples of a malformed control message include one that has an + invalid value in its header, contains an AVP that is formatted + incorrectly or whose value is out of range, or a message that is + missing a required AVP. A control message with a malformed header + should be discarded. A control message with an invalid AVP should + look to the M-bit for that AVP to determine whether the error is + recoverable or not. + + A malformed yet recoverable non-mandatory (M-bit is not set) AVP + within a control message should be treated in a similar manner as an + unrecognized non-mandatory AVP. Thus, if a malformed AVP is received + with the M-bit set, the session or tunnel should be terminated with a + proper Result or Error Code sent. If the M-bit is not set, the AVP + should be ignored (with the exception of logging a local error + message) and the message accepted. + + This MUST NOT be considered a license to send malformed AVPs, but + simply a guide towards how to handle an improperly formatted message + if one is received. It is impossible to list all potential + malformations of a given message and give advice for each. That said, + one example of a recoverable, malformed AVP might be if the Rx + Connect Speed AVP, attribute 38, is received with a length of 8 + rather than 10 and the BPS given in 2 octets rather than 4. Since the + Rx Connect Speed is non-mandatory, this condition should not be + considered catastrophic. As such, the control message should be + accepted as if the AVP had not been received (with the exception of a + local error message being logged). + + + + +Townsley, et al. Standards Track [Page 55] + +RFC 2661 L2TP August 1999 + + + In several cases in the following tables, a protocol message is sent, + and then a "clean up" occurs. Note that regardless of the initiator + of the tunnel destruction, the reliable delivery mechanism must be + allowed to run (see Section 5.8) before destroying the tunnel. This + permits the tunnel management messages to be reliably delivered to + the peer. + + Appendix B.1 contains an example of lock-step tunnel establishment. + +7.2 Control Connection States + + The L2TP control connection protocol is not distinguishable between + the LNS and LAC, but is distinguishable between the originator and + receiver. The originating peer is the one which first initiates + establishment of the tunnel (in a tie breaker situation, this is the + winner of the tie). Since either LAC or LNS can be the originator, a + collision can occur. See the Tie Breaker AVP in Section 4.4.3 for a + description of this and its resolution. + +7.2.1 Control Connection Establishment + + State Event Action New State + ----- ----- ------ --------- + idle Local Send SCCRQ wait-ctl-reply + Open request + + idle Receive SCCRQ, Send SCCRP wait-ctl-conn + acceptable + + idle Receive SCCRQ, Send StopCCN, idle + not acceptable Clean up + + idle Receive SCCRP Send StopCCN idle + Clean up + + idle Receive SCCCN Clean up idle + + wait-ctl-reply Receive SCCRP, Send SCCCN, established + acceptable Send tunnel-open + event to waiting + sessions + + wait-ctl-reply Receive SCCRP, Send StopCCN, idle + not acceptable Clean up + + wait-ctl-reply Receive SCCRQ, Clean up, idle + lose tie-breaker Re-queue SCCRQ + for idle state + + + +Townsley, et al. Standards Track [Page 56] + +RFC 2661 L2TP August 1999 + + + wait-ctl-reply Receive SCCCN Send StopCCN idle + Clean up + + wait-ctl-conn Receive SCCCN, Send tunnel-open established + acceptable event to waiting + sessions + + wait-ctl-conn Receive SCCCN, Send StopCCN, idle + not acceptable Clean up + + wait-ctl-conn Receive SCCRP, Send StopCCN, idle + SCCRQ Clean up + + established Local Send tunnel-open established + Open request event to waiting + (new call) sessions + + established Admin Send StopCCN idle + Tunnel Close Clean up + + established Receive SCCRQ, Send StopCCN idle + SCCRP, SCCCN Clean up + + idle Receive StopCCN Clean up idle + wait-ctl-reply, + wait-ctl-conn, + established + + The states associated with the LNS or LAC for control connection + establishment are: + + idle + Both initiator and recipient start from this state. An initiator + transmits an SCCRQ, while a recipient remains in the idle state + until receiving an SCCRQ. + + wait-ctl-reply + The originator checks to see if another connection has been + requested from the same peer, and if so, handles the collision + situation described in Section 5.8. + + When an SCCRP is received, it is examined for a compatible + version. If the version of the reply is lower than the version + sent in the request, the older (lower) version should be used + provided it is supported. If the version in the reply is earlier + and supported, the originator moves to the established state. If + + + + + +Townsley, et al. Standards Track [Page 57] + +RFC 2661 L2TP August 1999 + + + the version is earlier and not supported, a StopCCN MUST be sent + to the peer and the originator cleans up and terminates the + tunnel. + + wait-ctl-conn + This is where an SCCCN is awaited; upon receipt, the challenge + response is checked. The tunnel either is established, or is torn + down if an authorization failure is detected. + + established + An established connection may be terminated by either a local + condition or the receipt of a Stop-Control-Connection- + Notification. In the event of a local termination, the originator + MUST send a Stop-Control-Connection-Notification and clean up the + tunnel. + + If the originator receives a Stop-Control-Connection-Notification + it MUST also clean up the tunnel. + +7.3 Timing considerations + + Due to the real-time nature of telephone signaling, both the LNS and + LAC should be implemented with multi-threaded architectures such that + messages related to multiple calls are not serialized and blocked. + The call and connection state figures do not specify exceptions + caused by timers. These are addressed in Section 5.8. + +7.4 Incoming calls + + An Incoming-Call-Request message is generated by the LAC when an + incoming call is detected (for example, an associated telephone line + rings). The LAC selects a Session ID and serial number and indicates + the call bearer type. Modems should always indicate analog call type. + ISDN calls should indicate digital when unrestricted digital service + or rate adaption is used and analog if digital modems are involved. + Calling Number, Called Number, and Subaddress may be included in the + message if they are available from the telephone network. + + Once the LAC sends the Incoming-Call-Request, it waits for a response + from the LNS but it does not necessarily answer the call from the + telephone network yet. The LNS may choose not to accept the call if: + + - No resources are available to handle more sessions + - The dialed, dialing, or subaddress fields do not correspond to + an authorized user + - The bearer service is not authorized or supported + + + + + +Townsley, et al. Standards Track [Page 58] + +RFC 2661 L2TP August 1999 + + + If the LNS chooses to accept the call, it responds with an Incoming- + Call-Reply. When the LAC receives the Incoming-Call-Reply, it + attempts to connect the call. A final call connected message from + the LAC to the LNS indicates that the call states for both the LAC + and the LNS should enter the established state. If the call + terminated before the LNS could accept it, a Call-Disconnect-Notify + is sent by the LAC to indicate this condition. + + When the dialed-in client hangs up, the call is cleared normally and + the LAC sends a Call-Disconnect-Notify message. If the LNS wishes to + clear a call, it sends a Call-Disconnect-Notify message and cleans up + its session. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 59] + +RFC 2661 L2TP August 1999 + + +7.4.1 LAC Incoming Call States + + State Event Action New State + ----- ----- ------ --------- + idle Bearer Ring or Initiate local wait-tunnel + Ready to indicate tunnel open + incoming conn. + + idle Receive ICCN, Clean up idle + ICRP, CDN + + wait-tunnel Bearer line drop Clean up idle + or local close + request + + wait-tunnel tunnel-open Send ICRQ wait-reply + + wait-reply Receive ICRP, Send ICCN established + acceptable + + wait-reply Receive ICRP, Send CDN, idle + Not acceptable Clean up + + wait-reply Receive ICRQ Send CDN idle + Clean up + + wait-reply Receive CDN Clean up idle + ICCN + + wait-reply Local Send CDN, idle + close request or Clean up + Bearer line drop + + established Receive CDN Clean up idle + + established Receive ICRQ, Send CDN, idle + ICRP, ICCN Clean up + + established Bearer line Send CDN, idle + drop or local Clean up + close request + + + + + + + + + + +Townsley, et al. Standards Track [Page 60] + +RFC 2661 L2TP August 1999 + + + The states associated with the LAC for incoming calls are: + + idle + The LAC detects an incoming call on one of its interfaces. + Typically this means an analog line is ringing or an ISDN TE has + detected an incoming Q.931 SETUP message. The LAC initiates its + tunnel establishment state machine, and moves to a state waiting + for confirmation of the existence of a tunnel. + + wait-tunnel + In this state the session is waiting for either the control + connection to be opened or for verification that the tunnel is + already open. Once an indication that the tunnel has/was opened, + session control messages may be exchanged. The first of these is + the Incoming-Call-Request. + + wait-reply + The LAC receives either a CDN message indicating the LNS is not + willing to accept the call (general error or don't accept) and + moves back into the idle state, or an Incoming-Call-Reply message + indicating the call is accepted, the LAC sends an Incoming-Call- + Connected message and enters the established state. + + established + Data is exchanged over the tunnel. The call may be cleared + following: + + An event on the connected interface: The LAC sends a Call- + Disconnect-Notify message + + Receipt of a Call-Disconnect-Notify message: The LAC cleans + up, disconnecting the call. + + A local reason: The LAC sends a Call-Disconnect-Notify + message. + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 61] + +RFC 2661 L2TP August 1999 + + +7.4.2 LNS Incoming Call States + + State Event Action New State + ----- ----- ------ --------- + idle Receive ICRQ, Send ICRP wait-connect + acceptable + + idle Receive ICRQ, Send CDN, idle + not acceptable Clean up + + idle Receive ICRP Send CDN idle + Clean up + + idle Receive ICCN Clean up idle + + wait-connect Receive ICCN Prepare for established + acceptable data + + wait-connect Receive ICCN Send CDN, idle + not acceptable Clean up + + wait-connect Receive ICRQ, Send CDN idle + ICRP Clean up + + idle, Receive CDN Clean up idle + wait-connect, + established + + wait-connect Local Send CDN, idle + established Close request Clean up + + established Receive ICRQ, Send CDN idle + ICRP, ICCN Clean up + + The states associated with the LNS for incoming calls are: + + idle + An Incoming-Call-Request message is received. If the request is + not acceptable, a Call-Disconnect-Notify is sent back to the LAC + and the LNS remains in the idle state. If the Incoming-Call- + Request message is acceptable, an Incoming-Call-Reply is sent. The + session moves to the wait-connect state. + + wait-connect + If the session is still connected on the LAC, the LAC sends an + Incoming-Call-Connected message to the LNS which then moves into + established state. The LAC may send a Call-Disconnect-Notify to + indicate that the incoming caller could not be connected. This + + + +Townsley, et al. Standards Track [Page 62] + +RFC 2661 L2TP August 1999 + + + could happen, for example, if a telephone user accidentally places + a standard voice call to an LAC resulting in a handshake failure + on the called modem. + + established + The session is terminated either by receipt of a Call-Disconnect- + Notify message from the LAC or by sending a Call-Disconnect- + Notify. Clean up follows on both sides regardless of the + initiator. + +7.5 Outgoing calls + + Outgoing calls are initiated by an LNS and instruct an LAC to place a + call. There are three messages for outgoing calls: Outgoing-Call- + Request, Outgoing-Call-Reply, and Outgoing-Call-Connected. The LNS + sends an Outgoing-Call-Request specifying the dialed party phone + number, subaddress and other parameters. The LAC MUST respond to the + Outgoing-Call-Request message with an Outgoing-Call-Reply message + once the LAC determines that the proper facilities exist to place the + call and the call is administratively authorized. For example, is + this LNS allowed to dial an international call? Once the outbound + call is connected, the LAC sends an Outgoing-Call-Connected message + to the LNS indicating the final result of the call attempt: + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 63] + +RFC 2661 L2TP August 1999 + + +7.5.1 LAC Outgoing Call States + + State Event Action New State + ----- ----- ------ --------- + idle Receive OCRQ, Send OCRP, wait-cs-answer + acceptable Open bearer + + idle Receive OCRQ, Send CDN, idle + not acceptable Clean up + + idle Receive OCRP Send CDN idle + Clean up + + idle Receive OCCN, Clean up idle + CDN + + wait-cs-answer Bearer answer, Send OCCN established + framing detected + + wait-cs-answer Bearer failure Send CDN, idle + Clean up + + wait-cs-answer Receive OCRQ, Send CDN idle + OCRP, OCCN Clean up + + established Receive OCRQ, Send CDN idle + OCRP, OCCN Clean up + + wait-cs-answer, Receive CDN Clean up idle + established + + established Bearer line drop, Send CDN, idle + Local close Clean up + request + + The states associated with the LAC for outgoing calls are: + + idle + If Outgoing-Call-Request is received in error, respond with a + Call-Disconnect-Notify. Otherwise, allocate a physical channel and + send an Outgoing-Call-Reply. Place the outbound call and move to + the wait-cs-answer state. + + wait-cs-answer + If the call is not completed or a timer expires waiting for the + call to complete, send a Call-Disconnect-Notify with the + appropriate error condition set and go to idle state. If a circuit + + + + +Townsley, et al. Standards Track [Page 64] + +RFC 2661 L2TP August 1999 + + + switched connection is established and framing is detected, send + an Outgoing-Call-Connected indicating success and go to + established state. + + established + If a Call-Disconnect-Notify is received by the LAC, the telco call + MUST be released via appropriate mechanisms and the session + cleaned up. If the call is disconnected by the client or the + called interface, a Call-Disconnect-Notify message MUST be sent to + the LNS. The sender of the Call-Disconnect-Notify message returns + to the idle state after sending of the message is complete. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 65] + +RFC 2661 L2TP August 1999 + + +7.5.2 LNS Outgoing Call States + + State Event Action New State + ----- ----- ------ --------- + idle Local Initiate local wait-tunnel + open request tunnel-open + + idle Receive OCCN, Clean up idle + OCRP, CDN + + wait-tunnel tunnel-open Send OCRQ wait-reply + + wait-reply Receive OCRP, none wait-connect + acceptable + + wait-reply Receive OCRP, Send CDN idle + not acceptable Clean up + + wait-reply Receive OCCN, Send CDN idle + OCRQ Clean up + + wait-connect Receive OCCN none established + + wait-connect Receive OCRQ, Send CDN idle + OCRP Clean up + + idle, Receive CDN, Clean up idle + wait-reply, + wait-connect, + established + + established Receive OCRQ, Send CDN idle + OCRP, OCCN Clean up + + wait-reply, Local Send CDN idle + wait-connect, Close request Clean up + established + + wait-tunnel Local Clean up idle + Close request + + The states associated with the LNS for outgoing calls are: + + idle, wait-tunnel + When an outgoing call is initiated, a tunnel is first created, + much as the idle and wait-tunnel states for an LAC incoming call. + Once a tunnel is established, an Outgoing-Call-Request message is + sent to the LAC and the session moves into the wait-reply state. + + + +Townsley, et al. Standards Track [Page 66] + +RFC 2661 L2TP August 1999 + + + wait-reply + If a Call-Disconnect-Notify is received, an error occurred, and + the session is cleaned up and returns to idle. If an Outgoing- + Call-Reply is received, the call is in progress and the session + moves to the wait-connect state. + + wait-connect + If a Call-Disconnect-Notify is received, the call failed; the + session is cleaned up and returns to idle. If an Outgoing-Call- + Connected is received, the call has succeeded and the session may + now exchange data. + + established + If a Call-Disconnect-Notify is received, the call has been + terminated for the reason indicated in the Result and Cause Codes; + the session moves back to the idle state. If the LNS chooses to + terminate the session, it sends a Call-Disconnect-Notify to the + LAC and then cleans up and idles its session. + +7.6 Tunnel Disconnection + + The disconnection of a tunnel consists of either peer issuing a + Stop-Control-Connection-Notification. The sender of this Notification + should wait a finite period of time for the acknowledgment of this + message before releasing the control information associated with the + tunnel. The recipient of this Notification should send an + acknowledgment of the Notification and then release the associated + control information. + + When to release a tunnel is an implementation issue and is not + specified in this document. A particular implementation may use + whatever policy is appropriate for determining when to release a + control connection. Some implementations may leave a tunnel open for + a period of time or perhaps indefinitely after the last session for + that tunnel is cleared. Others may choose to disconnect the tunnel + immediately after the last user connection on the tunnel disconnects. + +8.0 L2TP Over Specific Media + + L2TP is self-describing, operating at a level above the media over + which it is carried. However, some details of its connection to media + are required to permit interoperable implementations. The following + sections describe details needed to permit interoperability over + specific media. + + + + + + + +Townsley, et al. Standards Track [Page 67] + +RFC 2661 L2TP August 1999 + + +8.1 L2TP over UDP/IP + + L2TP uses the registered UDP port 1701 [RFC1700]. The entire L2TP + packet, including payload and L2TP header, is sent within a UDP + datagram. The initiator of an L2TP tunnel picks an available source + UDP port (which may or may not be 1701), and sends to the desired + destination address at port 1701. The recipient picks a free port on + its own system (which may or may not be 1701), and sends its reply to + the initiator's UDP port and address, setting its own source port to + the free port it found. Once the source and destination ports and + addresses are established, they MUST remain static for the life of + the tunnel. + + It has been suggested that having the recipient choose an arbitrary + source port (as opposed to using the destination port in the packet + initiating the tunnel, i.e., 1701) may make it more difficult for + L2TP to traverse some NAT devices. Implementors should consider the + potential implication of this before before choosing an arbitrary + source port. + + IP fragmentation may occur as the L2TP packet travels over the IP + substrate. L2TP makes no special efforts to optimize this. A LAC + implementation MAY cause its LCP to negotiate for a specific MRU, + which could optimize for LAC environments in which the MTU's of the + path over which the L2TP packets are likely to travel have a + consistent value. + + The default for any L2TP implementation is that UDP checksums MUST be + enabled for both control and data messages. An L2TP implementation + MAY provide an option to disable UDP checksums for data messages. It + is recommended that UDP checksums always be enabled on control + packets. + + Port 1701 is used for both L2F [RFC2341] and L2TP packets. The + Version field in each header may be used to discriminate between the + two packet types (L2F uses a value of 1, and the L2TP version + described in this document uses a value of 2). An L2TP implementation + running on a system which does not support L2F MUST silently discard + all L2F packets. + + To the PPP clients using an L2TP-over-UDP/IP tunnel, the PPP link has + the characteristic of being able to reorder or silently drop packets. + The former may break non-IP protocols being carried by PPP, + especially LAN-centric ones such as bridging. The latter may break + protocols which assume per-packet indication of error, such as TCP + header compression. Sequencing may be handled by using L2TP data + message sequence numbers if any protocol being transported by the PPP + + + + +Townsley, et al. Standards Track [Page 68] + +RFC 2661 L2TP August 1999 + + + tunnel cannot tolerate reordering. The sequence dependency + characteristics of individual protocols are outside the scope of this + document. + + Allowing packets to be dropped silently is perhaps more problematic + with some protocols. If PPP reliable delivery [RFC1663] is enabled, + no upper PPP protocol will encounter lost packets. If L2TP sequence + numbers are enabled, L2TP can detect the packet loss. In the case of + an LNS, the PPP and L2TP stacks are both present within the LNS, and + packet loss signaling may occur precisely as if a packet was received + with a CRC error. Where the LAC and PPP stack are co-resident, this + technique also applies. Where the LAC and PPP client are physically + distinct, the analogous signaling MAY be accomplished by sending a + packet with a CRC error to the PPP client. Note that this would + greatly increase the complexity of debugging client line problems, + since the client statistics could not distinguish between true media + errors and LAC-initiated ones. Further, this technique is not + possible on all hardware. + + If VJ compression is used, and neither PPP reliable delivery nor + sequence numbers are enabled, each lost packet results in a 1 in + 2**16 chance of a TCP segment being forwarded with incorrect contents + [RFC1144]. Where the combination of the packet loss rate with this + statistical exposure is unacceptable, TCP header compression SHOULD + NOT be used. + + In general, it is wise to remember that the L2TP/UDP/IP transport is + an unreliable transport. As with any PPP media that is subject to + loss, care should be taken when using protocols that are particularly + loss-sensitive. Such protocols include compression and encryption + protocols that employ history. + +8.2 IP + + When operating in IP environments, L2TP MUST offer the UDP + encapsulation described in 8.1 as its default configuration for IP + operation. Other configurations (perhaps corresponding to a + compressed header format) MAY be defined and made available as a + configurable option. + +9.0 Security Considerations + + L2TP encounters several security issues in its operation. The + general approach of L2TP to these issues is documented here. + + + + + + + +Townsley, et al. Standards Track [Page 69] + +RFC 2661 L2TP August 1999 + + +9.1 Tunnel Endpoint Security + + The tunnel endpoints may optionally perform an authentication + procedure of one another during tunnel establishment. This + authentication has the same security attributes as CHAP, and has + reasonable protection against replay and snooping during the tunnel + establishment process. This mechanism is not designed to provide any + authentication beyond tunnel establishment; it is fairly simple for a + malicious user who can snoop the tunnel stream to inject packets once + an authenticated tunnel establishment has been completed + successfully. + + For authentication to occur, the LAC and LNS MUST share a single + secret. Each side uses this same secret when acting as authenticatee + as well as authenticator. Since a single secret is used, the tunnel + authentication AVPs include differentiating values in the CHAP ID + fields for each message digest calculation to guard against replay + attacks. + + The Assigned Tunnel ID and Assigned Session ID (See Section 4.4.3) + SHOULD be selected in an unpredictable manner rather than + sequentially or otherwise. Doing so will help deter hijacking of a + session by a malicious user who does not have access to packet traces + between the LAC and LNS. + +9.2 Packet Level Security + + Securing L2TP requires that the underlying transport make available + encryption, integrity and authentication services for all L2TP + traffic. This secure transport operates on the entire L2TP packet + and is functionally independent of PPP and the protocol being carried + by PPP. As such, L2TP is only concerned with confidentiality, + authenticity, and integrity of the L2TP packets between its tunnel + + endpoints (the LAC and LNS), not unlike link-layer encryption being + concerned only about protecting the confidentiality of traffic + between its physical endpoints. + +9.3 End to End Security + + Protecting the L2TP packet stream via a secure transport does, in + turn, also protect the data within the tunneled PPP packets while + transported from the LAC to the LNS. Such protection should not be + considered a substitution for end-to-end security between + communicating hosts or applications. + + + + + + +Townsley, et al. Standards Track [Page 70] + +RFC 2661 L2TP August 1999 + + +9.4 L2TP and IPsec + + When running over IP, IPsec provides packet-level security via ESP + and/or AH. All L2TP control and data packets for a particular tunnel + appear as homogeneous UDP/IP data packets to the IPsec system. + + In addition to IP transport security, IPsec defines a mode of + operation that allows tunneling of IP packets. The packet level + encryption and authentication provided by IPsec tunnel mode and that + provided by L2TP secured with IPsec provide an equivalent level of + security for these requirements. + + IPsec also defines access control features that are required of a + compliant IPsec implementation. These features allow filtering of + packets based upon network and transport layer characteristics such + as IP address, ports, etc. In the L2TP tunneling model, analogous + filtering is logically performed at the PPP layer or network layer + above L2TP. These network layer access control features may be + handled at the LNS via vendor-specific authorization features based + upon the authenticated PPP user, or at the network layer itself by + using IPsec transport mode end-to-end between the communicating + hosts. The requirements for access control mechanisms are not a part + of the L2TP specification and as such are outside the scope of this + document. + +9.5 Proxy PPP Authentication + + L2TP defines AVPs that MAY be exchanged during session establishment + to provide forwarding of PPP authentication information obtained at + the LAC to the LNS for validation (see Section 4.4.5). This implies a + direct trust relationship of the LAC on behalf of the LNS. If the + LNS chooses to implement proxy authentication, it MUST be able to be + configured off, requiring a new round a PPP authentication initiated + by the LNS (which may or may not include a new round of LCP + negotiation). + +10.0 IANA Considerations + + This document defines a number of "magic" numbers to be maintained by + the IANA. This section explains the criteria to be used by the IANA + to assign additional numbers in each of these lists. The following + subsections describe the assignment policy for the namespaces defined + elsewhere in this document. + +10.1 AVP Attributes + + As defined in Section 4.1, AVPs contain vendor ID, Attribute and + Value fields. For vendor ID value of 0, IANA will maintain a registry + + + +Townsley, et al. Standards Track [Page 71] + +RFC 2661 L2TP August 1999 + + + of assigned Attributes and in some case also values. Attributes 0-39 + are assigned as defined in Section 4.4. The remaining values are + available for assignment through IETF Consensus [RFC 2434]. + +10.2 Message Type AVP Values + + As defined in Section 4.4.1, Message Type AVPs (Attribute Type 0) + have an associated value maintained by IANA. Values 0-16 are defined + in Section 3.2, the remaining values are available for assignment via + IETF Consensus [RFC 2434] + +10.3 Result Code AVP Values + + As defined in Section 4.4.2, Result Code AVPs (Attribute Type 1) + contain three fields. Two of these fields (the Result Code and Error + Code fields) have associated values maintained by IANA. + +10.3.1 Result Code Field Values + + The Result Code AVP may be included in CDN and StopCCN messages. The + allowable values for the Result Code field of the AVP differ + depending upon the value of the Message Type AVP. For the StopCCN + message, values 0-7 are defined in Section 4.4.2; for the StopCCN + message, values 0-11 are defined in the same section. The remaining + values of the Result Code field for both messages are available for + assignment via IETF Consensus [RFC 2434]. + +10.3.2 Error Code Field Values + + Values 0-7 are defined in Section 4.4.2. Values 8-32767 are + available for assignment via IETF Consensus [RFC 2434]. The remaining + values of the Error Code field are available for assignment via First + Come First Served [RFC 2434]. + +10.4 Framing Capabilities & Bearer Capabilities + + The Framing Capabilities AVP and Bearer Capabilities AVPs (defined in + Section 4.4.3) both contain 32-bit bitmasks. Additional bits should + only be defined via a Standards Action [RFC 2434]. + +10.5 Proxy Authen Type AVP Values + + The Proxy Authen Type AVP (Attribute Type 29) has an associated value + maintained by IANA. Values 0-5 are defined in Section 4.4.5, the + remaining values are available for assignment via First Come First + Served [RFC 2434]. + + + + + +Townsley, et al. Standards Track [Page 72] + +RFC 2661 L2TP August 1999 + + +10.6 AVP Header Bits + + There are four remaining reserved bits in the AVP header. Additional + bits should only be assigned via a Standards Action [RFC 2434]. + +11.0 References + + [DSS1] ITU-T Recommendation, "Digital subscriber Signaling System + No. 1 (DSS 1) - ISDN user-network interface layer 3 + specification for basic call control", Rec. Q.931(I.451), + May 1998 + + [KPS] Kaufman, C., Perlman, R., and Speciner, M., "Network + Security: Private Communications in a Public World", + Prentice Hall, March 1995, ISBN 0-13-061466-1 + + [RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, September + 1981. + + [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities", + STD 13, RFC 1034, November 1987. + + [RFC1144] Jacobson, V., "Compressing TCP/IP Headers for Low-Speed + Serial Links", RFC 1144, February 1990. + + [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, + RFC 1661, July 1994. + + [RFC1662] Simpson, W., "PPP in HDLC-like Framing", STD 51, RFC 1662, + July 1994. + + [RFC1663] Rand, D., "PPP Reliable Transmission", RFC 1663, July 1994. + + [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC + 1700, October 1994. See also: + http://www.iana.org/numbers.html + [RFC1990] Sklower, K., Lloyd, B., McGregor, G., Carr, D. and T. + Coradetti, "The PPP Multilink Protocol (MP)", RFC 1990, + August 1996. + + [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication + Protocol (CHAP)", RFC 1994, August 1996. + + [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. + and E. Lear, "Address Allocation for Private Internets", + BCP 5, RFC 1918, February 1996. + + + + + +Townsley, et al. Standards Track [Page 73] + +RFC 2661 L2TP August 1999 + + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2138] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote + Authentication Dial In User Service (RADIUS)", RFC 2138, + April 1997. + + [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and + Languages", BCP 18, RFC 2277, January 1998. + + [RFC2341] Valencia, A., Littlewood, M. and T. Kolar, "Cisco Layer Two + Forwarding (Protocol) L2F", RFC 2341, May 1998. + + [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for the + Internet Protocol", RFC 2401, November 1998. + + [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations Section in RFCs", BCP 26, RFC 2434, + October 1998. + + [RFC2637] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. + and G. Zorn, "Point-to-Point Tunneling Protocol (PPTP)", + RFC 2637, July 1999. + + [STEVENS] Stevens, W. Richard, "TCP/IP Illustrated, Volume I The + Protocols", Addison-Wesley Publishing Company, Inc., March + 1996, ISBN 0-201-63346-9 + +12.0 Acknowledgments + + The basic concept for L2TP and many of its protocol constructs were + adopted from L2F [RFC2341] and PPTP [PPTP]. Authors of these are A. + Valencia, M. Littlewood, T. Kolar, K. Hamzeh, G. Pall, W. Verthein, + J. Taarud, W. Little, and G. Zorn. + + Dory Leifer made valuable refinements to the protocol definition of + L2TP and contributed to the editing of this document. + + Steve Cobb and Evan Caves redesigned the state machine tables. + + Barney Wolff provided a great deal of design input on the endpoint + authentication mechanism. + + John Bray, Greg Burns, Rich Garrett, Don Grosser, Matt Holdrege, + Terry Johnson, Dory Leifer, and Rich Shea provided valuable input and + review at the 43rd IETF in Orlando, FL., which led to improvement of + the overall readability and clarity of this document. + + + + +Townsley, et al. Standards Track [Page 74] + +RFC 2661 L2TP August 1999 + + +13.0 Authors' Addresses + + Gurdeep Singh Pall + Microsoft Corporation + Redmond, WA + + EMail: gurdeep@microsoft.com + + + Bill Palter + RedBack Networks, Inc + 1389 Moffett Park Drive + Sunnyvale, CA 94089 + + EMail: palter@zev.net + + + Allan Rubens + Ascend Communications + 1701 Harbor Bay Parkway + Alameda, CA 94502 + + EMail: acr@del.com + + + W. Mark Townsley + cisco Systems + 7025 Kit Creek Road + PO Box 14987 + Research Triangle Park, NC 27709 + + EMail: townsley@cisco.com + + + Andrew J. Valencia + cisco Systems + 170 West Tasman Drive + San Jose CA 95134-1706 + + EMail: vandys@cisco.com + + + Glen Zorn + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052 + + EMail: gwz@acm.org + + + +Townsley, et al. Standards Track [Page 75] + +RFC 2661 L2TP August 1999 + + +Appendix A: Control Channel Slow Start and Congestion Avoidance + + Although each side has indicated the maximum size of its receive + window, it is recommended that a slow start and congestion avoidance + method be used to transmit control packets. The methods described + here are based upon the TCP congestion avoidance algorithm as + described in section 21.6 of TCP/IP Illustrated, Volume I, by W. + Richard Stevens [STEVENS]. + + Slow start and congestion avoidance make use of several variables. + The congestion window (CWND) defines the number of packets a sender + may send before waiting for an acknowledgment. The size of CWND + expands and contracts as described below. Note however, that CWND is + never allowed to exceed the size of the advertised window obtained + from the Receive Window AVP (in the text below, it is assumed any + increase will be limited by the Receive Window Size). The variable + SSTHRESH determines when the sender switches from slow start to + congestion avoidance. Slow start is used while CWND is less than + SSHTRESH. + + A sender starts out in the slow start phase. CWND is initialized to + one packet, and SSHTRESH is initialized to the advertised window + (obtained from the Receive Window AVP). The sender then transmits + one packet and waits for its acknowledgement (either explicit or + piggybacked). When the acknowledgement is received, the congestion + window is incremented from one to two. During slow start, CWND is + increased by one packet each time an ACK (explicit ZLB or + piggybacked) is received. Increasing CWND by one on each ACK has the + effect of doubling CWND with each round trip, resulting in an + exponential increase. When the value of CWND reaches SSHTRESH, the + slow start phase ends and the congestion avoidance phase begins. + + During congestion avoidance, CWND expands more slowly. Specifically, + it increases by 1/CWND for every new ACK received. That is, CWND is + increased by one packet after CWND new ACKs have been received. + Window expansion during the congestion avoidance phase is effectively + linear, with CWND increasing by one packet each round trip. + + When congestion occurs (indicated by the triggering of a + retransmission) one half of the CWND is saved in SSTHRESH, and CWND + is set to one. The sender then reenters the slow start phase. + + + + + + + + + + +Townsley, et al. Standards Track [Page 76] + +RFC 2661 L2TP August 1999 + + +Appendix B: Control Message Examples + +B.1: Lock-step tunnel establishment + + In this example, an LAC establishes a tunnel, with the exchange + involving each side alternating in sending messages. This example + shows the final acknowledgment explicitly sent within a ZLB ACK + message. An alternative would be to piggyback the acknowledgement + within a message sent as a reply to the ICRQ or OCRQ that will likely + follow from the side that initiated the tunnel. + + LAC or LNS LNS or LAC + ---------- ---------- + + SCCRQ -> + Nr: 0, Ns: 0 + <- SCCRP + Nr: 1, Ns: 0 + SCCCN -> + Nr: 1, Ns: 1 + <- ZLB + Nr: 2, Ns: 1 + +B.2: Lost packet with retransmission + + An existing tunnel has a new session requested by the LAC. The ICRP + is lost and must be retransmitted by the LNS. Note that loss of the + ICRP has two impacts: not only does it keep the upper level state + machine from progressing, but it also keeps the LAC from seeing a + timely lower level acknowledgment of its ICRQ. + + LAC LNS + --- --- + + ICRQ -> + Nr: 1, Ns: 2 + + (packet lost) <- ICRP + Nr: 3, Ns: 1 + + (pause; LAC's timer started first, so fires first) + + ICRQ -> + Nr: 1, Ns: 2 + + (Realizing that it has already seen this packet, + the LNS discards the packet and sends a ZLB) + + + + +Townsley, et al. Standards Track [Page 77] + +RFC 2661 L2TP August 1999 + + + <- ZLB + Nr: 3, Ns: 2 + + (LNS's retransmit timer fires) + + <- ICRP + Nr: 3, Ns: 1 + ICCN -> + Nr: 2, Ns: 3 + + <- ZLB + Nr: 4, Ns: 2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 78] + +RFC 2661 L2TP August 1999 + + +Appendix C: Intellectual Property Notice + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; neither does it represent that it + has made any effort to identify any such rights. Information on the + IETF's procedures with respect to rights in standards-track and + standards-related documentation can be found in BCP-11. Copies of + claims of rights made available for publication and any assurances of + licenses to be made available, or the result of an attempt made to + obtain a general license or permission for the use of such + proprietary rights by implementers or users of this specification can + be obtained from the IETF Secretariat." + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + + The IETF has been notified of intellectual property rights claimed in + regard to some or all of the specification contained in this + document. For more information consult the online list of claimed + rights. + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 79] + +RFC 2661 L2TP August 1999 + + +Full Copyright Statement + + Copyright (C) The Internet Society (1999). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 80] + diff --git a/rfc/rfc3931.txt b/rfc/rfc3931.txt new file mode 100644 index 0000000..e428722 --- /dev/null +++ b/rfc/rfc3931.txt @@ -0,0 +1,5267 @@ + + + + + + +Network Working Group J. Lau, Ed. +Request for Comments: 3931 M. Townsley, Ed. +Category: Standards Track Cisco Systems + I. Goyret, Ed. + Lucent Technologies + March 2005 + + + Layer Two Tunneling Protocol - Version 3 (L2TPv3) + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2005). + +Abstract + + This document describes "version 3" of the Layer Two Tunneling + Protocol (L2TPv3). L2TPv3 defines the base control protocol and + encapsulation for tunneling multiple Layer 2 connections between two + IP nodes. Additional documents detail the specifics for each data + link type being emulated. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 1.1. Changes from RFC 2661. . . . . . . . . . . . . . . . . . 4 + 1.2. Specification of Requirements. . . . . . . . . . . . . . 4 + 1.3. Terminology. . . . . . . . . . . . . . . . . . . . . . . 5 + 2. Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 + 3. Protocol Overview. . . . . . . . . . . . . . . . . . . . . . . 9 + 3.1. Control Message Types. . . . . . . . . . . . . . . . . . 10 + 3.2. L2TP Header Formats. . . . . . . . . . . . . . . . . . . 11 + 3.2.1. L2TP Control Message Header. . . . . . . . . . . 11 + 3.2.2. L2TP Data Message. . . . . . . . . . . . . . . . 12 + 3.3. Control Connection Management. . . . . . . . . . . . . . 13 + 3.3.1. Control Connection Establishment . . . . . . . . 14 + 3.3.2. Control Connection Teardown. . . . . . . . . . . 14 + 3.4. Session Management . . . . . . . . . . . . . . . . . . . 15 + 3.4.1. Session Establishment for an Incoming Call . . . 15 + 3.4.2. Session Establishment for an Outgoing Call . . . 15 + + + +Lau, et al. Standards Track [Page 1] + +RFC 3931 L2TPv3 March 2005 + + + 3.4.3. Session Teardown . . . . . . . . . . . . . . . . 16 + 4. Protocol Operation . . . . . . . . . . . . . . . . . . . . . . 16 + 4.1. L2TP Over Specific Packet-Switched Networks (PSNs) . . . 16 + 4.1.1. L2TPv3 over IP . . . . . . . . . . . . . . . . . 17 + 4.1.2. L2TP over UDP. . . . . . . . . . . . . . . . . . 18 + 4.1.3. L2TP and IPsec . . . . . . . . . . . . . . . . . 20 + 4.1.4. IP Fragmentation Issues. . . . . . . . . . . . . 21 + 4.2. Reliable Delivery of Control Messages. . . . . . . . . . 23 + 4.3. Control Message Authentication . . . . . . . . . . . . . 25 + 4.4. Keepalive (Hello). . . . . . . . . . . . . . . . . . . . 26 + 4.5. Forwarding Session Data Frames . . . . . . . . . . . . . 26 + 4.6. Default L2-Specific Sublayer . . . . . . . . . . . . . . 27 + 4.6.1. Sequencing Data Packets. . . . . . . . . . . . . 28 + 4.7. L2TPv2/v3 Interoperability and Migration . . . . . . . . 28 + 4.7.1. L2TPv3 over IP . . . . . . . . . . . . . . . . . 29 + 4.7.2. L2TPv3 over UDP. . . . . . . . . . . . . . . . . 29 + 4.7.3. Automatic L2TPv2 Fallback. . . . . . . . . . . . 29 + 5. Control Message Attribute Value Pairs. . . . . . . . . . . . . 30 + 5.1. AVP Format . . . . . . . . . . . . . . . . . . . . . . . 30 + 5.2. Mandatory AVPs and Setting the M Bit . . . . . . . . . . 32 + 5.3. Hiding of AVP Attribute Values . . . . . . . . . . . . . 33 + 5.4. AVP Summary. . . . . . . . . . . . . . . . . . . . . . . 36 + 5.4.1. General Control Message AVPs . . . . . . . . . . 36 + 5.4.2. Result and Error Codes . . . . . . . . . . . . . 40 + 5.4.3. Control Connection Management AVPs . . . . . . . 43 + 5.4.4. Session Management AVPs. . . . . . . . . . . . . 48 + 5.4.5. Circuit Status AVPs. . . . . . . . . . . . . . . 57 + 6. Control Connection Protocol Specification. . . . . . . . . . . 59 + 6.1. Start-Control-Connection-Request (SCCRQ) . . . . . . . . 60 + 6.2. Start-Control-Connection-Reply (SCCRP) . . . . . . . . . 60 + 6.3. Start-Control-Connection-Connected (SCCCN) . . . . . . . 61 + 6.4. Stop-Control-Connection-Notification (StopCCN) . . . . . 61 + 6.5. Hello (HELLO). . . . . . . . . . . . . . . . . . . . . . 61 + 6.6. Incoming-Call-Request (ICRQ) . . . . . . . . . . . . . . 62 + 6.7. Incoming-Call-Reply (ICRP) . . . . . . . . . . . . . . . 63 + 6.8. Incoming-Call-Connected (ICCN) . . . . . . . . . . . . . 63 + 6.9. Outgoing-Call-Request (OCRQ) . . . . . . . . . . . . . . 64 + 6.10. Outgoing-Call-Reply (OCRP) . . . . . . . . . . . . . . . 65 + 6.11. Outgoing-Call-Connected (OCCN) . . . . . . . . . . . . . 65 + 6.12. Call-Disconnect-Notify (CDN) . . . . . . . . . . . . . . 66 + 6.13. WAN-Error-Notify (WEN) . . . . . . . . . . . . . . . . . 66 + 6.14. Set-Link-Info (SLI). . . . . . . . . . . . . . . . . . . 67 + 6.15. Explicit-Acknowledgement (ACK) . . . . . . . . . . . . . 67 + 7. Control Connection State Machines. . . . . . . . . . . . . . . 68 + 7.1. Malformed AVPs and Control Messages. . . . . . . . . . . 68 + 7.2. Control Connection States. . . . . . . . . . . . . . . . 69 + 7.3. Incoming Calls . . . . . . . . . . . . . . . . . . . . . 71 + 7.3.1. ICRQ Sender States . . . . . . . . . . . . . . . 72 + + + +Lau, et al. Standards Track [Page 2] + +RFC 3931 L2TPv3 March 2005 + + + 7.3.2. ICRQ Recipient States. . . . . . . . . . . . . . 73 + 7.4. Outgoing Calls . . . . . . . . . . . . . . . . . . . . . 74 + 7.4.1. OCRQ Sender States . . . . . . . . . . . . . . . 75 + 7.4.2. OCRQ Recipient (LAC) States. . . . . . . . . . . 76 + 7.5. Termination of a Control Connection. . . . . . . . . . . 77 + 8. Security Considerations. . . . . . . . . . . . . . . . . . . . 78 + 8.1. Control Connection Endpoint and Message Security . . . . 78 + 8.2. Data Packet Spoofing . . . . . . . . . . . . . . . . . . 78 + 9. Internationalization Considerations. . . . . . . . . . . . . . 79 + 10. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 80 + 10.1. Control Message Attribute Value Pairs (AVPs) . . . . . . 80 + 10.2. Message Type AVP Values. . . . . . . . . . . . . . . . . 81 + 10.3. Result Code AVP Values . . . . . . . . . . . . . . . . . 81 + 10.4. AVP Header Bits. . . . . . . . . . . . . . . . . . . . . 82 + 10.5. L2TP Control Message Header Bits . . . . . . . . . . . . 82 + 10.6. Pseudowire Types . . . . . . . . . . . . . . . . . . . . 83 + 10.7. Circuit Status Bits. . . . . . . . . . . . . . . . . . . 83 + 10.8. Default L2-Specific Sublayer bits. . . . . . . . . . . . 84 + 10.9. L2-Specific Sublayer Type. . . . . . . . . . . . . . . . 84 + 10.10 Data Sequencing Level. . . . . . . . . . . . . . . . . . 84 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 85 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 85 + 11.2. Informative References . . . . . . . . . . . . . . . . . 85 + 12. Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 87 + Appendix A: Control Slow Start and Congestion Avoidance. . . . . . 89 + Appendix B: Control Message Examples . . . . . . . . . . . . . . . 90 + Appendix C: Processing Sequence Numbers. . . . . . . . . . . . . . 91 + Editors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 93 + Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 94 + +1. Introduction + + The Layer Two Tunneling Protocol (L2TP) provides a dynamic mechanism + for tunneling Layer 2 (L2) "circuits" across a packet-oriented data + network (e.g., over IP). L2TP, as originally defined in RFC 2661, is + a standard method for tunneling Point-to-Point Protocol (PPP) + [RFC1661] sessions. L2TP has since been adopted for tunneling a + number of other L2 protocols. In order to provide greater + modularity, this document describes the base L2TP protocol, + independent of the L2 payload that is being tunneled. + + The base L2TP protocol defined in this document consists of (1) the + control protocol for dynamic creation, maintenance, and teardown of + L2TP sessions, and (2) the L2TP data encapsulation to multiplex and + demultiplex L2 data streams between two L2TP nodes across an IP + network. Additional documents are expected to be published for each + L2 data link emulation type (a.k.a. pseudowire-type) supported by + L2TP (i.e., PPP, Ethernet, Frame Relay, etc.). These documents will + + + +Lau, et al. Standards Track [Page 3] + +RFC 3931 L2TPv3 March 2005 + + + contain any pseudowire-type specific details that are outside the + scope of this base specification. + + When the designation between L2TPv2 and L2TPv3 is necessary, L2TP as + defined in RFC 2661 will be referred to as "L2TPv2", corresponding to + the value in the Version field of an L2TP header. (Layer 2 + Forwarding, L2F, [RFC2341] was defined as "version 1".) At times, + L2TP as defined in this document will be referred to as "L2TPv3". + Otherwise, the acronym "L2TP" will refer to L2TPv3 or L2TP in + general. + +1.1. Changes from RFC 2661 + + Many of the protocol constructs described in this document are + carried over from RFC 2661. Changes include clarifications based on + years of interoperability and deployment experience as well as + modifications to either improve protocol operation or provide a + clearer separation from PPP. The intent of these modifications is to + achieve a healthy balance between code reuse, interoperability + experience, and a directed evolution of L2TP as it is applied to new + tasks. + + Notable differences between L2TPv2 and L2TPv3 include the following: + + Separation of all PPP-related AVPs, references, etc., including a + portion of the L2TP data header that was specific to the needs of + PPP. The PPP-specific constructs are described in a companion + document. + + Transition from a 16-bit Session ID and Tunnel ID to a 32-bit + Session ID and Control Connection ID, respectively. + + Extension of the Tunnel Authentication mechanism to cover the + entire control message rather than just a portion of certain + messages. + + Details of these changes and a recommendation for transitioning to + L2TPv3 are discussed in Section 4.7. + +1.2. Specification of Requirements + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + + + + + + + +Lau, et al. Standards Track [Page 4] + +RFC 3931 L2TPv3 March 2005 + + +1.3. Terminology + + Attribute Value Pair (AVP) + + The variable-length concatenation of a unique Attribute + (represented by an integer), a length field, and a Value + containing the actual value identified by the attribute. Zero or + more AVPs make up the body of control messages, which are used in + the establishment, maintenance, and teardown of control + connections. This basic construct is sometimes referred to as a + Type-Length-Value (TLV) in some specifications. (See also: + Control Connection, Control Message.) + + Call (Circuit Up) + + The action of transitioning a circuit on an L2TP Access + Concentrator (LAC) to an "up" or "active" state. A call may be + dynamically established through signaling properties (e.g., an + incoming or outgoing call through the Public Switched Telephone + Network (PSTN)) or statically configured (e.g., provisioning a + Virtual Circuit on an interface). A call is defined by its + properties (e.g., type of call, called number, etc.) and its data + traffic. (See also: Circuit, Session, Incoming Call, Outgoing + Call, Outgoing Call Request.) + + Circuit + + A general term identifying any one of a wide range of L2 + connections. A circuit may be virtual in nature (e.g., an ATM + PVC, an IEEE 802 VLAN, or an L2TP session), or it may have direct + correlation to a physical layer (e.g., an RS-232 serial line). + Circuits may be statically configured with a relatively long-lived + uptime, or dynamically established with signaling to govern the + establishment, maintenance, and teardown of the circuit. For the + purposes of this document, a statically configured circuit is + considered to be essentially the same as a very simple, long- + lived, dynamic circuit. (See also: Call, Remote System.) + + Client + + (See Remote System.) + + Control Connection + + An L2TP control connection is a reliable control channel that is + used to establish, maintain, and release individual L2TP sessions + as well as the control connection itself. (See also: Control + Message, Data Channel.) + + + +Lau, et al. Standards Track [Page 5] + +RFC 3931 L2TPv3 March 2005 + + + Control Message + + An L2TP message used by the control connection. (See also: + Control Connection.) + + Data Message + + Message used by the data channel. (a.k.a. Data Packet, See also: + Data Channel.) + + Data Channel + + The channel for L2TP-encapsulated data traffic that passes between + two LCCEs over a Packet-Switched Network (i.e., IP). (See also: + Control Connection, Data Message.) + + Incoming Call + + The action of receiving a call (circuit up event) on an LAC. The + call may have been placed by a remote system (e.g., a phone call + over a PSTN), or it may have been triggered by a local event + (e.g., interesting traffic routed to a virtual interface). An + incoming call that needs to be tunneled (as determined by the LAC) + results in the generation of an L2TP ICRQ message. (See also: + Call, Outgoing Call, Outgoing Call Request.) + + L2TP Access Concentrator (LAC) + + If an L2TP Control Connection Endpoint (LCCE) is being used to + cross-connect an L2TP session directly to a data link, we refer to + it as an L2TP Access Concentrator (LAC). An LCCE may act as both + an L2TP Network Server (LNS) for some sessions and an LAC for + others, so these terms must only be used within the context of a + given set of sessions unless the LCCE is in fact single purpose + for a given topology. (See also: LCCE, LNS.) + + L2TP Control Connection Endpoint (LCCE) + + An L2TP node that exists at either end of an L2TP control + connection. May also be referred to as an LAC or LNS, depending + on whether tunneled frames are processed at the data link (LAC) or + network layer (LNS). (See also: LAC, LNS.) + + L2TP Network Server (LNS) + + If a given L2TP session is terminated at the L2TP node and the + encapsulated network layer (L3) packet processed on a virtual + interface, we refer to this L2TP node as an L2TP Network Server + + + +Lau, et al. Standards Track [Page 6] + +RFC 3931 L2TPv3 March 2005 + + + (LNS). A given LCCE may act as both an LNS for some sessions and + an LAC for others, so these terms must only be used within the + context of a given set of sessions unless the LCCE is in fact + single purpose for a given topology. (See also: LCCE, LAC.) + + Outgoing Call + + The action of placing a call by an LAC, typically in response to + policy directed by the peer in an Outgoing Call Request. (See + also: Call, Incoming Call, Outgoing Call Request.) + + Outgoing Call Request + + A request sent to an LAC to place an outgoing call. The request + contains specific information not known a priori by the LAC (e.g., + a number to dial). (See also: Call, Incoming Call, Outgoing + Call.) + + Packet-Switched Network (PSN) + + A network that uses packet switching technology for data delivery. + For L2TPv3, this layer is principally IP. Other examples include + MPLS, Frame Relay, and ATM. + + Peer + + When used in context with L2TP, Peer refers to the far end of an + L2TP control connection (i.e., the remote LCCE). An LAC's peer + may be either an LNS or another LAC. Similarly, an LNS's peer may + be either an LAC or another LNS. (See also: LAC, LCCE, LNS.) + + Pseudowire (PW) + + An emulated circuit as it traverses a PSN. There is one + Pseudowire per L2TP Session. (See also: Packet-Switched Network, + Session.) + + Pseudowire Type + + The payload type being carried within an L2TP session. Examples + include PPP, Ethernet, and Frame Relay. (See also: Session.) + + Remote System + + An end system or router connected by a circuit to an LAC. + + + + + + +Lau, et al. Standards Track [Page 7] + +RFC 3931 L2TPv3 March 2005 + + + Session + + An L2TP session is the entity that is created between two LCCEs in + order to exchange parameters for and maintain an emulated L2 + connection. Multiple sessions may be associated with a single + Control Connection. + + Zero-Length Body (ZLB) Message + + A control message with only an L2TP header. ZLB messages are used + only to acknowledge messages on the L2TP reliable control + connection. (See also: Control Message.) + +2. Topology + + L2TP operates between two L2TP Control Connection Endpoints (LCCEs), + tunneling traffic across a packet network. There are three + predominant tunneling models in which L2TP operates: LAC-LNS (or vice + versa), LAC-LAC, and LNS-LNS. These models are diagrammed below. + (Dotted lines designate network connections. Solid lines designate + circuit connections.) + + Figure 2.0: L2TP Reference Models + + (a) LAC-LNS Reference Model: On one side, the LAC receives traffic + from an L2 circuit, which it forwards via L2TP across an IP or other + packet-based network. On the other side, an LNS logically terminates + the L2 circuit locally and routes network traffic to the home + network. The action of session establishment is driven by the LAC + (as an incoming call) or the LNS (as an outgoing call). + + +-----+ L2 +-----+ +-----+ + | |------| LAC |.........[ IP ].........| LNS |...[home network] + +-----+ +-----+ +-----+ + remote + system + |<-- emulated service -->| + |<----------- L2 service ------------>| + + (b) LAC-LAC Reference Model: In this model, both LCCEs are LACs. + Each LAC forwards circuit traffic from the remote system to the peer + LAC using L2TP, and vice versa. In its simplest form, an LAC acts as + a simple cross-connect between a circuit to a remote system and an + L2TP session. This model typically involves symmetric establishment; + that is, either side of the connection may initiate a session at any + time (or simultaneously, in which a tie breaking mechanism is + utilized). + + + + +Lau, et al. Standards Track [Page 8] + +RFC 3931 L2TPv3 March 2005 + + + +-----+ L2 +-----+ +-----+ L2 +-----+ + | |------| LAC |........[ IP ]........| LAC |------| | + +-----+ +-----+ +-----+ +-----+ + remote remote + system system + |<- emulated service ->| + |<----------------- L2 service ----------------->| + + (c) LNS-LNS Reference Model: This model has two LNSs as the LCCEs. A + user-level, traffic-generated, or signaled event typically drives + session establishment from one side of the tunnel. For example, a + tunnel generated from a PC by a user, or automatically by customer + premises equipment. + + +-----+ +-----+ + [home network]...| LNS |........[ IP ]........| LNS |...[home network] + +-----+ +-----+ + |<- emulated service ->| + |<---- L2 service ---->| + + Note: In L2TPv2, user-driven tunneling of this type is often referred + to as "voluntary tunneling" [RFC2809]. Further, an LNS acting as + part of a software package on a host is sometimes referred to as an + "LAC Client" [RFC2661]. + +3. Protocol Overview + + L2TP is comprised of two types of messages, control messages and data + messages (sometimes referred to as "control packets" and "data + packets", respectively). Control messages are used in the + establishment, maintenance, and clearing of control connections and + sessions. These messages utilize a reliable control channel within + L2TP to guarantee delivery (see Section 4.2 for details). Data + messages are used to encapsulate the L2 traffic being carried over + the L2TP session. Unlike control messages, data messages are not + retransmitted when packet loss occurs. + + The L2TPv3 control message format defined in this document borrows + largely from L2TPv2. These control messages are used in conjunction + with the associated protocol state machines that govern the dynamic + setup, maintenance, and teardown for L2TP sessions. The data message + format for tunneling data packets may be utilized with or without the + L2TP control channel, either via manual configuration or via other + signaling methods to pre-configure or distribute L2TP session + information. Utilization of the L2TP data message format with other + signaling methods is outside the scope of this document. + + + + + +Lau, et al. Standards Track [Page 9] + +RFC 3931 L2TPv3 March 2005 + + + Figure 3.0: L2TPv3 Structure + + +-------------------+ +-----------------------+ + | Tunneled Frame | | L2TP Control Message | + +-------------------+ +-----------------------+ + | L2TP Data Header | | L2TP Control Header | + +-------------------+ +-----------------------+ + | L2TP Data Channel | | L2TP Control Channel | + | (unreliable) | | (reliable) | + +-------------------+----+-----------------------+ + | Packet-Switched Network (IP, FR, MPLS, etc.) | + +------------------------------------------------+ + + Figure 3.0 depicts the relationship of control messages and data + messages over the L2TP control and data channels, respectively. Data + messages are passed over an unreliable data channel, encapsulated by + an L2TP header, and sent over a Packet-Switched Network (PSN) such as + IP, UDP, Frame Relay, ATM, MPLS, etc. Control messages are sent over + a reliable L2TP control channel, which operates over the same PSN. + + The necessary setup for tunneling a session with L2TP consists of two + steps: (1) Establishing the control connection, and (2) establishing + a session as triggered by an incoming call or outgoing call. An L2TP + session MUST be established before L2TP can begin to forward session + frames. Multiple sessions may be bound to a single control + connection, and multiple control connections may exist between the + same two LCCEs. + +3.1. Control Message Types + + The Message Type AVP (see Section 5.4.1) defines the specific type of + control message being sent. + + This document defines the following control message types (see + Sections 6.1 through 6.15 for details on the construction and use of + each message): + + Control Connection Management + + 0 (reserved) + 1 (SCCRQ) Start-Control-Connection-Request + 2 (SCCRP) Start-Control-Connection-Reply + 3 (SCCCN) Start-Control-Connection-Connected + 4 (StopCCN) Stop-Control-Connection-Notification + 5 (reserved) + 6 (HELLO) Hello + 20 (ACK) Explicit Acknowledgement + + + + +Lau, et al. Standards Track [Page 10] + +RFC 3931 L2TPv3 March 2005 + + + Call Management + + 7 (OCRQ) Outgoing-Call-Request + 8 (OCRP) Outgoing-Call-Reply + 9 (OCCN) Outgoing-Call-Connected + 10 (ICRQ) Incoming-Call-Request + 11 (ICRP) Incoming-Call-Reply + 12 (ICCN) Incoming-Call-Connected + 13 (reserved) + 14 (CDN) Call-Disconnect-Notify + + Error Reporting + + 15 (WEN) WAN-Error-Notify + + Link Status Change Reporting + + 16 (SLI) Set-Link-Info + +3.2. L2TP Header Formats + + This section defines header formats for L2TP control messages and + L2TP data messages. All values are placed into their respective + fields and sent in network order (high-order octets first). + +3.2.1. L2TP Control Message Header + + The L2TP control message header provides information for the reliable + transport of messages that govern the establishment, maintenance, and + teardown of L2TP sessions. By default, control messages are sent + over the underlying media in-band with L2TP data messages. + + The L2TP control message header is formatted as follows: + + Figure 3.2.1: L2TP Control Message Header + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |T|L|x|x|S|x|x|x|x|x|x|x| Ver | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Control Connection ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Ns | Nr | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The T bit MUST be set to 1, indicating that this is a control + message. + + + +Lau, et al. Standards Track [Page 11] + +RFC 3931 L2TPv3 March 2005 + + + The L and S bits MUST be set to 1, indicating that the Length field + and sequence numbers are present. + + The x bits are reserved for future extensions. All reserved bits + MUST be set to 0 on outgoing messages and ignored on incoming + messages. + + The Ver field indicates the version of the L2TP control message + header described in this document. On sending, this field MUST be + set to 3 for all messages (unless operating in an environment that + includes L2TPv2 [RFC2661] and/or L2F [RFC2341] as well, see Section + 4.1 for details). + + The Length field indicates the total length of the message in octets, + always calculated from the start of the control message header itself + (beginning with the T bit). + + The Control Connection ID field contains the identifier for the + control connection. L2TP control connections are named by + identifiers that have local significance only. That is, the same + control connection will be given unique Control Connection IDs by + each LCCE from within each endpoint's own Control Connection ID + number space. As such, the Control Connection ID in each message is + that of the intended recipient, not the sender. Non-zero Control + Connection IDs are selected and exchanged as Assigned Control + Connection ID AVPs during the creation of a control connection. + + Ns indicates the sequence number for this control message, beginning + at zero and incrementing by one (modulo 2**16) for each message sent. + See Section 4.2 for more information on using this field. + + Nr indicates the sequence number expected in the next control message + to be received. Thus, Nr is set to the Ns of the last in-order + message received plus one (modulo 2**16). See Section 4.2 for more + information on using this field. + +3.2.2. L2TP Data Message + + In general, an L2TP data message consists of a (1) Session Header, + (2) an optional L2-Specific Sublayer, and (3) the Tunnel Payload, as + depicted below. + + + + + + + + + + +Lau, et al. Standards Track [Page 12] + +RFC 3931 L2TPv3 March 2005 + + + Figure 3.2.2: L2TP Data Message Header + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | L2TP Session Header | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | L2-Specific Sublayer | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Tunnel Payload ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The L2TP Session Header is specific to the encapsulating PSN over + which the L2TP traffic is delivered. The Session Header MUST provide + (1) a method of distinguishing traffic among multiple L2TP data + sessions and (2) a method of distinguishing data messages from + control messages. + + Each type of encapsulating PSN MUST define its own session header, + clearly identifying the format of the header and parameters necessary + to setup the session. Section 4.1 defines two session headers, one + for transport over UDP and one for transport over IP. + + The L2-Specific Sublayer is an intermediary layer between the L2TP + session header and the start of the tunneled frame. It contains + control fields that are used to facilitate the tunneling of each + frame (e.g., sequence numbers or flags). The Default L2-Specific + Sublayer for L2TPv3 is defined in Section 4.6. + + The Data Message Header is followed by the Tunnel Payload, including + any necessary L2 framing as defined in the payload-specific companion + documents. + +3.3. Control Connection Management + + The L2TP control connection handles dynamic establishment, teardown, + and maintenance of the L2TP sessions and of the control connection + itself. The reliable delivery of control messages is described in + Section 4.2. + + This section describes typical control connection establishment and + teardown exchanges. It is important to note that, in the diagrams + that follow, the reliable control message delivery mechanism exists + independently of the L2TP state machine. For instance, Explicit + Acknowledgement (ACK) messages may be sent after any of the control + messages indicated in the exchanges below if an acknowledgment is not + piggybacked on a later control message. + + + + + + +Lau, et al. Standards Track [Page 13] + +RFC 3931 L2TPv3 March 2005 + + + LCCEs are identified during control connection establishment either + by the Host Name AVP, the Router ID AVP, or a combination of the two + (see Section 5.4.3). The identity of a peer LCCE is central to + selecting proper configuration parameters (i.e., Hello interval, + window size, etc.) for a control connection, as well as for + determining how to set up associated sessions within the control + connection, password lookup for control connection authentication, + control connection level tie breaking, etc. + +3.3.1. Control Connection Establishment + + Establishment of the control connection involves an exchange of AVPs + that identifies the peer and its capabilities. + + A three-message exchange is used to establish the control connection. + The following is a typical message exchange: + + LCCE A LCCE B + ------ ------ + SCCRQ -> + <- SCCRP + SCCCN -> + +3.3.2. Control Connection Teardown + + Control connection teardown may be initiated by either LCCE and is + accomplished by sending a single StopCCN control message. As part of + the reliable control message delivery mechanism, the recipient of a + StopCCN MUST send an ACK message to acknowledge receipt of the + message and maintain enough control connection state to properly + accept StopCCN retransmissions over at least a full retransmission + cycle (in case the ACK message is lost). The recommended time for a + full retransmission cycle is at least 31 seconds (see Section 4.2). + The following is an example of a typical control message exchange: + + LCCE A LCCE B + ------ ------ + StopCCN -> + (Clean up) + + (Wait) + (Clean up) + + An implementation may shut down an entire control connection and all + sessions associated with the control connection by sending the + StopCCN. Thus, it is not necessary to clear each session + individually when tearing down the whole control connection. + + + + +Lau, et al. Standards Track [Page 14] + +RFC 3931 L2TPv3 March 2005 + + +3.4. Session Management + + After successful control connection establishment, individual + sessions may be created. Each session corresponds to a single data + stream between the two LCCEs. This section describes the typical + call establishment and teardown exchanges. + +3.4.1. Session Establishment for an Incoming Call + + A three-message exchange is used to establish the session. The + following is a typical sequence of events: + + LCCE A LCCE B + ------ ------ + (Call + Detected) + + ICRQ -> + <- ICRP + (Call + Accepted) + + ICCN -> + +3.4.2. Session Establishment for an Outgoing Call + + A three-message exchange is used to set up the session. The + following is a typical sequence of events: + + LCCE A LCCE B + ------ ------ + <- OCRQ + OCRP -> + + (Perform + Call + Operation) + + OCCN -> + + (Call Operation + Completed + Successfully) + + + + + + + + +Lau, et al. Standards Track [Page 15] + +RFC 3931 L2TPv3 March 2005 + + +3.4.3. Session Teardown + + Session teardown may be initiated by either the LAC or LNS and is + accomplished by sending a CDN control message. After the last + session is cleared, the control connection MAY be torn down as well + (and typically is). The following is an example of a typical control + message exchange: + + LCCE A LCCE B + ------ ------ + CDN -> + (Clean up) + + (Clean up) + +4. Protocol Operation + +4.1. L2TP Over Specific Packet-Switched Networks (PSNs) + + L2TP may operate over a variety of PSNs. There are two modes + described for operation over IP, L2TP directly over IP (see Section + 4.1.1) and L2TP over UDP (see Section 4.1.2). L2TPv3 implementations + MUST support L2TP over IP and SHOULD support L2TP over UDP for better + NAT and firewall traversal, and for easier migration from L2TPv2. + + L2TP over other PSNs may be defined, but the specifics are outside + the scope of this document. Examples of L2TPv2 over other PSNs + include [RFC3070] and [RFC3355]. + + The following field definitions are defined for use in all L2TP + Session Header encapsulations. + + Session ID + + A 32-bit field containing a non-zero identifier for a session. + L2TP sessions are named by identifiers that have local + significance only. That is, the same logical session will be + given different Session IDs by each end of the control connection + for the life of the session. When the L2TP control connection is + used for session establishment, Session IDs are selected and + exchanged as Local Session ID AVPs during the creation of a + session. The Session ID alone provides the necessary context for + all further packet processing, including the presence, size, and + value of the Cookie, the type of L2-Specific Sublayer, and the + type of payload being tunneled. + + + + + + +Lau, et al. Standards Track [Page 16] + +RFC 3931 L2TPv3 March 2005 + + + Cookie + + The optional Cookie field contains a variable-length value + (maximum 64 bits) used to check the association of a received data + message with the session identified by the Session ID. The Cookie + MUST be set to the configured or signaled random value for this + session. The Cookie provides an additional level of guarantee + that a data message has been directed to the proper session by the + Session ID. A well-chosen Cookie may prevent inadvertent + misdirection of stray packets with recently reused Session IDs, + Session IDs subject to packet corruption, etc. The Cookie may + also provide protection against some specific malicious packet + insertion attacks, as described in Section 8.2. + + When the L2TP control connection is used for session + establishment, random Cookie values are selected and exchanged as + Assigned Cookie AVPs during session creation. + +4.1.1. L2TPv3 over IP + + L2TPv3 over IP (both versions) utilizes the IANA-assigned IP protocol + ID 115. + +4.1.1.1. L2TPv3 Session Header Over IP + + Unlike L2TP over UDP, the L2TPv3 session header over IP is free of + any restrictions imposed by coexistence with L2TPv2 and L2F. As + such, the header format has been designed to optimize packet + processing. The following session header format is utilized when + operating L2TPv3 over IP: + + Figure 4.1.1.1: L2TPv3 Session Header Over IP + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Cookie (optional, maximum 64 bits)... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Session ID and Cookie fields are as defined in Section 4.1. The + Session ID of zero is reserved for use by L2TP control messages (see + Section 4.1.1.2). + + + + + +Lau, et al. Standards Track [Page 17] + +RFC 3931 L2TPv3 March 2005 + + +4.1.1.2. L2TP Control and Data Traffic over IP + + Unlike L2TP over UDP, which uses the T bit to distinguish between + L2TP control and data packets, L2TP over IP uses the reserved Session + ID of zero (0) when sending control messages. It is presumed that + checking for the zero Session ID is more efficient -- both in header + size for data packets and in processing speed for distinguishing + between control and data messages -- than checking a single bit. + + The entire control message header over IP, including the zero session + ID, appears as follows: + + Figure 4.1.1.2: L2TPv3 Control Message Header Over IP + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | (32 bits of zeros) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |T|L|x|x|S|x|x|x|x|x|x|x| Ver | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Control Connection ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Ns | Nr | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Named fields are as defined in Section 3.2.1. Note that the Length + field is still calculated from the beginning of the control message + header, beginning with the T bit. It does NOT include the "(32 bits + of zeros)" depicted above. + + When operating directly over IP, L2TP packets lose the ability to + take advantage of the UDP checksum as a simple packet integrity + check, which is of particular concern for L2TP control messages. + Control Message Authentication (see Section 4.3), even with an empty + password field, provides for a sufficient packet integrity check and + SHOULD always be enabled. + +4.1.2. L2TP over UDP + + L2TPv3 over UDP must consider other L2 tunneling protocols that may + be operating in the same environment, including L2TPv2 [RFC2661] and + L2F [RFC2341]. + + While there are efficiencies gained by running L2TP directly over IP, + there are possible side effects as well. For instance, L2TP over IP + is not as NAT-friendly as L2TP over UDP. + + + + +Lau, et al. Standards Track [Page 18] + +RFC 3931 L2TPv3 March 2005 + + +4.1.2.1. L2TP Session Header Over UDP + + The following session header format is utilized when operating L2TPv3 + over UDP: + + Figure 4.1.2.1: L2TPv3 Session Header over UDP + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |T|x|x|x|x|x|x|x|x|x|x|x| Ver | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Cookie (optional, maximum 64 bits)... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The T bit MUST be set to 0, indicating that this is a data message. + + The x bits and Reserved field are reserved for future extensions. + All reserved values MUST be set to 0 on outgoing messages and ignored + on incoming messages. + + The Ver field MUST be set to 3, indicating an L2TPv3 message. + + Note that the initial bits 1, 4, 6, and 7 have meaning in L2TPv2 + [RFC2661], and are deprecated and marked as reserved in L2TPv3. + Thus, for UDP mode on a system that supports both versions of L2TP, + it is important that the Ver field be inspected first to determine + the Version of the header before acting upon any of these bits. + + The Session ID and Cookie fields are as defined in Section 4.1. + +4.1.2.2. UDP Port Selection + + The method for UDP Port Selection defined in this section is + identical to that defined for L2TPv2 [RFC2661]. + + When negotiating a control connection over UDP, control messages MUST + be sent as UDP datagrams using the registered UDP port 1701 + [RFC1700]. The initiator of an L2TP control connection picks an + available source UDP port (which may or may not be 1701) and sends to + the desired destination address at port 1701. The recipient picks a + free port on its own system (which may or may not be 1701) and sends + its reply to the initiator's UDP port and address, setting its own + source port to the free port it found. + + + +Lau, et al. Standards Track [Page 19] + +RFC 3931 L2TPv3 March 2005 + + + Any subsequent traffic associated with this control connection + (either control traffic or data traffic from a session established + through this control connection) must use these same UDP ports. + + It has been suggested that having the recipient choose an arbitrary + source port (as opposed to using the destination port in the packet + initiating the control connection, i.e., 1701) may make it more + difficult for L2TP to traverse some NAT devices. Implementations + should consider the potential implication of this capability before + choosing an arbitrary source port. A NAT device that can pass TFTP + traffic with variant UDP ports should be able to pass L2TP UDP + traffic since both protocols employ similar policies with regard to + UDP port selection. + +4.1.2.3. UDP Checksum + + The tunneled frames that L2TP carry often have their own checksums or + integrity checks, rendering the UDP checksum redundant for much of + the L2TP data message contents. Thus, UDP checksums MAY be disabled + in order to reduce the associated packet processing burden at the + L2TP endpoints. + + The L2TP header itself does not have its own checksum or integrity + check. However, use of the L2TP Session ID and Cookie pair guards + against accepting an L2TP data message if corruption of the Session + ID or associated Cookie has occurred. When the L2-Specific Sublayer + is present in the L2TP header, there is no built-in integrity check + for the information contained therein if UDP checksums or some other + integrity check is not employed. IPsec (see Section 4.1.3) may be + used for strong integrity protection of the entire contents of L2TP + data messages. + + UDP checksums MUST be enabled for L2TP control messages. + +4.1.3. L2TP and IPsec + + The L2TP data channel does not provide cryptographic security of any + kind. If the L2TP data channel operates over a public or untrusted + IP network where privacy of the L2TP data is of concern or + sophisticated attacks against L2TP are expected to occur, IPsec + [RFC2401] MUST be made available to secure the L2TP traffic. + + Either L2TP over UDP or L2TP over IP may be secured with IPsec. + [RFC3193] defines the recommended method for securing L2TPv2. L2TPv3 + possesses identical characteristics to IPsec as L2TPv2 when running + over UDP and implementations MUST follow the same recommendation. + When operating over IP directly, [RFC3193] still applies, though + references to UDP source and destination ports (in particular, those + + + +Lau, et al. Standards Track [Page 20] + +RFC 3931 L2TPv3 March 2005 + + + in Section 4, "IPsec Filtering details when protecting L2TP") may be + ignored. Instead, the selectors used to identify L2TPv3 traffic are + simply the source and destination IP addresses for the tunnel + endpoints together with the L2TPv3 IP protocol type, 115. + + In addition to IP transport security, IPsec defines a mode of + operation that allows tunneling of IP packets. The packet-level + encryption and authentication provided by IPsec tunnel mode and that + provided by L2TP secured with IPsec provide an equivalent level of + security for these requirements. + + IPsec also defines access control features that are required of a + compliant IPsec implementation. These features allow filtering of + packets based upon network and transport layer characteristics such + as IP address, ports, etc. In the L2TP tunneling model, analogous + filtering may be performed at the network layer above L2TP. These + network layer access control features may be handled at an LCCE via + vendor-specific authorization features, or at the network layer + itself by using IPsec transport mode end-to-end between the + communicating hosts. The requirements for access control mechanisms + are not a part of the L2TP specification, and as such, are outside + the scope of this document. + + Protecting the L2TP packet stream with IPsec does, in turn, also + protect the data within the tunneled session packets while + transported from one LCCE to the other. Such protection must not be + considered a substitution for end-to-end security between + communicating hosts or applications. + +4.1.4. IP Fragmentation Issues + + Fragmentation and reassembly in network equipment generally require + significantly greater resources than sending or receiving a packet as + a single unit. As such, fragmentation and reassembly should be + avoided whenever possible. Ideal solutions for avoiding + fragmentation include proper configuration and management of MTU + sizes among the Remote System, the LCCE, and the IP network, as well + as adaptive measures that operate with the originating host (e.g., + [RFC1191], [RFC1981]) to reduce the packet sizes at the source. + + An LCCE MAY fragment a packet before encapsulating it in L2TP. For + example, if an IPv4 packet arrives at an LCCE from a Remote System + that, after encapsulation with its associated framing, L2TP, and IP, + does not fit in the available path MTU towards its LCCE peer, the + local LCCE may perform IPv4 fragmentation on the packet before tunnel + encapsulation. This creates two (or more) L2TP packets, each + + + + + +Lau, et al. Standards Track [Page 21] + +RFC 3931 L2TPv3 March 2005 + + + carrying an IPv4 fragment with its associated framing. This + ultimately has the effect of placing the burden of fragmentation on + the LCCE, while reassembly occurs on the IPv4 destination host. + + If an IPv6 packet arrives at an LCCE from a Remote System that, after + encapsulation with associated framing, L2TP and IP, does not fit in + the available path MTU towards its L2TP peer, the Generic Packet + Tunneling specification [RFC2473], Section 7.1 SHOULD be followed. + In this case, the LCCE should either send an ICMP Packet Too Big + message to the data source, or fragment the resultant L2TP/IP packet + (for reassembly by the L2TP peer). + + If the amount of traffic requiring fragmentation and reassembly is + rather light, or there are sufficiently optimized mechanisms at the + tunnel endpoints, fragmentation of the L2TP/IP packet may be + sufficient for accommodating mismatched MTUs that cannot be managed + by more efficient means. This method effectively emulates a larger + MTU between tunnel endpoints and should work for any type of L2- + encapsulated packet. Note that IPv6 does not support "in-flight" + fragmentation of data packets. Thus, unlike IPv4, the MTU of the + path towards an L2TP peer must be known in advance (or the last + resort IPv6 minimum MTU of 1280 bytes utilized) so that IPv6 + fragmentation may occur at the LCCE. + + In summary, attempting to control the source MTU by communicating + with the originating host, forcing that an MTU be sufficiently large + on the path between LCCE peers to tunnel a frame from any other + interface without fragmentation, fragmenting IP packets before + encapsulation with L2TP/IP, or fragmenting the resultant L2TP/IP + packet between the tunnel endpoints, are all valid methods for + managing MTU mismatches. Some are clearly better than others + depending on the given deployment. For example, a passive monitoring + application using L2TP would certainly not wish to have ICMP messages + sent to a traffic source. Further, if the links connecting a set of + LCCEs have a very large MTU (e.g., SDH/SONET) and it is known that + the MTU of all links being tunneled by L2TP have smaller MTUs (e.g., + 1500 bytes), then any IP fragmentation and reassembly enabled on the + participating LCCEs would never be utilized. An implementation MUST + implement at least one of the methods described in this section for + managing mismatched MTUs, based on careful consideration of how the + final product will be deployed. + + L2TP-specific fragmentation and reassembly methods, which may or may + not depend on the characteristics of the type of link being tunneled + (e.g., judicious packing of ATM cells), may be defined as well, but + these methods are outside the scope of this document. + + + + + +Lau, et al. Standards Track [Page 22] + +RFC 3931 L2TPv3 March 2005 + + +4.2. Reliable Delivery of Control Messages + + L2TP provides a lower level reliable delivery service for all control + messages. The Nr and Ns fields of the control message header (see + Section 3.2.1) belong to this delivery mechanism. The upper level + functions of L2TP are not concerned with retransmission or ordering + of control messages. The reliable control messaging mechanism is a + sliding window mechanism that provides control message retransmission + and congestion control. Each peer maintains separate sequence number + state for each control connection. + + The message sequence number, Ns, begins at 0. Each subsequent + message is sent with the next increment of the sequence number. The + sequence number is thus a free-running counter represented modulo + 65536. The sequence number in the header of a received message is + considered less than or equal to the last received number if its + value lies in the range of the last received number and the preceding + 32767 values, inclusive. For example, if the last received sequence + number was 15, then messages with sequence numbers 0 through 15, as + well as 32784 through 65535, would be considered less than or equal. + Such a message would be considered a duplicate of a message already + received and ignored from processing. However, in order to ensure + that all messages are acknowledged properly (particularly in the case + of a lost ACK message), receipt of duplicate messages MUST be + acknowledged by the reliable delivery mechanism. This acknowledgment + may either piggybacked on a message in queue or sent explicitly via + an ACK message. + + All control messages take up one slot in the control message sequence + number space, except the ACK message. Thus, Ns is not incremented + after an ACK message is sent. + + The last received message number, Nr, is used to acknowledge messages + received by an L2TP peer. It contains the sequence number of the + message the peer expects to receive next (e.g., the last Ns of a + non-ACK message received plus 1, modulo 65536). While the Nr in a + received ACK message is used to flush messages from the local + retransmit queue (see below), the Nr of the next message sent is not + updated by the Ns of the ACK message. Nr SHOULD be sanity-checked + before flushing the retransmit queue. For instance, if the Nr + received in a control message is greater than the last Ns sent plus 1 + modulo 65536, the control message is clearly invalid. + + The reliable delivery mechanism at a receiving peer is responsible + for making sure that control messages are delivered in order and + without duplication to the upper level. Messages arriving out-of- + order may be queued for in-order delivery when the missing messages + + + + +Lau, et al. Standards Track [Page 23] + +RFC 3931 L2TPv3 March 2005 + + + are received. Alternatively, they may be discarded, thus requiring a + retransmission by the peer. When dropping out-of-order control + packets, Nr MAY be updated before the packet is discarded. + + Each control connection maintains a queue of control messages to be + transmitted to its peer. The message at the front of the queue is + sent with a given Ns value and is held until a control message + arrives from the peer in which the Nr field indicates receipt of this + message. After a period of time (a recommended default is 1 second + but SHOULD be configurable) passes without acknowledgment, the + message is retransmitted. The retransmitted message contains the + same Ns value, but the Nr value MUST be updated with the sequence + number of the next expected message. + + Each subsequent retransmission of a message MUST employ an + exponential backoff interval. Thus, if the first retransmission + occurred after 1 second, the next retransmission should occur after 2 + seconds has elapsed, then 4 seconds, etc. An implementation MAY + place a cap upon the maximum interval between retransmissions. This + cap SHOULD be no less than 8 seconds per retransmission. If no peer + response is detected after several retransmissions (a recommended + default is 10, but MUST be configurable), the control connection and + all associated sessions MUST be cleared. As it is the first message + to establish a control connection, the SCCRQ MAY employ a different + retransmission maximum than other control messages in order to help + facilitate failover to alternate LCCEs in a timely fashion. + + When a control connection is being shut down for reasons other than + loss of connectivity, the state and reliable delivery mechanisms MUST + be maintained and operated for the full retransmission interval after + the final message StopCCN message has been sent (e.g., 1 + 2 + 4 + 8 + + 8... seconds), or until the StopCCN message itself has been + acknowledged. + + A sliding window mechanism is used for control message transmission + and retransmission. Consider two peers, A and B. Suppose A + specifies a Receive Window Size AVP with a value of N in the SCCRQ or + SCCRP message. B is now allowed to have a maximum of N outstanding + (i.e., unacknowledged) control messages. Once N messages have been + sent, B must wait for an acknowledgment from A that advances the + window before sending new control messages. An implementation may + advertise a non-zero receive window as small or as large as it + wishes, depending on its own ability to process incoming messages + before sending an acknowledgement. Each peer MUST limit the number + of unacknowledged messages it will send before receiving an + acknowledgement by this Receive Window Size. The actual internal + + + + + +Lau, et al. Standards Track [Page 24] + +RFC 3931 L2TPv3 March 2005 + + + unacknowledged message send-queue depth may be further limited by + local resource allocation or by dynamic slow-start and congestion- + avoidance mechanisms. + + When retransmitting control messages, a slow start and congestion + avoidance window adjustment procedure SHOULD be utilized. A + recommended procedure is described in Appendix A. A peer MAY drop + messages, but MUST NOT actively delay acknowledgment of messages as a + technique for flow control of control messages. Appendix B contains + examples of control message transmission, acknowledgment, and + retransmission. + +4.3. Control Message Authentication + + L2TP incorporates an optional authentication and integrity check for + all control messages. This mechanism consists of a computed one-way + hash over the header and body of the L2TP control message, a pre- + configured shared secret, and a local and remote nonce (random value) + exchanged via the Control Message Authentication Nonce AVP. This + per-message authentication and integrity check is designed to perform + a mutual authentication between L2TP nodes, perform integrity + checking of all control messages, and guard against control message + spoofing and replay attacks that would otherwise be trivial to mount. + + At least one shared secret (password) MUST exist between + communicating L2TP nodes to enable Control Message Authentication. + See Section 5.4.3 for details on calculation of the Message Digest + and construction of the Control Message Authentication Nonce and + Message Digest AVPs. + + L2TPv3 Control Message Authentication is similar to L2TPv2 [RFC2661] + Tunnel Authentication in its use of a shared secret and one-way hash + calculation. The principal difference is that, instead of computing + the hash over selected contents of a received control message (e.g., + the Challenge AVP and Message Type) as in L2TPv2, the entire message + is used in the hash in L2TPv3. In addition, instead of including the + hash digest in just the SCCRP and SCCCN messages, it is now included + in all L2TP messages. + + The Control Message Authentication mechanism is optional, and may be + disabled if both peers agree. For example, if IPsec is already being + used for security and integrity checking between the LCCEs, the + function of the L2TP mechanism becomes redundant and may be disabled. + + Presence of the Control Message Authentication Nonce AVP in an SCCRQ + or SCCRP message serves as indication to a peer that Control Message + Authentication is enabled. If an SCCRQ or SCCRP contains a Control + Message Authentication Nonce AVP, the receiver of the message MUST + + + +Lau, et al. Standards Track [Page 25] + +RFC 3931 L2TPv3 March 2005 + + + respond with a Message Digest AVP in all subsequent messages sent. + Control Message Authentication is always bidirectional; either both + sides participate in authentication, or neither does. + + If Control Message Authentication is disabled, the Message Digest AVP + still MAY be sent as an integrity check of the message. The + integrity check is calculated as in Section 5.4.3, with an empty + zero-length shared secret, local nonce, and remote nonce. If an + invalid Message Digest is received, it should be assumed that the + message has been corrupted in transit and the message dropped + accordingly. + + Implementations MAY rate-limit control messages, particularly SCCRQ + messages, upon receipt for performance reasons or for protection + against denial of service attacks. + +4.4. Keepalive (Hello) + + L2TP employs a keepalive mechanism to detect loss of connectivity + between a pair of LCCEs. This is accomplished by injecting Hello + control messages (see Section 6.5) after a period of time has elapsed + since the last data message or control message was received on an + L2TP session or control connection, respectively. As with any other + control message, if the Hello message is not reliably delivered, the + sending LCCE declares that the control connection is down and resets + its state for the control connection. This behavior ensures that a + connectivity failure between the LCCEs is detected independently by + each end of a control connection. + + Since the control channel is operated in-band with data traffic over + the PSN, this single mechanism can be used to infer basic data + connectivity between a pair of LCCEs for all sessions associated with + the control connection. + + Periodic keepalive for the control connection MUST be implemented by + sending a Hello if a period of time (a recommended default is 60 + seconds, but MUST be configurable) has passed without receiving any + message (data or control) from the peer. An LCCE sending Hello + messages across multiple control connections between the same LCCE + endpoints MUST employ a jittered timer mechanism to prevent grouping + of Hello messages. + +4.5. Forwarding Session Data Frames + + Once session establishment is complete, circuit frames are received + at an LCCE, encapsulated in L2TP (with appropriate attention to + framing, as described in documents for the particular pseudowire + type), and forwarded over the appropriate session. For every + + + +Lau, et al. Standards Track [Page 26] + +RFC 3931 L2TPv3 March 2005 + + + outgoing data message, the sender places the identifier specified in + the Local Session ID AVP (received from peer during session + establishment) in the Session ID field of the L2TP data header. In + this manner, session frames are multiplexed and demultiplexed between + a given pair of LCCEs. Multiple control connections may exist + between a given pair of LCCEs, and multiple sessions may be + associated with a given control connection. + + The peer LCCE receiving the L2TP data packet identifies the session + with which the packet is associated by the Session ID in the data + packet's header. The LCCE then checks the Cookie field in the data + packet against the Cookie value received in the Assigned Cookie AVP + during session establishment. It is important for implementers to + note that the Cookie field check occurs after looking up the session + context by the Session ID, and as such, consists merely of a value + match of the Cookie field and that stored in the retrieved context. + There is no need to perform a lookup across the Session ID and Cookie + as a single value. Any received data packets that contain invalid + Session IDs or associated Cookie values MUST be dropped. Finally, + the LCCE either forwards the network packet within the tunneled frame + (e.g., as an LNS) or switches the frame to a circuit (e.g., as an + LAC). + +4.6. Default L2-Specific Sublayer + + This document defines a Default L2-Specific Sublayer format (see + Section 3.2.2) that a pseudowire may use for features such as + sequencing support, L2 interworking, OAM, or other per-data-packet + operations. The Default L2-Specific Sublayer SHOULD be used by a + given PW type to support these features if it is adequate, and its + presence is requested by a peer during session negotiation. + Alternative sublayers MAY be defined (e.g., an encapsulation with a + larger Sequence Number field or timing information) and identified + for use via the L2-Specific Sublayer Type AVP. + + Figure 4.6: Default L2-Specific Sublayer Format + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |x|S|x|x|x|x|x|x| Sequence Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The S (Sequence) bit is set to 1 when the Sequence Number contains a + valid number for this sequenced frame. If the S bit is set to zero, + the Sequence Number contents are undefined and MUST be ignored by the + receiver. + + + + +Lau, et al. Standards Track [Page 27] + +RFC 3931 L2TPv3 March 2005 + + + The Sequence Number field contains a free-running counter of 2^24 + sequence numbers. If the number in this field is valid, the S bit + MUST be set to 1. The Sequence Number begins at zero, which is a + valid sequence number. (In this way, implementations inserting + sequence numbers do not have to "skip" zero when incrementing.) The + sequence number in the header of a received message is considered + less than or equal to the last received number if its value lies in + the range of the last received number and the preceding (2^23-1) + values, inclusive. + +4.6.1. Sequencing Data Packets + + The Sequence Number field may be used to detect lost, duplicate, or + out-of-order packets within a given session. + + When L2 frames are carried over an L2TP-over-IP or L2TP-over-UDP/IP + data channel, this part of the link has the characteristic of being + able to reorder, duplicate, or silently drop packets. Reordering may + break some non-IP protocols or L2 control traffic being carried by + the link. Silent dropping or duplication of packets may break + protocols that assume per-packet indications of error, such as TCP + header compression. While a common mechanism for packet sequence + detection is provided, the sequence dependency characteristics of + individual protocols are outside the scope of this document. + + If any protocol being transported by over L2TP data channels cannot + tolerate misordering of data packets, packet duplication, or silent + packet loss, sequencing may be enabled on some or all packets by + using the S bit and Sequence Number field defined in the Default L2- + Specific Sublayer (see Section 4.6). For a given L2TP session, each + LCCE is responsible for communicating to its peer the level of + sequencing support that it requires of data packets that it receives. + Mechanisms to advertise this information during session negotiation + are provided (see Data Sequencing AVP in Section 5.4.4). + + When determining whether a packet is in or out of sequence, an + implementation SHOULD utilize a method that is resilient to temporary + dropouts in connectivity coupled with high per-session packet rates. + The recommended method is outlined in Appendix C. + +4.7. L2TPv2/v3 Interoperability and Migration + + L2TPv2 and L2TPv3 environments should be able to coexist while a + migration to L2TPv3 is made. Migration issues are discussed for each + media type in this section. Most issues apply only to + implementations that require both L2TPv2 and L2TPv3 operation. + + + + + +Lau, et al. Standards Track [Page 28] + +RFC 3931 L2TPv3 March 2005 + + + However, even L2TPv3-only implementations must at least be mindful of + these issues in order to interoperate with implementations that + support both versions. + +4.7.1. L2TPv3 over IP + + L2TPv3 implementations running strictly over IP with no desire to + interoperate with L2TPv2 implementations may safely disregard most + migration issues from L2TPv2. All control messages and data messages + are sent as described in this document, without normative reference + to RFC 2661. + + If one wishes to tunnel PPP over L2TPv3, and fallback to L2TPv2 only + if it is not available, then L2TPv3 over UDP with automatic fallback + (see Section 4.7.3) MUST be used. There is no deterministic method + for automatic fallback from L2TPv3 over IP to either L2TPv2 or L2TPv3 + over UDP. One could infer whether L2TPv3 over IP is supported by + sending an SCCRQ and waiting for a response, but this could be + problematic during periods of packet loss between L2TP nodes. + +4.7.2. L2TPv3 over UDP + + The format of the L2TPv3 over UDP header is defined in Section + 4.1.2.1. + + When operating over UDP, L2TPv3 uses the same port (1701) as L2TPv2 + and shares the first two octets of header format with L2TPv2. The + Ver field is used to distinguish L2TPv2 packets from L2TPv3 packets. + If an implementation is capable of operating in L2TPv2 or L2TPv3 + modes, it is possible to automatically detect whether a peer can + support L2TPv2 or L2TPv3 and operate accordingly. The details of + this fallback capability is defined in the following section. + +4.7.3. Automatic L2TPv2 Fallback + + When running over UDP, an implementation may detect whether a peer is + L2TPv3-capable by sending a special SCCRQ that is properly formatted + for both L2TPv2 and L2TPv3. This is accomplished by sending an SCCRQ + with its Ver field set to 2 (for L2TPv2), and ensuring that any + L2TPv3-specific AVPs (i.e., AVPs present within this document and not + defined within RFC 2661) in the message are sent with each M bit set + to 0, and that all L2TPv2 AVPs are present as they would be for + L2TPv2. This is done so that L2TPv3 AVPs will be ignored by an + L2TPv2-only implementation. Note that, in both L2TPv2 and L2TPv3, + the value contained in the space of the control message header + utilized by the 32-bit Control Connection ID in L2TPv3, and the 16- + bit Tunnel ID and + + + + +Lau, et al. Standards Track [Page 29] + +RFC 3931 L2TPv3 March 2005 + + + 16-bit Session ID in L2TPv2, are always 0 for an SCCRQ. This + effectively hides the fact that there are a pair of 16-bit fields in + L2TPv2, and a single 32-bit field in L2TPv3. + + If the peer implementation is L2TPv3-capable, a control message with + the Ver field set to 3 and an L2TPv3 header and message format will + be sent in response to the SCCRQ. Operation may then continue as + L2TPv3. If a message is received with the Ver field set to 2, it + must be assumed that the peer implementation is L2TPv2-only, thus + enabling fallback to L2TPv2 mode to safely occur. + + Note Well: The L2TPv2/v3 auto-detection mode requires that all L2TPv3 + implementations over UDP be liberal in accepting an SCCRQ control + message with the Ver field set to 2 or 3 and the presence of L2TPv2- + specific AVPs. An L2TPv3-only implementation MUST ignore all L2TPv2 + AVPs (e.g., those defined in RFC 2661 and not in this document) + within an SCCRQ with the Ver field set to 2 (even if the M bit is set + on the L2TPv2-specific AVPs). + +5. Control Message Attribute Value Pairs + + To maximize extensibility while permitting interoperability, a + uniform method for encoding message types is used throughout L2TP. + This encoding will be termed AVP (Attribute Value Pair) for the + remainder of this document. + +5.1. AVP Format + + Each AVP is encoded as follows: + + Figure 5.1: AVP Format + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |M|H| rsvd | Length | Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Attribute Type | Attribute Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + (until Length is reached) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The first six bits comprise a bit mask that describes the general + attributes of the AVP. Two bits are defined in this document; the + remaining bits are reserved for future extensions. Reserved bits + MUST be set to 0 when sent and ignored upon receipt. + + + + + +Lau, et al. Standards Track [Page 30] + +RFC 3931 L2TPv3 March 2005 + + + Mandatory (M) bit: Controls the behavior required of an + implementation that receives an unrecognized AVP. The M bit of a + given AVP MUST only be inspected and acted upon if the AVP is + unrecognized (see Section 5.2). + + Hidden (H) bit: Identifies the hiding of data in the Attribute Value + field of an AVP. This capability can be used to avoid the passing of + sensitive data, such as user passwords, as cleartext in an AVP. + Section 5.3 describes the procedure for performing AVP hiding. + + Length: Contains the number of octets (including the Overall Length + and bit mask fields) contained in this AVP. The Length may be + calculated as 6 + the length of the Attribute Value field in octets. + + The field itself is 10 bits, permitting a maximum of 1023 octets of + data in a single AVP. The minimum Length of an AVP is 6. If the + Length is 6, then the Attribute Value field is absent. + + Vendor ID: The IANA-assigned "SMI Network Management Private + Enterprise Codes" [RFC1700] value. The value 0, corresponding to + IETF-adopted attribute values, is used for all AVPs defined within + this document. Any vendor wishing to implement its own L2TP + extensions can use its own Vendor ID along with private Attribute + values, guaranteeing that they will not collide with any other + vendor's extensions or future IETF extensions. Note that there are + 16 bits allocated for the Vendor ID, thus limiting this feature to + the first 65,535 enterprises. + + Attribute Type: A 2-octet value with a unique interpretation across + all AVPs defined under a given Vendor ID. + + Attribute Value: This is the actual value as indicated by the Vendor + ID and Attribute Type. It follows immediately after the Attribute + Type field and runs for the remaining octets indicated in the Length + (i.e., Length minus 6 octets of header). This field is absent if the + Length is 6. + + In the event that the 16-bit Vendor ID space is exhausted, vendor- + specific AVPs with a 32-bit Vendor ID MUST be encapsulated in the + following manner: + + + + + + + + + + + +Lau, et al. Standards Track [Page 31] + +RFC 3931 L2TPv3 March 2005 + + + Figure 5.2: Extended Vendor ID AVP Format + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |M|H| rsvd | Length | 0 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 58 | 32-bit Vendor ID ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Attribute Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Attribute Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + (until Length is reached) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + This AVP encodes a vendor-specific AVP with a 32-bit Vendor ID space + within the Attribute Value field. Multiple AVPs of this type may + exist in any message. The 16-bit Vendor ID MUST be 0, indicating + that this is an IETF-defined AVP, and the Attribute Type MUST be 58, + indicating that what follows is a vendor-specific AVP with a 32-bit + Vendor ID code. This AVP MAY be hidden (the H bit MAY be 0 or 1). + The M bit for this AVP MUST be set to 0. The Length of the AVP is 12 + plus the length of the Attribute Value. + +5.2. Mandatory AVPs and Setting the M Bit + + If the M bit is set on an AVP that is unrecognized by its recipient, + the session or control connection associated with the control message + containing the AVP MUST be shut down. If the control message + containing the unrecognized AVP is associated with a session (e.g., + an ICRQ, ICRP, ICCN, SLI, etc.), then the session MUST be issued a + CDN with a Result Code of 2 and Error Code of 8 (as defined in + Section 5.4.2) and shut down. If the control message containing the + unrecognized AVP is associated with establishment or maintenance of a + Control Connection (e.g., SCCRQ, SCCRP, SCCCN, Hello), then the + associated Control Connection MUST be issued a StopCCN with Result + Code of 2 and Error Code of 8 (as defined in Section 5.4.2) and shut + down. If the M bit is not set on an unrecognized AVP, the AVP MUST + be ignored when received, processing the control message as if the + AVP were not present. + + Receipt of an unrecognized AVP that has the M bit set is catastrophic + to the session or control connection with which it is associated. + Thus, the M bit should only be set for AVPs that are deemed crucial + to proper operation of the session or control connection by the + sender. AVPs that are considered crucial by the sender may vary by + application and configured options. In no case shall a receiver of + + + +Lau, et al. Standards Track [Page 32] + +RFC 3931 L2TPv3 March 2005 + + + an AVP "validate" if the M bit is set on a recognized AVP. If the + AVP is recognized (as all AVPs defined in this document MUST be for a + compliant L2TPv3 specification), then by definition, the M bit is of + no consequence. + + The sender of an AVP is free to set its M bit to 1 or 0 based on + whether the configured application strictly requires the value + contained in the AVP to be recognized or not. For example, + "Automatic L2TPv2 Fallback" in Section 4.7.3 requires the setting of + the M bit on all new L2TPv3 AVPs to zero if fallback to L2TPv2 is + supported and desired, and 1 if not. + + The M bit is useful as extra assurance for support of critical AVP + extensions. However, more explicit methods may be available to + determine support for a given feature rather than using the M bit + alone. For example, if a new AVP is defined in a message for which + there is always a message reply (i.e., an ICRQ, ICRP, SCCRQ, or SCCRP + message), rather than simply sending an AVP in the message with the M + bit set, availability of the extension may be identified by sending + an AVP in the request message and expecting a corresponding AVP in a + reply message. This more explicit method, when possible, is + preferred. + + The M bit also plays a role in determining whether or not a malformed + or out-of-range value within an AVP should be ignored or should + result in termination of a session or control connection (see Section + 7.1 for more details). + +5.3. Hiding of AVP Attribute Values + + The H bit in the header of each AVP provides a mechanism to indicate + to the receiving peer whether the contents of the AVP are hidden or + present in cleartext. This feature can be used to hide sensitive + control message data such as user passwords, IDs, or other vital + information. + + The H bit MUST only be set if (1) a shared secret exists between the + LCCEs and (2) Control Message Authentication is enabled (see Section + 4.3). If the H bit is set in any AVP(s) in a given control message, + at least one Random Vector AVP must also be present in the message + and MUST precede the first AVP having an H bit of 1. + + + + + + + + + + +Lau, et al. Standards Track [Page 33] + +RFC 3931 L2TPv3 March 2005 + + + The shared secret between LCCEs is used to derive a unique shared key + for hiding and unhiding calculations. The derived shared key is + obtained via an HMAC-MD5 keyed hash [RFC2104], with the key + consisting of the shared secret, and with the data being hashed + consisting of a single octet containing the value 1. + + shared_key = HMAC_MD5 (shared_secret, 1) + + Hiding an AVP value is done in several steps. The first step is to + take the length and value fields of the original (cleartext) AVP and + encode them into the Hidden AVP Subformat, which appears as follows: + + Figure 5.3: Hidden AVP Subformat + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Length of Original Value | Original Attribute Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... | Padding ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Length of Original Attribute Value: This is length of the Original + Attribute Value to be obscured in octets. This is necessary to + determine the original length of the Attribute Value that is lost + when the additional Padding is added. + + Original Attribute Value: Attribute Value that is to be obscured. + + Padding: Random additional octets used to obscure length of the + Attribute Value that is being hidden. + + To mask the size of the data being hidden, the resulting subformat + MAY be padded as shown above. Padding does NOT alter the value + placed in the Length of Original Attribute Value field, but does + alter the length of the resultant AVP that is being created. For + example, if an Attribute Value to be hidden is 4 octets in length, + the unhidden AVP length would be 10 octets (6 + Attribute Value + length). After hiding, the length of the AVP would become 6 + + Attribute Value length + size of the Length of Original Attribute + Value field + Padding. Thus, if Padding is 12 octets, the AVP length + would be 6 + 4 + 2 + 12 = 24 octets. + + + + + + + + + +Lau, et al. Standards Track [Page 34] + +RFC 3931 L2TPv3 March 2005 + + + Next, an MD5 [RFC1321] hash is performed (in network byte order) on + the concatenation of the following: + + + the 2-octet Attribute number of the AVP + + the shared key + + an arbitrary length random vector + + The value of the random vector used in this hash is passed in the + value field of a Random Vector AVP. This Random Vector AVP must be + placed in the message by the sender before any hidden AVPs. The same + random vector may be used for more than one hidden AVP in the same + message, but not for hiding two or more instances of an AVP with the + same Attribute Type unless the Attribute Values in the two AVPs are + also identical. When a different random vector is used for the + hiding of subsequent AVPs, a new Random Vector AVP MUST be placed in + the control message before the first AVP to which it applies. + + The MD5 hash value is then XORed with the first 16-octet (or less) + segment of the Hidden AVP Subformat and placed in the Attribute Value + field of the Hidden AVP. If the Hidden AVP Subformat is less than 16 + octets, the Subformat is transformed as if the Attribute Value field + had been padded to 16 octets before the XOR. Only the actual octets + present in the Subformat are modified, and the length of the AVP is + not altered. + + If the Subformat is longer than 16 octets, a second one-way MD5 hash + is calculated over a stream of octets consisting of the shared key + followed by the result of the first XOR. That hash is XORed with the + second 16-octet (or less) segment of the Subformat and placed in the + corresponding octets of the Value field of the Hidden AVP. + + If necessary, this operation is repeated, with the shared key used + along with each XOR result to generate the next hash to XOR the next + segment of the value with. + + The hiding method was adapted from [RFC2865], which was taken from + the "Mixing in the Plaintext" section in the book "Network Security" + by Kaufman, Perlman and Speciner [KPS]. A detailed explanation of + the method follows: + + Call the shared key S, the Random Vector RV, and the Attribute Type + A. Break the value field into 16-octet chunks p_1, p_2, etc., with + the last one padded at the end with random data to a 16-octet + boundary. Call the ciphertext blocks c_1, c_2, etc. We will also + define intermediate values b_1, b_2, etc. + + + + + + +Lau, et al. Standards Track [Page 35] + +RFC 3931 L2TPv3 March 2005 + + + b_1 = MD5 (A + S + RV) c_1 = p_1 xor b_1 + b_2 = MD5 (S + c_1) c_2 = p_2 xor b_2 + . . + . . + . . + b_i = MD5 (S + c_i-1) c_i = p_i xor b_i + + The String will contain c_1 + c_2 +...+ c_i, where "+" denotes + concatenation. + + On receipt, the random vector is taken from the last Random Vector + AVP encountered in the message prior to the AVP to be unhidden. The + above process is then reversed to yield the original value. + +5.4. AVP Summary + + The following sections contain a list of all L2TP AVPs defined in + this document. + + Following the name of the AVP is a list indicating the message types + that utilize each AVP. After each AVP title follows a short + description of the purpose of the AVP, a detail (including a graphic) + of the format for the Attribute Value, and any additional information + needed for proper use of the AVP. + +5.4.1. General Control Message AVPs + + Message Type (All Messages) + + The Message Type AVP, Attribute Type 0, identifies the control + message herein and defines the context in which the exact meaning + of the following AVPs will be determined. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Message Type is a 2-octet unsigned integer. + + The Message Type AVP MUST be the first AVP in a message, + immediately following the control message header (defined in + Section 3.2.1). See Section 3.1 for the list of defined control + message types and their identifiers. + + + + +Lau, et al. Standards Track [Page 36] + +RFC 3931 L2TPv3 March 2005 + + + The Mandatory (M) bit within the Message Type AVP has special + meaning. Rather than an indication as to whether the AVP itself + should be ignored if not recognized, it is an indication as to + whether the control message itself should be ignored. If the M + bit is set within the Message Type AVP and the Message Type is + unknown to the implementation, the control connection MUST be + cleared. If the M bit is not set, then the implementation may + ignore an unknown message type. The M bit MUST be set to 1 for + all message types defined in this document. This AVP MUST NOT be + hidden (the H bit MUST be 0). The Length of this AVP is 8. + + A vendor-specific control message may be defined by setting the + Vendor ID of the Message Type AVP to a value other than the IETF + Vendor ID of 0 (see Section 5.1). The Message Type AVP MUST still + be the first AVP in the control message. + + Message Digest (All Messages) + + The Message Digest AVP, Attribute Type 59 is used as an integrity + and authentication check of the L2TP Control Message header and + body. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Digest Type | Message Digest ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... (16 or 20 octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Digest Type is a one-octet integer indicating the Digest + calculation algorithm: + + 0 HMAC-MD5 [RFC2104] + 1 HMAC-SHA-1 [RFC2104] + + Digest Type 0 (HMAC-MD5) MUST be supported, while Digest Type 1 + (HMAC-SHA-1) SHOULD be supported. + + The Message Digest is of variable length and contains the result + of the control message authentication and integrity calculation. + For Digest Type 0 (HMAC-MD5), the length of the digest MUST be 16 + + + +Lau, et al. Standards Track [Page 37] + +RFC 3931 L2TPv3 March 2005 + + + bytes. For Digest Type 1 (HMAC-SHA-1) the length of the digest + MUST be 20 bytes. + + If Control Message Authentication is enabled, at least one Message + Digest AVP MUST be present in all messages and MUST be placed + immediately after the Message Type AVP. This forces the Message + Digest AVP to begin at a well-known and fixed offset. A second + Message Digest AVP MAY be present in a message and MUST be placed + directly after the first Message Digest AVP. + + The shared secret between LCCEs is used to derive a unique shared + key for Control Message Authentication calculations. The derived + shared key is obtained via an HMAC-MD5 keyed hash [RFC2104], with + the key consisting of the shared secret, and with the data being + hashed consisting of a single octet containing the value 2. + + shared_key = HMAC_MD5 (shared_secret, 2) + + Calculation of the Message Digest is as follows for all messages + other than the SCCRQ (where "+" refers to concatenation): + + Message Digest = HMAC_Hash (shared_key, local_nonce + + remote_nonce + control_message) + + HMAC_Hash: HMAC Hashing algorithm identified by the Digest Type + (MD5 or SHA1) + + local_nonce: Nonce chosen locally and advertised to the remote + LCCE. + + remote_nonce: Nonce received from the remote LCCE + + (The local_nonce and remote_nonce are advertised via the + Control Message Authentication Nonce AVP, also defined in this + section.) + + shared_key: Derived shared key for this control connection + + control_message: The entire contents of the L2TP control + message, including the control message header and all AVPs. + Note that the control message header in this case begins after + the all-zero Session ID when running over IP (see Section + 4.1.1.2), and after the UDP header when running over UDP (see + Section 4.1.2.1). + + When calculating the Message Digest, the Message Digest AVP MUST + be present within the control message with the Digest Type set to + its proper value, but the Message Digest itself set to zeros. + + + +Lau, et al. Standards Track [Page 38] + +RFC 3931 L2TPv3 March 2005 + + + When receiving a control message, the contents of the Message + Digest AVP MUST be compared against the expected digest value + based on local calculation. This is done by performing the same + digest calculation above, with the local_nonce and remote_nonce + reversed. This message authenticity and integrity checking MUST + be performed before utilizing any information contained within the + control message. If the calculation fails, the message MUST be + dropped. + + The SCCRQ has special treatment as it is the initial message + commencing a new control connection. As such, there is only one + nonce available. Since the nonce is present within the message + itself as part of the Control Message Authentication Nonce AVP, + there is no need to use it in the calculation explicitly. + Calculation of the SCCRQ Message Digest is performed as follows: + + Message Digest = HMAC_Hash (shared_key, control_message) + + To allow for graceful switchover to a new shared secret or hash + algorithm, two Message Digest AVPs MAY be present in a control + message, and two shared secrets MAY be configured for a given + LCCE. If two Message Digest AVPs are received in a control + message, the message MUST be accepted if either Message Digest is + valid. If two shared secrets are configured, each (separately) + MUST be used for calculating a digest to be compared to the + Message Digest(s) received. When calculating a digest for a + control message, the Value field for both of the Message Digest + AVPs MUST be set to zero. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length is 23 for Digest Type 1 (HMAC-MD5), and 27 for Digest Type + 2 (HMAC-SHA-1). + + Control Message Authentication Nonce (SCCRQ, SCCRP) + + The Control Message Authentication Nonce AVP, Attribute Type 73, + MUST contain a cryptographically random value [RFC1750]. This + value is used for Control Message Authentication. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Nonce ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Lau, et al. Standards Track [Page 39] + +RFC 3931 L2TPv3 March 2005 + + + The Nonce is of arbitrary length, though at least 16 octets is + recommended. The Nonce contains the random value for use in the + Control Message Authentication hash calculation (see Message + Digest AVP definition in this section). + + If Control Message Authentication is enabled, this AVP MUST be + present in the SCCRQ and SCCRP messages. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length of this AVP is 6 plus the length of the Nonce. + + Random Vector (All Messages) + + The Random Vector AVP, Attribute Type 36, MUST contain a + cryptographically random value [RFC1750]. This value is used for + AVP Hiding. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Random Octet String ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Random Octet String is of arbitrary length, though at least 16 + octets is recommended. The string contains the random vector for + use in computing the MD5 hash to retrieve or hide the Attribute + Value of a hidden AVP (see Section 5.3). + + More than one Random Vector AVP may appear in a message, in which + case a hidden AVP uses the Random Vector AVP most closely + preceding it. As such, at least one Random Vector AVP MUST + precede the first AVP with the H bit set. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length of this AVP is 6 plus the length of the Random Octet + String. + +5.4.2. Result and Error Codes + + Result Code (StopCCN, CDN) + + The Result Code AVP, Attribute Type 1, indicates the reason for + terminating the control connection or session. + + + + +Lau, et al. Standards Track [Page 40] + +RFC 3931 L2TPv3 March 2005 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Result Code | Error Code (optional) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Error Message ... (optional, arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Result Code is a 2-octet unsigned integer. The optional Error + Code is a 2-octet unsigned integer. An optional Error Message can + follow the Error Code field. Presence of the Error Code and + Message is indicated by the AVP Length field. The Error Message + contains an arbitrary string providing further (human-readable) + text associated with the condition. Human-readable text in all + error messages MUST be provided in the UTF-8 charset [RFC3629] + using the Default Language [RFC2277]. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length is 8 if there is no Error Code or Message, 10 if there is + an Error Code and no Error Message, or 10 plus the length of the + Error Message if there is an Error Code and Message. + + Defined Result Code values for the StopCCN message are as follows: + + 0 - Reserved. + 1 - General request to clear control connection. + 2 - General error, Error Code indicates the problem. + 3 - Control connection already exists. + 4 - Requester is not authorized to establish a control + connection. + 5 - The protocol version of the requester is not supported, + Error Code indicates highest version supported. + 6 - Requester is being shut down. + 7 - Finite state machine error or timeout + + General Result Code values for the CDN message are as follows: + + 0 - Reserved. + 1 - Session disconnected due to loss of carrier or + circuit disconnect. + 2 - Session disconnected for the reason indicated in Error + Code. + 3 - Session disconnected for administrative reasons. + 4 - Session establishment failed due to lack of appropriate + facilities being available (temporary condition). + + + +Lau, et al. Standards Track [Page 41] + +RFC 3931 L2TPv3 March 2005 + + + 5 - Session establishment failed due to lack of appropriate + facilities being available (permanent condition). + 13 - Session not established due to losing tie breaker. + 14 - Session not established due to unsupported PW type. + 15 - Session not established, sequencing required without + valid L2-Specific Sublayer. + 16 - Finite state machine error or timeout. + + Additional service-specific Result Codes are defined outside this + document. + + The Error Codes defined below pertain to types of errors that are + not specific to any particular L2TP request, but rather to + protocol or message format errors. If an L2TP reply indicates in + its Result Code that a General Error occurred, the General Error + value should be examined to determine what the error was. The + currently defined General Error codes and their meanings are as + follows: + + 0 - No General Error. + 1 - No control connection exists yet for this pair of LCCEs. + 2 - Length is wrong. + 3 - One of the field values was out of range. + 4 - Insufficient resources to handle this operation now. + 5 - Invalid Session ID. + 6 - A generic vendor-specific error occurred. + 7 - Try another. If initiator is aware of other possible + responder destinations, it should try one of them. This can + be used to guide an LAC or LNS based on policy. + 8 - The session or control connection was shut down due to receipt + of an unknown AVP with the M bit set (see Section 5.2). The + Error Message SHOULD contain the attribute of the offending + AVP in (human-readable) text form. + 9 - Try another directed. If an LAC or LNS is aware of other + possible destinations, it should inform the initiator of the + control connection or session. The Error Message MUST contain + a comma-separated list of addresses from which the initiator + may choose. If the L2TP data channel runs over IPv4, then + this would be a comma-separated list of IP addresses in the + canonical dotted-decimal format (e.g., "192.0.2.1, 192.0.2.2, + 192.0.2.3") in the UTF-8 charset [RFC3629] using the Default + Language [RFC2277]. If there are no servers for the LAC or + LNS to suggest, then Error Code 7 should be used. For IPv4, + the delimiter between addresses MUST be precisely a single + comma and a single space. For IPv6, each literal address MUST + be enclosed in "[" and "]" characters, following the encoding + described in [RFC2732]. + + + + +Lau, et al. Standards Track [Page 42] + +RFC 3931 L2TPv3 March 2005 + + + When a General Error Code of 6 is used, additional information + about the error SHOULD be included in the Error Message field. A + vendor-specific AVP MAY be sent to more precisely detail a + vendor-specific problem. + +5.4.3. Control Connection Management AVPs + + Control Connection Tie Breaker (SCCRQ) + + The Control Connection Tie Breaker AVP, Attribute Type 5, + indicates that the sender desires a single control connection to + exist between a given pair of LCCEs. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Control Connection Tie Breaker Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... (64 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Control Connection Tie Breaker Value is an 8-octet random + value that is used to choose a single control connection when two + LCCEs request a control connection concurrently. The recipient of + a SCCRQ must check to see if a SCCRQ has been sent to the peer; if + so, a tie has been detected. In this case, the LCCE must compare + its Control Connection Tie Breaker value with the one received in + the SCCRQ. The lower value "wins", and the "loser" MUST discard + its control connection. A StopCCN SHOULD be sent by the winner as + an explicit rejection for the losing SCCRQ. In the case in which + a tie breaker is present on both sides and the value is equal, + both sides MUST discard their control connections and restart + control connection negotiation with a new, random tie breaker + value. + + If a tie breaker is received and an outstanding SCCRQ has no tie + breaker value, the initiator that included the Control Connection + Tie Breaker AVP "wins". If neither side issues a tie breaker, + then two separate control connections are opened. + + Applications that employ a distinct and well-known initiator have + no need for tie breaking, and MAY omit this AVP or disable tie + breaking functionality. Applications that require tie breaking + also require that an LCCE be uniquely identifiable upon receipt of + an SCCRQ. For L2TP over IP, this MUST be accomplished via the + Router ID AVP. + + + +Lau, et al. Standards Track [Page 43] + +RFC 3931 L2TPv3 March 2005 + + + Note that in [RFC2661], this AVP is referred to as the "Tie + Breaker AVP" and is applicable only to a control connection. In + L2TPv3, the AVP serves the same purpose of tie breaking, but is + applicable to a control connection or a session. The Control + Connection Tie Breaker AVP (present only in Control Connection + messages) and Session Tie Breaker AVP (present only in Session + messages), are described separately in this document, but share + the same Attribute type of 5. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + length of this AVP is 14. + + Host Name (SCCRQ, SCCRP) + + The Host Name AVP, Attribute Type 7, indicates the name of the + issuing LAC or LNS, encoded in the US-ASCII charset. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Host Name ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Host Name is of arbitrary length, but MUST be at least 1 + octet. + + This name should be as broadly unique as possible; for hosts + participating in DNS [RFC1034], a host name with fully qualified + domain would be appropriate. The Host Name AVP and/or Router ID + AVP MUST be used to identify an LCCE as described in Section 3.3. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length of this AVP is 6 plus the length of the Host Name. + + Router ID (SCCRQ, SCCRP) + + The Router ID AVP, Attribute Type 60, is an identifier used to + identify an LCCE for control connection setup, tie breaking, + and/or tunnel authentication. + + + + + + + + +Lau, et al. Standards Track [Page 44] + +RFC 3931 L2TPv3 March 2005 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Router Identifier | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Router Identifier is a 4-octet unsigned integer. Its value is + unique for a given LCCE, per Section 8.1 of [RFC2072]. The Host + Name AVP and/or Router ID AVP MUST be used to identify an LCCE as + described in Section 3.3. + + Implementations MUST NOT assume that Router Identifier is a valid + IP address. The Router Identifier for L2TP over IPv6 can be + obtained from an IPv4 address (if available) or via unspecified + implementation-specific means. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length of this AVP is 10. + + Vendor Name (SCCRQ, SCCRP) + + The Vendor Name AVP, Attribute Type 8, contains a vendor-specific + (possibly human-readable) string describing the type of LAC or LNS + being used. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Vendor Name ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Vendor Name is the indicated number of octets representing the + vendor string. Human-readable text for this AVP MUST be provided + in the US-ASCII charset [RFC1958, RFC2277]. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 6 plus the length of the + Vendor Name. + + + + + + + +Lau, et al. Standards Track [Page 45] + +RFC 3931 L2TPv3 March 2005 + + + Assigned Control Connection ID (SCCRQ, SCCRP, StopCCN) + + The Assigned Control Connection ID AVP, Attribute Type 61, + contains the ID being assigned to this control connection by the + sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assigned Control Connection ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Assigned Control Connection ID is a 4-octet non-zero unsigned + integer. + + The Assigned Control Connection ID AVP establishes the identifier + used to multiplex and demultiplex multiple control connections + between a pair of LCCEs. Once the Assigned Control Connection ID + AVP has been received by an LCCE, the Control Connection ID + specified in the AVP MUST be included in the Control Connection ID + field of all control packets sent to the peer for the lifetime of + the control connection. Before the Assigned Control Connection ID + AVP is received from a peer, all control messages MUST be sent to + that peer with a Control Connection ID value of 0 in the header. + Because a Control Connection ID value of 0 is used in this special + manner, the zero value MUST NOT be sent as an Assigned Control + Connection ID value. + + Under certain circumstances, an LCCE may need to send a StopCCN to + a peer without having yet received an Assigned Control Connection + ID AVP from the peer (i.e., SCCRQ sent, no SCCRP received yet). + In this case, the Assigned Control Connection ID AVP that had been + sent to the peer earlier (i.e., in the SCCRQ) MUST be sent as the + Assigned Control Connection ID AVP in the StopCCN. This policy + allows the peer to try to identify the appropriate control + connection via a reverse lookup. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 10. + + Receive Window Size (SCCRQ, SCCRP) + + The Receive Window Size AVP, Attribute Type 10, specifies the + receive window size being offered to the remote peer. + + + + +Lau, et al. Standards Track [Page 46] + +RFC 3931 L2TPv3 March 2005 + + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Window Size | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Window Size is a 2-octet unsigned integer. + + If absent, the peer must assume a Window Size of 4 for its + transmit window. + + The remote peer may send the specified number of control messages + before it must wait for an acknowledgment. See Section 4.2 for + more information on reliable control message delivery. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length of this AVP is 8. + + Pseudowire Capabilities List (SCCRQ, SCCRP) + + The Pseudowire Capabilities List (PW Capabilities List) AVP, + Attribute Type 62, indicates the L2 payload types the sender can + support. The specific payload type of a given session is + identified by the Pseudowire Type AVP. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PW Type 0 | ... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ... | PW Type N | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Defined PW types that may appear in this list are managed by IANA + and will appear in associated pseudowire-specific documents for + each PW type. + + If a sender includes a given PW type in the PW Capabilities List + AVP, the sender assumes full responsibility for supporting that + particular payload, such as any payload-specific AVPs, L2-Specific + Sublayer, or control messages that may be defined in the + appropriate companion document. + + + + +Lau, et al. Standards Track [Page 47] + +RFC 3931 L2TPv3 March 2005 + + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 8 octets with one PW type + specified, plus 2 octets for each additional PW type. + + Preferred Language (SCCRQ, SCCRP) + + The Preferred Language AVP, Attribute Type 72, provides a method + for an LCCE to indicate to the peer the language in which human- + readable messages it sends SHOULD be composed. This AVP contains + a single language tag or language range [RFC3066]. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Preferred Language... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Preferred Language is the indicated number of octets + representing the language tag or language range, encoded in the + US-ASCII charset. + + It is not required to send a Preferred Language AVP. If (1) an + LCCE does not signify a language preference by the inclusion of + this AVP in the SCCRQ or SCCRP, (2) the Preferred Language AVP is + unrecognized, or (3) the requested language is not supported by + the peer LCCE, the default language [RFC2277] MUST be used for all + internationalized strings sent by the peer. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 6 plus the length of the + Preferred Language. + +5.4.4. Session Management AVPs + + Local Session ID (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN, CDN, WEN, SLI) + + The Local Session ID AVP (analogous to the Assigned Session ID in + L2TPv2), Attribute Type 63, contains the identifier being assigned + to this session by the sender. + + + + + + + + +Lau, et al. Standards Track [Page 48] + +RFC 3931 L2TPv3 March 2005 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Local Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Local Session ID is a 4-octet non-zero unsigned integer. + + The Local Session ID AVP establishes the two identifiers used to + multiplex and demultiplex sessions between two LCCEs. Each LCCE + chooses any free value it desires, and sends it to the remote LCCE + using this AVP. The remote LCCE MUST then send all data packets + associated with this session using this value. Additionally, for + all session-oriented control messages sent after this AVP is + received (e.g., ICRP, ICCN, CDN, SLI, etc.), the remote LCCE MUST + echo this value in the Remote Session ID AVP. + + Note that a Session ID value is unidirectional. Because each LCCE + chooses its Session ID independent of its peer LCCE, the value + does not have to match in each direction for a given session. + + See Section 4.1 for additional information about the Session ID. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be 1 set to 1, but MAY vary (see Section 5.2). + The Length (before hiding) of this AVP is 10. + + Remote Session ID (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN, CDN, WEN, SLI) + + The Remote Session ID AVP, Attribute Type 64, contains the + identifier that was assigned to this session by the peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remote Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Remote Session ID is a 4-octet non-zero unsigned integer. + + The Remote Session ID AVP MUST be present in all session-level + control messages. The AVP's value echoes the session identifier + advertised by the peer via the Local Session ID AVP. It is the + same value that will be used in all transmitted data messages by + + + +Lau, et al. Standards Track [Page 49] + +RFC 3931 L2TPv3 March 2005 + + + this side of the session. In most cases, this identifier is + sufficient for the peer to look up session-level context for this + control message. + + When a session-level control message must be sent to the peer + before the Local Session ID AVP has been received, the value of + the Remote Session ID AVP MUST be set to zero. Additionally, the + Local Session ID AVP (sent in a previous control message for this + session) MUST be included in the control message. The peer must + then use the Local Session ID AVP to perform a reverse lookup to + find its session context. Session-level control messages defined + in this document that might be subject to a reverse lookup by a + receiving peer include the CDN, WEN, and SLI. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 10. + + Assigned Cookie (ICRQ, ICRP, OCRQ, OCRP) + + The Assigned Cookie AVP, Attribute Type 65, contains the Cookie + value being assigned to this session by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assigned Cookie (32 or 64 bits) ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Assigned Cookie is a 4-octet or 8-octet random value. + + The Assigned Cookie AVP contains the value used to check the + association of a received data message with the session identified + by the Session ID. All data messages sent to a peer MUST use the + Assigned Cookie sent by the peer in this AVP. The value's length + (0, 32, or 64 bits) is obtained by the length of the AVP. + + A missing Assigned Cookie AVP or Assigned Cookie Value of zero + length indicates that the Cookie field should not be present in + any data packets sent to the LCCE sending this AVP. + + See Section 4.1 for additional information about the Assigned + Cookie. + + + + + + +Lau, et al. Standards Track [Page 50] + +RFC 3931 L2TPv3 March 2005 + + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP may be 6, 10, or 14 octets. + + Serial Number (ICRQ, OCRQ) + + The Serial Number AVP, Attribute Type 15, contains an identifier + assigned by the LAC or LNS to this session. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Serial Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Serial Number is a 32-bit value. + + The Serial Number is intended to be an easy reference for + administrators on both ends of a control connection to use when + investigating session failure problems. Serial Numbers should be + set to progressively increasing values, which are likely to be + unique for a significant period of time across all interconnected + LNSs and LACs. + + Note that in RFC 2661, this value was referred to as the "Call + Serial Number AVP". It serves the same purpose and has the same + attribute value and composition. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 10. + + Remote End ID (ICRQ, OCRQ) + + The Remote End ID AVP, Attribute Type 66, contains an identifier + used to bind L2TP sessions to a given circuit, interface, or + bridging instance. It also may be used to detect session-level + ties. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Remote End Identifier ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Lau, et al. Standards Track [Page 51] + +RFC 3931 L2TPv3 March 2005 + + + The Remote End Identifier field is a variable-length field whose + value is unique for a given LCCE peer, as described in Section + 3.3. + + A session-level tie is detected if an LCCE receives an ICRQ or + OCRQ with an End ID AVP whose value matches that which was just + sent in an outgoing ICRQ or OCRQ to the same peer. If the two + values match, an LCCE recognizes that a tie exists (i.e., both + LCCEs are attempting to establish sessions for the same circuit). + The tie is broken by the Session Tie Breaker AVP. + + By default, the LAC-LAC cross-connect application (see Section + 2(b)) of L2TP over an IP network MUST utilize the Router ID AVP + and Remote End ID AVP to associate a circuit to an L2TP session. + Other AVPs MAY be used for LCCE or circuit identification as + specified in companion documents. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 6 plus the length of the + Remote End Identifier value. + + Session Tie Breaker (ICRQ, OCRQ) + + The Session Tie Breaker AVP, Attribute Type 5, is used to break + ties when two peers concurrently attempt to establish a session + for the same circuit. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Session Tie Breaker Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... (64 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Session Tie Breaker Value is an 8-octet random value that is + used to choose a session when two LCCEs concurrently request a + session for the same circuit. A tie is detected by examining the + peer's identity (described in Section 3.3) plus the per-session + shared value communicated via the End ID AVP. In the case of a + tie, the recipient of an ICRQ or OCRQ must compare the received + tie breaker value with the one that it sent earlier. The LCCE + with the lower value "wins" and MUST send a CDN with result code + set to 13 (as defined in Section 5.4.2) in response to the losing + ICRQ or OCRQ. In the case in which a tie is detected, tie + + + +Lau, et al. Standards Track [Page 52] + +RFC 3931 L2TPv3 March 2005 + + + breakers are sent by both sides, and the tie breaker values are + equal, both sides MUST discard their sessions and restart session + negotiation with new random tie breaker values. + + If a tie is detected but only one side sends a Session Tie Breaker + AVP, the session initiator that included the Session Tie Breaker + AVP "wins". If neither side issues a tie breaker, then both sides + MUST tear down the session. + + This AVP MUST NOT be hidden (the H bit MUST be 0). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length of this AVP is 14. + + Pseudowire Type (ICRQ, OCRQ) + + The Pseudowire Type (PW Type) AVP, Attribute Type 68, indicates + the L2 payload type of the packets that will be tunneled using + this L2TP session. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PW Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + A peer MUST NOT request an incoming or outgoing call with a PW + Type AVP specifying a value not advertised in the PW Capabilities + List AVP it received during control connection establishment. + Attempts to do so MUST result in the call being rejected via a CDN + with the Result Code set to 14 (see Section 5.4.2). + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 8. + + L2-Specific Sublayer (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN) + + The L2-Specific Sublayer AVP, Attribute Type 69, indicates the + presence and format of the L2-Specific Sublayer the sender of this + AVP requires on all incoming data packets for this L2TP session. + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | L2-Specific Sublayer Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + +Lau, et al. Standards Track [Page 53] + +RFC 3931 L2TPv3 March 2005 + + + The L2-Specific Sublayer Type is a 2-octet unsigned integer with + the following values defined in this document: + + 0 - There is no L2-Specific Sublayer present. + 1 - The Default L2-Specific Sublayer (defined in Section 4.6) + is used. + + If this AVP is received and has a value other than zero, the + receiving LCCE MUST include the identified L2-Specific Sublayer in + its outgoing data messages. If the AVP is not received, it is + assumed that there is no sublayer present. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 8. + + Data Sequencing (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN) + + The Data Sequencing AVP, Attribute Type 70, indicates that the + sender requires some or all of the data packets that it receives + to be sequenced. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Data Sequencing Level | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Data Sequencing Level is a 2-octet unsigned integer indicating + the degree of incoming data traffic that the sender of this AVP + wishes to be marked with sequence numbers. + + Defined Data Sequencing Levels are as follows: + + 0 - No incoming data packets require sequencing. + 1 - Only non-IP data packets require sequencing. + 2 - All incoming data packets require sequencing. + + If a Data Sequencing Level of 0 is specified, there is no need to + send packets with sequence numbers. If sequence numbers are sent, + they will be ignored upon receipt. If no Data Sequencing AVP is + received, a Data Sequencing Level of 0 is assumed. + + If a Data Sequencing Level of 1 is specified, only non-IP traffic + carried within the tunneled L2 frame should have sequence numbers + applied. Non-IP traffic here refers to any packets that cannot be + + + +Lau, et al. Standards Track [Page 54] + +RFC 3931 L2TPv3 March 2005 + + + classified as an IP packet within their respective L2 framing + (e.g., a PPP control packet or NETBIOS frame encapsulated by Frame + Relay before being tunneled). All traffic that can be classified + as IP MUST be sent with no sequencing (i.e., the S bit in the L2- + Specific Sublayer is set to zero). If a packet is unable to be + classified at all (e.g., because it has been compressed or + encrypted at layer 2) or if an implementation is unable to perform + such classification within L2 frames, all packets MUST be provided + with sequence numbers (essentially falling back to a Data + Sequencing Level of 2). + + If a Data Sequencing Level of 2 is specified, all traffic MUST be + sequenced. + + Data sequencing may only be requested when there is an L2-Specific + Sublayer present that can provide sequence numbers. If sequencing + is requested without requesting a L2-Specific Sublayer AVP, the + session MUST be disconnected with a Result Code of 15 (see Section + 5.4.2). + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 8. + + Tx Connect Speed (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN) + + The Tx Connect Speed BPS AVP, Attribute Type 74, contains the + speed of the facility chosen for the connection attempt. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Connect Speed in bps... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ...Connect Speed in bps (64 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Tx Connect Speed BPS is an 8-octet value indicating the speed + in bits per second. A value of zero indicates that the speed is + indeterminable or that there is no physical point-to-point link. + + When the optional Rx Connect Speed AVP is present, the value in + this AVP represents the transmit connect speed from the + perspective of the LAC (i.e., data flowing from the LAC to the + remote system). When the optional Rx Connect Speed AVP is NOT + present, the connection speed between the remote system and LAC is + + + +Lau, et al. Standards Track [Page 55] + +RFC 3931 L2TPv3 March 2005 + + + assumed to be symmetric and is represented by the single value in + this AVP. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 14. + + Rx Connect Speed (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN) + + The Rx Connect Speed AVP, Attribute Type 75, represents the speed + of the connection from the perspective of the LAC (i.e., data + flowing from the remote system to the LAC). + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Connect Speed in bps... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ...Connect Speed in bps (64 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Connect Speed BPS is an 8-octet value indicating the speed in bits + per second. A value of zero indicates that the speed is + indeterminable or that there is no physical point-to-point link. + + Presence of this AVP implies that the connection speed may be + asymmetric with respect to the transmit connect speed given in the + Tx Connect Speed AVP. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 14. + + Physical Channel ID (ICRQ, ICRP, OCRP) + + The Physical Channel ID AVP, Attribute Type 25, contains the + vendor-specific physical channel number used for a call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Physical Channel ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Lau, et al. Standards Track [Page 56] + +RFC 3931 L2TPv3 March 2005 + + + Physical Channel ID is a 4-octet value intended to be used for + logging purposes only. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 10. + +5.4.5. Circuit Status AVPs + + Circuit Status (ICRQ, ICRP, ICCN, OCRQ, OCRP, OCCN, SLI) + + The Circuit Status AVP, Attribute Type 71, indicates the initial + status of or a status change in the circuit to which the session + is bound. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved |N|A| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The A (Active) bit indicates whether the circuit is + up/active/ready (1) or down/inactive/not-ready (0). + + The N (New) bit indicates whether the circuit status indication is + for a new circuit (1) or an existing circuit (0). Links that have + a similar mechanism available (e.g., Frame Relay) MUST map the + setting of this bit to the associated signaling for that link. + Otherwise, the New bit SHOULD still be set the first time the L2TP + session is established after provisioning. + + The remaining bits are reserved for future use. Reserved bits + MUST be set to 0 when sending and ignored upon receipt. + + The Circuit Status AVP is used to advertise whether a circuit or + interface bound to an L2TP session is up and ready to send and/or + receive traffic. Different circuit types have different names for + status types. For example, HDLC primary and secondary stations + refer to a circuit as being "Receive Ready" or "Receive Not + Ready", while Frame Relay refers to a circuit as "Active" or + "Inactive". This AVP adopts the latter terminology, though the + concept remains the same regardless of the PW type for the L2TP + session. + + + + + + +Lau, et al. Standards Track [Page 57] + +RFC 3931 L2TPv3 March 2005 + + + In the simplest case, the circuit to which this AVP refers is a + single physical interface, port, or circuit, depending on the + application and the session setup. The status indication in this + AVP may then be used to provide simple ILMI interworking for a + variety of circuit types. For virtual or multipoint interfaces, + the Circuit Status AVP is still utilized, but in this case, it + refers to the state of an internal structure or a logical set of + circuits. Each PW-specific companion document MUST specify + precisely how this AVP is translated for each circuit type. + + If this AVP is received with a Not Active notification for a given + L2TP session, all data traffic for that session MUST cease (or not + begin) in the direction of the sender of the Circuit Status AVP + until the circuit is advertised as Active. + + The Circuit Status MUST be advertised by this AVP in ICRQ, ICRP, + OCRQ, and OCRP messages. Often, the circuit type will be marked + Active when initiated, but subsequently MAY be advertised as + Inactive. This indicates that an L2TP session is to be created, + but that the interface or circuit is still not ready to pass + traffic. The ICCN, OCCN, and SLI control messages all MAY contain + this AVP to update the status of the circuit after establishment + of the L2TP session is requested. + + If additional circuit status information is needed for a given PW + type, any new PW-specific AVPs MUST be defined in a separate + document. This AVP is only for general circuit status information + generally applicable to all circuit/interface types. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 1, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 8. + + Circuit Errors (WEN) + + The Circuit Errors AVP, Attribute Type 34, conveys circuit error + information to the peer. + + + + + + + + + + + + + + +Lau, et al. Standards Track [Page 58] + +RFC 3931 L2TPv3 March 2005 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- + | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Hardware Overruns | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Buffer Overruns | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Timeout Errors | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Alignment Errors | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The following fields are defined: + + Reserved: 2 octets of Reserved data is present (providing longword + alignment within the AVP of the following values). Reserved + data MUST be zero on sending and ignored upon receipt. + Hardware Overruns: Number of receive buffer overruns since call + was established. + Buffer Overruns: Number of buffer overruns detected since call was + established. + Timeout Errors: Number of timeouts since call was established. + Alignment Errors: Number of alignment errors since call was + established. + + This AVP MAY be hidden (the H bit MAY be 0 or 1). The M bit for + this AVP SHOULD be set to 0, but MAY vary (see Section 5.2). The + Length (before hiding) of this AVP is 32. + +6. Control Connection Protocol Specification + + The following control messages are used to establish, maintain, and + tear down L2TP control connections. All data packets are sent in + network order (high-order octets first). Any "reserved" or "empty" + fields MUST be sent as 0 values to allow for protocol extensibility. + + The exchanges in which these messages are involved are outlined in + Section 3.3. + + + + + + + + + +Lau, et al. Standards Track [Page 59] + +RFC 3931 L2TPv3 March 2005 + + +6.1. Start-Control-Connection-Request (SCCRQ) + + Start-Control-Connection-Request (SCCRQ) is a control message used to + initiate a control connection between two LCCEs. It is sent by + either the LAC or the LNS to begin the control connection + establishment process. + + The following AVPs MUST be present in the SCCRQ: + + Message Type + Host Name + Router ID + Assigned Control Connection ID + Pseudowire Capabilities List + + The following AVPs MAY be present in the SCCRQ: + + Random Vector + Control Message Authentication Nonce + Message Digest + Control Connection Tie Breaker + Vendor Name + Receive Window Size + Preferred Language + +6.2. Start-Control-Connection-Reply (SCCRP) + + Start-Control-Connection-Reply (SCCRP) is the control message sent in + reply to a received SCCRQ message. The SCCRP is used to indicate + that the SCCRQ was accepted and that establishment of the control + connection should continue. + + The following AVPs MUST be present in the SCCRP: + + Message Type + Host Name + Router ID + Assigned Control Connection ID + Pseudowire Capabilities List + + The following AVPs MAY be present in the SCCRP: + + Random Vector + Control Message Authentication Nonce + Message Digest + Vendor Name + Receive Window Size + Preferred Language + + + +Lau, et al. Standards Track [Page 60] + +RFC 3931 L2TPv3 March 2005 + + +6.3. Start-Control-Connection-Connected (SCCCN) + + Start-Control-Connection-Connected (SCCCN) is the control message + sent in reply to an SCCRP. The SCCCN completes the control + connection establishment process. + + The following AVP MUST be present in the SCCCN: + + Message Type + + The following AVP MAY be present in the SCCCN: + + Random Vector + Message Digest + +6.4. Stop-Control-Connection-Notification (StopCCN) + + Stop-Control-Connection-Notification (StopCCN) is the control message + sent by either LCCE to inform its peer that the control connection is + being shut down and that the control connection should be closed. In + addition, all active sessions are implicitly cleared (without sending + any explicit session control messages). The reason for issuing this + request is indicated in the Result Code AVP. There is no explicit + reply to the message, only the implicit ACK that is received by the + reliable control message delivery layer. + + The following AVPs MUST be present in the StopCCN: + + Message Type + Result Code + + The following AVPs MAY be present in the StopCCN: + + Random Vector + Message Digest + Assigned Control Connection ID + + Note that the Assigned Control Connection ID MUST be present if the + StopCCN is sent after an SCCRQ or SCCRP message has been sent. + +6.5. Hello (HELLO) + + The Hello (HELLO) message is an L2TP control message sent by either + peer of a control connection. This control message is used as a + "keepalive" for the control connection. See Section 4.2 for a + description of the keepalive mechanism. + + + + + +Lau, et al. Standards Track [Page 61] + +RFC 3931 L2TPv3 March 2005 + + + HELLO messages are global to the control connection. The Session ID + in a HELLO message MUST be 0. + + The following AVP MUST be present in the HELLO: + + Message Type + + The following AVP MAY be present in the HELLO: + + Random Vector + Message Digest + +6.6. Incoming-Call-Request (ICRQ) + + Incoming-Call-Request (ICRQ) is the control message sent by an LCCE + to a peer when an incoming call is detected (although the ICRQ may + also be sent as a result of a local event). It is the first in a + three-message exchange used for establishing a session via an L2TP + control connection. + + The ICRQ is used to indicate that a session is to be established + between an LCCE and a peer. The sender of an ICRQ provides the peer + with parameter information for the session. However, the sender + makes no demands about how the session is terminated at the peer + (i.e., whether the L2 traffic is processed locally, forwarded, etc.). + + The following AVPs MUST be present in the ICRQ: + + Message Type + Local Session ID + Remote Session ID + Serial Number + Pseudowire Type + Remote End ID + Circuit Status + + The following AVPs MAY be present in the ICRQ: + + Random Vector + Message Digest + Assigned Cookie + Session Tie Breaker + L2-Specific Sublayer + Data Sequencing + Tx Connect Speed + Rx Connect Speed + Physical Channel ID + + + + +Lau, et al. Standards Track [Page 62] + +RFC 3931 L2TPv3 March 2005 + + +6.7. Incoming-Call-Reply (ICRP) + + Incoming-Call-Reply (ICRP) is the control message sent by an LCCE in + response to a received ICRQ. It is the second in the three-message + exchange used for establishing sessions within an L2TP control + connection. + + The ICRP is used to indicate that the ICRQ was successful and that + the peer should establish (i.e., answer) the incoming call if it has + not already done so. It also allows the sender to indicate specific + parameters about the L2TP session. + + The following AVPs MUST be present in the ICRP: + + Message Type + Local Session ID + Remote Session ID + Circuit Status + + The following AVPs MAY be present in the ICRP: + + Random Vector + Message Digest + Assigned Cookie + L2-Specific Sublayer + Data Sequencing + Tx Connect Speed + Rx Connect Speed + Physical Channel ID + +6.8. Incoming-Call-Connected (ICCN) + + Incoming-Call-Connected (ICCN) is the control message sent by the + LCCE that originally sent an ICRQ upon receiving an ICRP from its + peer. It is the final message in the three-message exchange used for + establishing L2TP sessions. + + The ICCN is used to indicate that the ICRP was accepted, that the + call has been established, and that the L2TP session should move to + the established state. It also allows the sender to indicate + specific parameters about the established call (parameters that may + not have been available at the time the ICRQ was issued). + + The following AVPs MUST be present in the ICCN: + + Message Type + Local Session ID + Remote Session ID + + + +Lau, et al. Standards Track [Page 63] + +RFC 3931 L2TPv3 March 2005 + + + The following AVPs MAY be present in the ICCN: + + Random Vector + Message Digest + L2-Specific Sublayer + Data Sequencing + Tx Connect Speed + Rx Connect Speed + Circuit Status + +6.9. Outgoing-Call-Request (OCRQ) + + Outgoing-Call-Request (OCRQ) is the control message sent by an LCCE + to an LAC to indicate that an outbound call at the LAC is to be + established based on specific destination information sent in this + message. It is the first in a three-message exchange used for + establishing a session and placing a call on behalf of the initiating + LCCE. + + Note that a call may be any L2 connection requiring well-known + destination information to be sent from an LCCE to an LAC. This call + could be a dialup connection to the PSTN, an SVC connection, the IP + address of another LCCE, or any other destination dictated by the + sender of this message. + + The following AVPs MUST be present in the OCRQ: + + Message Type + Local Session ID + Remote Session ID + Serial Number + Pseudowire Type + Remote End ID + Circuit Status + + The following AVPs MAY be present in the OCRQ: + + Random Vector + Message Digest + Assigned Cookie + Tx Connect Speed + Rx Connect Speed + Session Tie Breaker + L2-Specific Sublayer + Data Sequencing + + + + + + +Lau, et al. Standards Track [Page 64] + +RFC 3931 L2TPv3 March 2005 + + +6.10. Outgoing-Call-Reply (OCRP) + + Outgoing-Call-Reply (OCRP) is the control message sent by an LAC to + an LCCE in response to a received OCRQ. It is the second in a + three-message exchange used for establishing a session within an L2TP + control connection. + + OCRP is used to indicate that the LAC has been able to attempt the + outbound call. The message returns any relevant parameters regarding + the call attempt. Data MUST NOT be forwarded until the OCCN is + received, which indicates that the call has been placed. + + The following AVPs MUST be present in the OCRP: + + Message Type + Local Session ID + Remote Session ID + Circuit Status + + The following AVPs MAY be present in the OCRP: + + Random Vector + Message Digest + Assigned Cookie + L2-Specific Sublayer + Tx Connect Speed + Rx Connect Speed + Data Sequencing + Physical Channel ID + +6.11. Outgoing-Call-Connected (OCCN) + + Outgoing-Call-Connected (OCCN) is the control message sent by an LAC + to another LCCE after the OCRP and after the outgoing call has been + completed. It is the final message in a three-message exchange used + for establishing a session. + + OCCN is used to indicate that the result of a requested outgoing call + was successful. It also provides information to the LCCE who + requested the call about the particular parameters obtained after the + call was established. + + The following AVPs MUST be present in the OCCN: + + Message Type + Local Session ID + Remote Session ID + + + + +Lau, et al. Standards Track [Page 65] + +RFC 3931 L2TPv3 March 2005 + + + The following AVPs MAY be present in the OCCN: + + Random Vector + Message Digest + L2-Specific Sublayer + Tx Connect Speed + Rx Connect Speed + Data Sequencing + Circuit Status + +6.12. Call-Disconnect-Notify (CDN) + + The Call-Disconnect-Notify (CDN) is a control message sent by an LCCE + to request disconnection of a specific session. Its purpose is to + inform the peer of the disconnection and the reason for the + disconnection. The peer MUST clean up any resources, and does not + send back any indication of success or failure for such cleanup. + + The following AVPs MUST be present in the CDN: + + Message Type + Result Code + Local Session ID + Remote Session ID + + The following AVP MAY be present in the CDN: + + Random Vector + Message Digest + +6.13. WAN-Error-Notify (WEN) + + The WAN-Error-Notify (WEN) is a control message sent from an LAC to + an LNS to indicate WAN error conditions. The counters in this + message are cumulative. This message should only be sent when an + error occurs, and not more than once every 60 seconds. The counters + are reset when a new call is established. + + The following AVPs MUST be present in the WEN: + + Message Type + Local Session ID + Remote Session ID + Circuit Errors + + + + + + + +Lau, et al. Standards Track [Page 66] + +RFC 3931 L2TPv3 March 2005 + + + The following AVP MAY be present in the WEN: + + Random Vector + Message Digest + +6.14. Set-Link-Info (SLI) + + The Set-Link-Info control message is sent by an LCCE to convey link + or circuit status change information regarding the circuit associated + with this L2TP session. For example, if PPP renegotiates LCP at an + LNS or between an LAC and a Remote System, or if a forwarded Frame + Relay VC transitions to Active or Inactive at an LAC, an SLI message + SHOULD be sent to indicate this event. Precise details of when the + SLI is sent, what PW type-specific AVPs must be present, and how + those AVPs should be interpreted by the receiving peer are outside + the scope of this document. These details should be described in the + associated pseudowire-specific documents that require use of this + message. + + The following AVPs MUST be present in the SLI: + + Message Type + Local Session ID + Remote Session ID + + The following AVPs MAY be present in the SLI: + + Random Vector + Message Digest + Circuit Status + +6.15. Explicit-Acknowledgement (ACK) + + The Explicit Acknowledgement (ACK) message is used only to + acknowledge receipt of a message or messages on the control + connection (e.g., for purposes of updating Ns and Nr values). + Receipt of this message does not trigger an event for the L2TP + protocol state machine. + + A message received without any AVPs (including the Message Type AVP), + is referred to as a Zero Length Body (ZLB) message, and serves the + same function as the Explicit Acknowledgement. ZLB messages are only + permitted when Control Message Authentication defined in Section 4.3 + is not enabled. + + + + + + + +Lau, et al. Standards Track [Page 67] + +RFC 3931 L2TPv3 March 2005 + + + The following AVPs MAY be present in the ACK message: + + Message Type + Message Digest + +7. Control Connection State Machines + + The state tables defined in this section govern the exchange of + control messages defined in Section 6. Tables are defined for + incoming call placement and outgoing call placement, as well as for + initiation of the control connection itself. The state tables do not + encode timeout and retransmission behavior, as this is handled in the + underlying reliable control message delivery mechanism (see Section + 4.2). + +7.1. Malformed AVPs and Control Messages + + Receipt of an invalid or unrecoverable malformed control message + SHOULD be logged appropriately and the control connection cleared to + ensure recovery to a known state. The control connection may then be + restarted by the initiator. + + An invalid control message is defined as (1) a message that contains + a Message Type marked as mandatory (see Section 5.4.1) but that is + unknown to the implementation, or (2) a control message that is + received in the wrong state. + + Examples of malformed control messages include (1) a message that has + an invalid value in its header, (2) a message that contains an AVP + that is formatted incorrectly or whose value is out of range, and (3) + a message that is missing a required AVP. A control message with a + malformed header MUST be discarded. + + When possible, a malformed AVP should be treated as an unrecognized + AVP (see Section 5.2). Thus, an attempt to inspect the M bit SHOULD + be made to determine the importance of the malformed AVP, and thus, + the severity of the malformation to the entire control message. If + the M bit can be reasonably inspected within the malformed AVP and is + determined to be set, then as with an unrecognized AVP, the + associated session or control connection MUST be shut down. If the M + bit is inspected and is found to be 0, the AVP MUST be ignored + (assuming recovery from the AVP malformation is indeed possible). + + This policy must not be considered as a license to send malformed + AVPs, but rather, as a guide towards how to handle an improperly + formatted message if one is received. It is impossible to list all + potential malformations of a given message and give advice for each. + One example of a malformed AVP situation that should be recoverable + + + +Lau, et al. Standards Track [Page 68] + +RFC 3931 L2TPv3 March 2005 + + + is if the Rx Connect Speed AVP is received with a length of 10 rather + than 14, implying that the connect speed bits-per-second is being + formatted in 4 octets rather than 8. If the AVP does not have its M + bit set (as would typically be the case), this condition is not + considered catastrophic. As such, the control message should be + accepted as though the AVP were not present (though a local error + message may be logged). + + + In several cases in the following tables, a protocol message is sent, + and then a "clean up" occurs. Note that, regardless of the initiator + of the control connection destruction, the reliable delivery + mechanism must be allowed to run (see Section 4.2) before destroying + the control connection. This permits the control connection + management messages to be reliably delivered to the peer. + + Appendix B.1 contains an example of lock-step control connection + establishment. + +7.2. Control Connection States + + The L2TP control connection protocol is not distinguishable between + the two LCCEs but is distinguishable between the originator and + receiver. The originating peer is the one that first initiates + establishment of the control connection. (In a tie breaker + situation, this is the winner of the tie.) Since either the LAC or + the LNS can be the originator, a collision can occur. See the + Control Connection Tie Breaker AVP in Section 5.4.3 for a description + of this and its resolution. + + State Event Action New State + ----- ----- ------ --------- + idle Local open Send SCCRQ wait-ctl-reply + request + + idle Receive SCCRQ, Send SCCRP wait-ctl-conn + acceptable + + idle Receive SCCRQ, Send StopCCN, idle + not acceptable clean up + + idle Receive SCCRP Send StopCCN, idle + clean up + + idle Receive SCCCN Send StopCCN, idle + clean up + + + + + +Lau, et al. Standards Track [Page 69] + +RFC 3931 L2TPv3 March 2005 + + + wait-ctl-reply Receive SCCRP, Send SCCCN, established + acceptable send control-conn + open event to + waiting sessions + + wait-ctl-reply Receive SCCRP, Send StopCCN, idle + not acceptable clean up + + wait-ctl-reply Receive SCCRQ, Send SCCRP, wait-ctl-conn + lose tie breaker, Clean up losing + SCCRQ acceptable connection + + wait-ctl-reply Receive SCCRQ, Send StopCCN, idle + lose tie breaker, Clean up losing + SCCRQ unacceptable connection + + wait-ctl-reply Receive SCCRQ, Send StopCCN for wait-ctl-reply + win tie breaker losing connection + + wait-ctl-reply Receive SCCCN Send StopCCN, idle + clean up + + wait-ctl-conn Receive SCCCN, Send control-conn established + acceptable open event to + waiting sessions + + wait-ctl-conn Receive SCCCN, Send StopCCN, idle + not acceptable clean up + + wait-ctl-conn Receive SCCRQ, Send StopCCN, idle + SCCRP clean up + + established Local open Send control-conn established + request open event to + (new call) waiting sessions + + established Administrative Send StopCCN, idle + control-conn clean up + close event + + established Receive SCCRQ, Send StopCCN, idle + SCCRP, SCCCN clean up + + idle, Receive StopCCN Clean up idle + wait-ctl-reply, + wait-ctl-conn, + established + + + + +Lau, et al. Standards Track [Page 70] + +RFC 3931 L2TPv3 March 2005 + + + The states associated with an LCCE for control connection + establishment are as follows: + + idle + Both initiator and recipient start from this state. An initiator + transmits an SCCRQ, while a recipient remains in the idle state + until receiving an SCCRQ. + + wait-ctl-reply + The originator checks to see if another connection has been + requested from the same peer, and if so, handles the collision + situation described in Section 5.4.3. + + wait-ctl-conn + Awaiting an SCCCN. If the SCCCN is valid, the control connection + is established; otherwise, it is torn down (sending a StopCCN with + the proper result and/or error code). + + established + An established connection may be terminated by either a local + condition or the receipt of a StopCCN. In the event of a local + termination, the originator MUST send a StopCCN and clean up the + control connection. If the originator receives a StopCCN, it MUST + also clean up the control connection. + +7.3. Incoming Calls + + An ICRQ is generated by an LCCE, typically in response to an incoming + call or a local event. Once the LCCE sends the ICRQ, it waits for a + response from the peer. However, it may choose to postpone + establishment of the call (e.g., answering the call, bringing up the + circuit) until the peer has indicated with an ICRP that it will + accept the call. The peer may choose not to accept the call if, for + instance, there are insufficient resources to handle an additional + session. + + If the peer chooses to accept the call, it responds with an ICRP. + When the local LCCE receives the ICRP, it attempts to establish the + call. A final call connected message, the ICCN, is sent from the + local LCCE to the peer to indicate that the call states for both + LCCEs should enter the established state. If the call is terminated + before the peer can accept it, a CDN is sent by the local LCCE to + indicate this condition. + + When a call transitions to a "disconnected" or "down" state, the call + is cleared normally, and the local LCCE sends a CDN. Similarly, if + the peer wishes to clear a call, it sends a CDN and cleans up its + session. + + + +Lau, et al. Standards Track [Page 71] + +RFC 3931 L2TPv3 March 2005 + + +7.3.1. ICRQ Sender States + + State Event Action New State + ----- ----- ------ --------- + + idle Call signal or Initiate local wait-control-conn + ready to receive control-conn + incoming conn open + + idle Receive ICCN, Clean up idle + ICRP, CDN + + wait-control- Bearer line drop Clean up idle + conn or local close + request + + wait-control- control-conn-open Send ICRQ wait-reply + conn + + wait-reply Receive ICRP, Send ICCN established + acceptable + + wait-reply Receive ICRP, Send CDN, idle + Not acceptable clean up + + wait-reply Receive ICRQ, Process as idle + lose tie breaker ICRQ Recipient + (Section 7.3.2) + + wait-reply Receive ICRQ, Send CDN wait-reply + win tie breaker for losing + session + + wait-reply Receive CDN, Clean up idle + ICCN + + wait-reply Local close Send CDN, idle + request clean up + + established Receive CDN Clean up idle + + established Receive ICRQ, Send CDN, idle + ICRP, ICCN clean up + + established Local close Send CDN, idle + request clean up + + + + + +Lau, et al. Standards Track [Page 72] + +RFC 3931 L2TPv3 March 2005 + + + The states associated with the ICRQ sender are as follows: + + idle + The LCCE detects an incoming call on one of its interfaces (e.g., + an analog PSTN line rings, or an ATM PVC is provisioned), or a + local event occurs. The LCCE initiates its control connection + establishment state machine and moves to a state waiting for + confirmation of the existence of a control connection. + + wait-control-conn + In this state, the session is waiting for either the control + connection to be opened or for verification that the control + connection is already open. Once an indication that the control + connection has been opened is received, session control messages + may be exchanged. The first of these messages is the ICRQ. + + wait-reply + The ICRQ sender receives either (1) a CDN indicating the peer is + not willing to accept the call (general error or do not accept) + and moves back into the idle state, or (2) an ICRP indicating the + call is accepted. In the latter case, the LCCE sends an ICCN and + enters the established state. + + established + Data is exchanged over the session. The call may be cleared by + any of the following: + + An event on the connected interface: The LCCE sends a CDN. + + Receipt of a CDN: The LCCE cleans up, disconnecting the call. + + A local reason: The LCCE sends a CDN. + +7.3.2. ICRQ Recipient States + + State Event Action New State + ----- ----- ------ --------- + idle Receive ICRQ, Send ICRP wait-connect + acceptable + + idle Receive ICRQ, Send CDN, idle + not acceptable clean up + + idle Receive ICRP Send CDN idle + clean up + + idle Receive ICCN Clean up idle + + wait-connect Receive ICCN, Prepare for established + acceptable data + + + + +Lau, et al. Standards Track [Page 73] + +RFC 3931 L2TPv3 March 2005 + + + wait-connect Receive ICCN, Send CDN, idle + not acceptable clean up + + wait-connect Receive ICRQ, Send CDN, idle + ICRP clean up + + idle, Receive CDN Clean up idle + wait-connect, + established + + wait-connect Local close Send CDN, idle + established request clean up + + established Receive ICRQ, Send CDN, idle + ICRP, ICCN clean up + + The states associated with the ICRQ recipient are as follows: + + idle + An ICRQ is received. If the request is not acceptable, a CDN is + sent back to the peer LCCE, and the local LCCE remains in the idle + state. If the ICRQ is acceptable, an ICRP is sent. The session + moves to the wait-connect state. + + wait-connect + The local LCCE is waiting for an ICCN from the peer. Upon receipt + of the ICCN, the local LCCE moves to established state. + + established + The session is terminated either by sending a CDN or by receiving + a CDN from the peer. Clean up follows on both sides regardless of + the initiator. + +7.4. Outgoing Calls + + Outgoing calls instruct an LAC to place a call. There are three + messages for outgoing calls: OCRQ, OCRP, and OCCN. An LCCE first + sends an OCRQ to an LAC to request an outgoing call. The LAC MUST + respond to the OCRQ with an OCRP once it determines that the proper + facilities exist to place the call and that the call is + administratively authorized. Once the outbound call is connected, + the LAC sends an OCCN to the peer indicating the final result of the + call attempt. + + + + + + + + +Lau, et al. Standards Track [Page 74] + +RFC 3931 L2TPv3 March 2005 + + +7.4.1. OCRQ Sender States + + State Event Action New State + ----- ----- ------ --------- + idle Local open Initiate local wait-control-conn + request control-conn-open + + idle Receive OCCN, Clean up idle + OCRP + + wait-control- control-conn-open Send OCRQ wait-reply + conn + + wait-reply Receive OCRP, none wait-connect + acceptable + + wait-reply Receive OCRP, Send CDN, idle + not acceptable clean up + + wait-reply Receive OCCN Send CDN, idle + clean up + + wait-reply Receive OCRQ, Process as idle + lose tie breaker OCRQ Recipient + (Section 7.4.2) + + wait-reply Receive OCRQ, Send CDN wait-reply + win tie breaker for losing + session + + wait-connect Receive OCCN none established + + wait-connect Receive OCRQ, Send CDN, idle + OCRP clean up + + idle, Receive CDN Clean up idle + wait-reply, + wait-connect, + established + + established Receive OCRQ, Send CDN, idle + OCRP, OCCN clean up + + wait-reply, Local close Send CDN, idle + wait-connect, request clean up + established + + + + + +Lau, et al. Standards Track [Page 75] + +RFC 3931 L2TPv3 March 2005 + + + wait-control- Local close Clean up idle + conn request + + The states associated with the OCRQ sender are as follows: + + idle, wait-control-conn + When an outgoing call request is initiated, a control connection + is created as described above, if not already present. Once the + control connection is established, an OCRQ is sent to the LAC, and + the session moves into the wait-reply state. + + wait-reply + If a CDN is received, the session is cleaned up and returns to + idle state. If an OCRP is received, the call is in progress, and + the session moves to the wait-connect state. + + wait-connect + If a CDN is received, the session is cleaned up and returns to + idle state. If an OCCN is received, the call has succeeded, and + the session may now exchange data. + + established + If a CDN is received, the session is cleaned up and returns to + idle state. Alternatively, if the LCCE chooses to terminate the + session, it sends a CDN to the LAC, cleans up the session, and + moves the session to idle state. + +7.4.2. OCRQ Recipient (LAC) States + + State Event Action New State + ----- ----- ------ --------- + idle Receive OCRQ, Send OCRP, wait-cs-answer + acceptable Place call + + idle Receive OCRQ, Send CDN, idle + not acceptable clean up + + idle Receive OCRP Send CDN, idle + clean up + + idle Receive OCCN, Clean up idle + CDN + + wait-cs-answer Call placement Send OCCN established + successful + + wait-cs-answer Call placement Send CDN, idle + failed clean up + + + +Lau, et al. Standards Track [Page 76] + +RFC 3931 L2TPv3 March 2005 + + + wait-cs-answer Receive OCRQ, Send CDN, idle + OCRP, OCCN clean up + + established Receive OCRQ, Send CDN, idle + OCRP, OCCN clean up + + wait-cs-answer, Receive CDN Clean up idle + established + + wait-cs-answer, Local close Send CDN, idle + established request clean up + + The states associated with the LAC for outgoing calls are as follows: + + idle + If the OCRQ is received in error, respond with a CDN. Otherwise, + place the call, send an OCRP, and move to the wait-cs-answer + state. + + wait-cs-answer + If the call is not completed or a timer expires while waiting for + the call to complete, send a CDN with the appropriate error + condition set, and go to idle state. If a circuit-switched + connection is established, send an OCCN indicating success, and go + to established state. + + established + If the LAC receives a CDN from the peer, the call MUST be released + via appropriate mechanisms, and the session cleaned up. If the + call is disconnected because the circuit transitions to a + "disconnected" or "down" state, the LAC MUST send a CDN to the + peer and return to idle state. + +7.5. Termination of a Control Connection + + The termination of a control connection consists of either peer + issuing a StopCCN. The sender of this message SHOULD wait a full + control message retransmission cycle (e.g., 1 + 2 + 4 + 8 ... + seconds) for the acknowledgment of this message before releasing the + control information associated with the control connection. The + recipient of this message should send an acknowledgment of the + message to the peer, then release the associated control information. + + When to release a control connection is an implementation issue and + is not specified in this document. A particular implementation may + use whatever policy is appropriate for determining when to release a + control connection. Some implementations may leave a control + connection open for a period of time or perhaps indefinitely after + + + +Lau, et al. Standards Track [Page 77] + +RFC 3931 L2TPv3 March 2005 + + + the last session for that control connection is cleared. Others may + choose to disconnect the control connection immediately after the + last call on the control connection disconnects. + +8. Security Considerations + + This section addresses some of the security issues that L2TP + encounters in its operation. + +8.1. Control Connection Endpoint and Message Security + + If a shared secret (password) exists between two LCCEs, it may be + used to perform a mutual authentication between the two LCCEs, and + construct an authentication and integrity check of arriving L2TP + control messages. The mechanism provided by L2TPv3 is described in + Section 4.3 and in the definition of the Message Digest and Control + Message Authentication Nonce AVPs in Section 5.4.1. + + This control message security mechanism provides for (1) mutual + endpoint authentication, and (2) individual control message integrity + and authenticity checking. Mutual endpoint authentication ensures + that an L2TPv3 control connection is only established between two + endpoints that are configured with the proper password. The + individual control message and integrity check guards against + accidental or intentional packet corruption (i.e., those caused by a + control message spoofing or man-in-the-middle attack). + + The shared secret that is used for all control connection, control + message, and AVP security features defined in this document never + needs to be sent in the clear between L2TP tunnel endpoints. + +8.2. Data Packet Spoofing + + Packet spoofing for any type of Virtual Private Network (VPN) + protocol is of particular concern as insertion of carefully + constructed rogue packets into the VPN transit network could result + in a violation of VPN traffic separation, leaking data into a + customer VPN. This is complicated by the fact that it may be + particularly difficult for the operator of the VPN to even be aware + that it has become a point of transit into or between customer VPNs. + + L2TPv3 provides traffic separation for its VPNs via a 32-bit Session + ID in the L2TPv3 data header. When present, the L2TPv3 Cookie + (described in Section 4.1), provides an additional check to ensure + that an arriving packet is intended for the identified session. + Thus, use of a Cookie with the Session ID provides an extra guarantee + that the Session ID lookup was performed properly and that the + Session ID itself was not corrupted in transit. + + + +Lau, et al. Standards Track [Page 78] + +RFC 3931 L2TPv3 March 2005 + + + In the presence of a blind packet spoofing attack, the Cookie may + also provide security against inadvertent leaking of frames into a + customer VPN. To illustrate the type of security that it is provided + in this case, consider comparing the validation of a 64-bit Cookie in + the L2TPv3 header to the admission of packets that match a given + source and destination IP address pair. Both the source and + destination IP address pair validation and Cookie validation consist + of a fast check on cleartext header information on all arriving + packets. However, since L2TPv3 uses its own value, it removes the + requirement for one to maintain a list of (potentially several) + permitted or denied IP addresses, and moreover, to guard knowledge of + the permitted IP addresses from hackers who may obtain and spoof + them. Further, it is far easier to change a compromised L2TPv3 + Cookie than a compromised IP address," and a cryptographically random + [RFC1750] value is far less likely to be discovered by brute-force + attacks compared to an IP address. + + For protection against brute-force, blind, insertion attacks, a 64- + bit Cookie MUST be used with all sessions. A 32-bit Cookie is + vulnerable to brute-force guessing at high packet rates, and as such, + should not be considered an effective barrier to blind insertion + attacks (though it is still useful as an additional verification of a + successful Session ID lookup). The Cookie provides no protection + against a sophisticated man-in-the-middle attacker who can sniff and + correlate captured data between nodes for use in a coordinated + attack. + + The Assigned Cookie AVP is used to signal the value and size of the + Cookie that must be present in all data packets for a given session. + Each Assigned Cookie MUST be selected in a cryptographically random + manner [RFC1750] such that a series of Assigned Cookies does not + provide any indication of what a future Cookie will be. + + The L2TPv3 Cookie must not be regarded as a substitute for security + such as that provided by IPsec when operating over an open or + untrusted network where packets may be sniffed, decoded, and + correlated for use in a coordinated attack. See Section 4.1.3 for + more information on running L2TP over IPsec. + +9. Internationalization Considerations + + The Host Name and Vendor Name AVPs are not internationalized. The + Vendor Name AVP, although intended to be human-readable, would seem + to fit in the category of "globally visible names" [RFC2277] and so + is represented in US-ASCII. + + If (1) an LCCE does not signify a language preference by the + inclusion of a Preferred Language AVP (see Section 5.4.3) in the + + + +Lau, et al. Standards Track [Page 79] + +RFC 3931 L2TPv3 March 2005 + + + SCCRQ or SCCRP, (2) the Preferred Language AVP is unrecognized, or + (3) the requested language is not supported by the peer LCCE, the + default language [RFC2277] MUST be used for all internationalized + strings sent by the peer. + +10. IANA Considerations + + This document defines a number of "magic" numbers to be maintained by + the IANA. This section explains the criteria used by the IANA to + assign additional numbers in each of these lists. The following + subsections describe the assignment policy for the namespaces defined + elsewhere in this document. + + Sections 10.1 through 10.3 are requests for new values already + managed by IANA according to [RFC3438]. + + The remaining sections are for new registries that have been added to + the existing L2TP registry and are maintained by IANA accordingly. + +10.1. Control Message Attribute Value Pairs (AVPs) + + This number space is managed by IANA as per [RFC3438]. + + A summary of the new AVPs follows: + + Control Message Attribute Value Pairs + + Attribute + Type Description + --------- ------------------ + + 58 Extended Vendor ID AVP + 59 Message Digest + 60 Router ID + 61 Assigned Control Connection ID + 62 Pseudowire Capabilities List + 63 Local Session ID + 64 Remote Session ID + 65 Assigned Cookie + 66 Remote End ID + 68 Pseudowire Type + 69 L2-Specific Sublayer + 70 Data Sequencing + 71 Circuit Status + 72 Preferred Language + 73 Control Message Authentication Nonce + 74 Tx Connect Speed + 75 Rx Connect Speed + + + +Lau, et al. Standards Track [Page 80] + +RFC 3931 L2TPv3 March 2005 + + +10.2. Message Type AVP Values + + This number space is managed by IANA as per [RFC3438]. There is one + new message type, defined in Section 3.1, that was allocated for this + specification: + + Message Type AVP (Attribute Type 0) Values + ------------------------------------------ + + Control Connection Management + + 20 (ACK) Explicit Acknowledgement + +10.3. Result Code AVP Values + + This number space is managed by IANA as per [RFC3438]. + + New Result Code values for the CDN message are defined in Section + 5.4. The following is a summary: + + Result Code AVP (Attribute Type 1) Values + ----------------------------------------- + + General Error Codes + + 13 - Session not established due to losing + tie breaker (L2TPv3). + 14 - Session not established due to unsupported + PW type (L2TPv3). + 15 - Session not established, sequencing required + without valid L2-Specific Sublayer (L2TPv3). + 16 - Finite state machine error or timeout. + + + + + + + + + + + + + + + + + + + +Lau, et al. Standards Track [Page 81] + +RFC 3931 L2TPv3 March 2005 + + +10.4. AVP Header Bits + + This is a new registry for IANA to maintain. + + Leading Bits of the L2TP AVP Header + ----------------------------------- + + There six bits at the beginning of the L2TP AVP header. New bits are + assigned via Standards Action [RFC2434]. + + Bit 0 - Mandatory (M bit) + Bit 1 - Hidden (H bit) + Bit 2 - Reserved + Bit 3 - Reserved + Bit 4 - Reserved + Bit 5 - Reserved + +10.5. L2TP Control Message Header Bits + + This is a new registry for IANA to maintain. + + Leading Bits of the L2TP Control Message Header + ----------------------------------------------- + + There are 12 bits at the beginning of the L2TP Control Message + Header. Reserved bits should only be defined by Standard + Action [RFC2434]. + + Bit 0 - Message Type (T bit) + Bit 1 - Length Field is Present (L bit) + Bit 2 - Reserved + Bit 3 - Reserved + Bit 4 - Sequence Numbers Present (S bit) + Bit 5 - Reserved + Bit 6 - Offset Field is Present [RFC2661] + Bit 7 - Priority Bit (P bit) [RFC2661] + Bit 8 - Reserved + Bit 9 - Reserved + Bit 10 - Reserved + Bit 11 - Reserved + + + + + + + + + + + +Lau, et al. Standards Track [Page 82] + +RFC 3931 L2TPv3 March 2005 + + +10.6. Pseudowire Types + + This is a new registry for IANA to maintain, there are no values + assigned within this document to maintain. + + L2TPv3 Pseudowire Types + ----------------------- + + The Pseudowire Type (PW Type, see Section 5.4) is a 2-octet value + used in the Pseudowire Type AVP and Pseudowire Capabilities List AVP + defined in Section 5.4.3. 0 to 32767 are assignable by Expert Review + [RFC2434], while 32768 to 65535 are assigned by a First Come First + Served policy [RFC2434]. There are no specific pseudowire types + assigned within this document. Each pseudowire-specific document + must allocate its own PW types from IANA as necessary. + +10.7. Circuit Status Bits + + This is a new registry for IANA to maintain. + + Circuit Status Bits + ------------------- + + The Circuit Status field is a 16-bit mask, with the two low order + bits assigned. Additional bits may be assigned by IETF Consensus + [RFC2434]. + + Bit 14 - New (N bit) + Bit 15 - Active (A bit) + + + + + + + + + + + + + + + + + + + + + + +Lau, et al. Standards Track [Page 83] + +RFC 3931 L2TPv3 March 2005 + + +10.8. Default L2-Specific Sublayer bits + + This is a new registry for IANA to maintain. + + Default L2-Specific Sublayer Bits + --------------------------------- + + The Default L2-Specific Sublayer contains 8 bits in the low-order + portion of the header. Reserved bits may be assigned by IETF + Consensus [RFC2434]. + + Bit 0 - Reserved + Bit 1 - Sequence (S bit) + Bit 2 - Reserved + Bit 3 - Reserved + Bit 4 - Reserved + Bit 5 - Reserved + Bit 6 - Reserved + Bit 7 - Reserved + +10.9. L2-Specific Sublayer Type + + This is a new registry for IANA to maintain. + + L2-Specific Sublayer Type + ------------------------- + + The L2-Specific Sublayer Type is a 2-octet unsigned integer. + Additional values may be assigned by Expert Review [RFC2434]. + + 0 - No L2-Specific Sublayer + 1 - Default L2-Specific Sublayer present + +10.10. Data Sequencing Level + + This is a new registry for IANA to maintain. + + Data Sequencing Level + --------------------- + + The Data Sequencing Level is a 2-octet unsigned integer + Additional values may be assigned by Expert Review [RFC2434]. + + 0 - No incoming data packets require sequencing. + 1 - Only non-IP data packets require sequencing. + 2 - All incoming data packets require sequencing. + + + + + +Lau, et al. Standards Track [Page 84] + +RFC 3931 L2TPv3 March 2005 + + +11. References + +11.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and + Languages", BCP 18, RFC 2277, January 1998. + + [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations section in RFCs", BCP 26, RFC 2434, + October 1998. + + [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 + Specification", RFC 2473, December 1998. + + [RFC2661] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G., + and Palter, B., "Layer Two Tunneling Layer Two Tunneling + Protocol (L2TP)", RFC 2661, August 1999. + + [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, + "Remote Authentication Dial In User Service (RADIUS)", RFC + 2865, June 2000. + + [RFC3066] Alvestrand, H., "Tags for the Identification of Languages", + BCP 47, RFC 3066, January 2001. + + [RFC3193] Patel, B., Aboba, B., Dixon, W., Zorn, G., and Booth, S., + "Securing L2TP using IPsec", RFC 3193, November 2001. + + [RFC3438] Townsley, W., "Layer Two Tunneling Protocol (L2TP) Internet + Assigned Numbers Authority (IANA) Considerations Update", + BCP 68, RFC 3438, December 2002. + + [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", + STD 63, RFC 3629, November 2003. + +11.2. Informative References + + [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities", + STD 13, RFC 1034, November 1987. + + [RFC1191] Mogul, J. and S. Deering, "Path MTU Discovery", RFC 1191, + November 1990. + + [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, + April 1992. + + + +Lau, et al. Standards Track [Page 85] + +RFC 3931 L2TPv3 March 2005 + + + [RFC1661] Simpson, W., Ed., "The Point-to-Point Protocol (PPP)", STD + 51, RFC 1661, July 1994. + + [RFC1700] Reynolds, J. and Postel, J., "Assigned Numbers", STD 2, RFC + 1700, October 1994. + + [RFC1750] Eastlake, D., Crocker, S., and Schiller, J., "Randomness + Recommendations for Security", RFC 1750, December 1994. + + [RFC1958] Carpenter, B., Ed., "Architectural Principles of the + Internet", RFC 1958, June 1996. + + [RFC1981] McCann, J., Deering, S., and Mogul, J., "Path MTU Discovery + for IP version 6", RFC 1981, August 1996. + + [RFC2072] Berkowitz, H., "Router Renumbering Guide", RFC 2072, + January 1997. + + [RFC2104] Krawczyk, H., Bellare, M., and Canetti, R., "HMAC: Keyed- + Hashing for Message Authentication", RFC 2104, February + 1997. + + [RFC2341] Valencia, A., Littlewood, M., and Kolar, T., "Cisco Layer + Two Forwarding (Protocol) L2F", RFC 2341, May 1998. + + [RFC2401] Kent, S. and Atkinson, R., "Security Architecture for the + Internet Protocol", RFC 2401, November 1998. + + [RFC2581] Allman, M., Paxson, V., and Stevens, W., "TCP Congestion + Control", RFC 2581, April 1999. + + [RFC2637] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W., + and Zorn, G., "Point-to-Point Tunneling Protocol (PPTP)", + RFC 2637, July 1999. + + [RFC2732] Hinden, R., Carpenter, B., and Masinter, L., "Format for + Literal IPv6 Addresses in URL's", RFC 2732, December 1999. + + [RFC2809] Aboba, B. and Zorn, G., "Implementation of L2TP Compulsory + Tunneling via RADIUS", RFC 2809, April 2000. + + [RFC3070] Rawat, V., Tio, R., Nanji, S., and Verma, R., "Layer Two + Tunneling Protocol (L2TP) over Frame Relay", RFC 3070, + February 2001. + + + + + + + +Lau, et al. Standards Track [Page 86] + +RFC 3931 L2TPv3 March 2005 + + + [RFC3355] Singh, A., Turner, R., Tio, R., and Nanji, S., "Layer Two + Tunnelling Protocol (L2TP) Over ATM Adaptation Layer 5 + (AAL5)", RFC 3355, August 2002. + + [KPS] Kaufman, C., Perlman, R., and Speciner, M., "Network + Security: Private Communications in a Public World", + Prentice Hall, March 1995, ISBN 0-13-061466-1. + + [STEVENS] Stevens, W. Richard, "TCP/IP Illustrated, Volume I: The + Protocols", Addison-Wesley Publishing Company, Inc., March + 1996, ISBN 0-201-63346-9. + +12. Acknowledgments + + Many of the protocol constructs were originally defined in, and the + text of this document began with, RFC 2661, "L2TPv2". RFC 2661 + authors are W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn and + B. Palter. + + The basic concept for L2TP and many of its protocol constructs were + adopted from L2F [RFC2341] and PPTP [RFC2637]. Authors of these + versions are A. Valencia, M. Littlewood, T. Kolar, K. Hamzeh, G. + Pall, W. Verthein, J. Taarud, W. Little, and G. Zorn. + + Danny Mcpherson and Suhail Nanji published the first "L2TP Service + Type" version, which defined the use of L2TP for tunneling of various + L2 payload types (initially, Ethernet and Frame Relay). + + The team for splitting RFC 2661 into this base document and the + companion PPP document consisted of Ignacio Goyret, Jed Lau, Bill + Palter, Mark Townsley, and Madhvi Verma. Skip Booth also provided + very helpful review and comment. + + Some constructs of L2TPv3 were based in part on UTI (Universal + Transport Interface), which was originally conceived by Peter + Lothberg and Tony Bates. + + Stewart Bryant and Simon Barber provided valuable input for the + L2TPv3 over IP header. + + Juha Heinanen provided helpful review in the early stages of this + effort. + + Jan Vilhuber, Scott Fluhrer, David McGrew, Scott Wainner, Skip Booth + and Maria Dos Santos contributed to the Control Message + Authentication Mechanism as well as general discussions of security. + + + + + +Lau, et al. Standards Track [Page 87] + +RFC 3931 L2TPv3 March 2005 + + + James Carlson, Thomas Narten, Maria Dos Santos, Steven Bellovin, Ted + Hardie, and Pekka Savola provided very helpful review of the final + versions of text. + + Russ Housley provided valuable review and comment on security, + particularly with respect to the Control Message Authentication + mechanism. + + Pekka Savola contributed to proper alignment with IPv6 and inspired + much of Section 4.1.4 on fragmentation. + + Aside of his original influence and co-authorship of RFC 2661, Glen + Zorn helped get all of the language and character references straight + in this document. + + A number of people provided valuable input and effort for RFC 2661, + on which this document was based: + + John Bray, Greg Burns, Rich Garrett, Don Grosser, Matt Holdrege, + Terry Johnson, Dory Leifer, and Rich Shea provided valuable input and + review at the 43rd IETF in Orlando, FL, which led to improvement of + the overall readability and clarity of RFC 2661. + + Thomas Narten provided a great deal of critical review and + formatting. He wrote the first version of the IANA Considerations + section. + + Dory Leifer made valuable refinements to the protocol definition of + L2TP and contributed to the editing of early versions leading to RFC + 2661. + + Steve Cobb and Evan Caves redesigned the state machine tables. + Barney Wolff provided a great deal of design input on the original + endpoint authentication mechanism. + + + + + + + + + + + + + + + + + +Lau, et al. Standards Track [Page 88] + +RFC 3931 L2TPv3 March 2005 + + +Appendix A: Control Slow Start and Congestion Avoidance + + Although each side has indicated the maximum size of its receive + window, it is recommended that a slow start and congestion avoidance + method be used to transmit control packets. The methods described + here are based upon the TCP congestion avoidance algorithm as + described in Section 21.6 of TCP/IP Illustrated, Volume I, by W. + Richard Stevens [STEVENS] (this algorithm is also described in + [RFC2581]). + + Slow start and congestion avoidance make use of several variables. + The congestion window (CWND) defines the number of packets a sender + may send before waiting for an acknowledgment. The size of CWND + expands and contracts as described below. Note, however, that CWND + is never allowed to exceed the size of the advertised window obtained + from the Receive Window AVP. (In the text below, it is assumed any + increase will be limited by the Receive Window Size.) The variable + SSTHRESH determines when the sender switches from slow start to + congestion avoidance. Slow start is used while CWND is less than + SSHTRESH. + + A sender starts out in the slow start phase. CWND is initialized to + one packet, and SSHTRESH is initialized to the advertised window + (obtained from the Receive Window AVP). The sender then transmits + one packet and waits for its acknowledgment (either explicit or + piggybacked). When the acknowledgment is received, the congestion + window is incremented from one to two. During slow start, CWND is + increased by one packet each time an ACK (explicit ACK message or + piggybacked) is received. Increasing CWND by one on each ACK has the + effect of doubling CWND with each round trip, resulting in an + exponential increase. When the value of CWND reaches SSHTRESH, the + slow start phase ends and the congestion avoidance phase begins. + + During congestion avoidance, CWND expands more slowly. Specifically, + it increases by 1/CWND for every new ACK received. That is, CWND is + increased by one packet after CWND new ACKs have been received. + Window expansion during the congestion avoidance phase is effectively + linear, with CWND increasing by one packet each round trip. + + When congestion occurs (indicated by the triggering of a + retransmission) one-half of the CWND is saved in SSTHRESH, and CWND + is set to one. The sender then reenters the slow start phase. + + + + + + + + + +Lau, et al. Standards Track [Page 89] + +RFC 3931 L2TPv3 March 2005 + + +Appendix B: Control Message Examples + +B.1: Lock-Step Control Connection Establishment + + In this example, an LCCE establishes a control connection, with the + exchange involving each side alternating in sending messages. This + example shows the final acknowledgment explicitly sent within an ACK + message. An alternative would be to piggyback the acknowledgment + within a message sent as a reply to the ICRQ or OCRQ that will likely + follow from the side that initiated the control connection. + + LCCE A LCCE B + ------ ------ + SCCRQ -> + Nr: 0, Ns: 0 + <- SCCRP + Nr: 1, Ns: 0 + SCCCN -> + Nr: 1, Ns: 1 + <- ACK + Nr: 2, Ns: 1 + +B.2: Lost Packet with Retransmission + + An existing control connection has a new session requested by LCCE A. + The ICRP is lost and must be retransmitted by LCCE B. Note that loss + of the ICRP has two effects: It not only keeps the upper level state + machine from progressing, but also keeps LCCE A from seeing a timely + lower level acknowledgment of its ICRQ. + + LCCE A LCCE B + ------ ------ + ICRQ -> + Nr: 1, Ns: 2 + (packet lost) <- ICRP + Nr: 3, Ns: 1 + + (pause; LCCE A's timer started first, so fires first) + + ICRQ -> + Nr: 1, Ns: 2 + + (Realizing that it has already seen this packet, + LCCE B discards the packet and sends an ACK message) + + <- ACK + Nr: 3, Ns: 2 + + + + +Lau, et al. Standards Track [Page 90] + +RFC 3931 L2TPv3 March 2005 + + + (LCCE B's retransmit timer fires) + + <- ICRP + Nr: 3, Ns: 1 + ICCN -> + Nr: 2, Ns: 3 + + <- ACK + Nr: 4, Ns: 2 + +Appendix C: Processing Sequence Numbers + + The Default L2-Specific Sublayer, defined in Section 4.6, provides a + 24-bit field for sequencing of data packets within an L2TP session. + L2TP data packets are never retransmitted, so this sequence is used + only to detect packet order, duplicate packets, or lost packets. + + The 24-bit Sequence Number field of the Default L2-Specific Sublayer + contains a packet sequence number for the associated session. Each + sequenced data packet that is sent must contain the sequence number, + incremented by one, of the previous sequenced packet sent on a given + L2TP session. Upon receipt, any packet with a sequence number equal + to or greater than the current expected packet (the last received + in-order packet plus one) should be considered "new" and accepted. + All other packets are considered "old" or "duplicate" and discarded. + Note that the 24-bit sequence number space includes zero as a valid + sequence number (as such, it may be implemented with a masked 32-bit + counter if desired). All new sessions MUST begin sending sequence + numbers at zero. + + Larger or smaller sequence number fields are possible with L2TP if an + alternative format to the Default L2-Specific Sublayer defined in + this document is used. While 24 bits may be adequate in a number of + circumstances, a larger sequence number space will be less + susceptible to sequence number wrapping problems for very high + session data rates across long dropout periods. The sequence number + processing recommendations below should hold for any size sequence + number field. + + When detecting whether a packet sequence number is "greater" or + "less" than a given sequence number value, wrapping of the sequence + number must be considered. This is typically accomplished by keeping + a window of sequence numbers beyond the current expected sequence + number for determination of whether a packet is "new" or not. The + window may be sized based on the link speed and sequence number space + and SHOULD be configurable with a default equal to one half the size + of the available number space (e.g., 2^(n-1), where n is the number + of bits available in the sequence number). + + + +Lau, et al. Standards Track [Page 91] + +RFC 3931 L2TPv3 March 2005 + + + Upon receipt, packets that exactly match the expected sequence number + are processed immediately and the next expected sequence number + incremented. Packets that fall within the window for new packets may + either be processed immediately and the next expected sequence number + updated to one plus that received in the new packet, or held for a + very short period of time in hopes of receiving the missing + packet(s). This "very short period" should be configurable, with a + default corresponding to a time lapse that is at least an order of + magnitude less than the retransmission timeout periods of higher + layer protocols such as TCP. + + For typical transient packet mis-orderings, dropping out-of-order + packets alone should suffice and generally requires far less + resources than actively reordering packets within L2TP. An exception + is a case in which a pair of packet fragments are persistently + retransmitted and sent out-of-order. For example, if an IP packet + has been fragmented into a very small packet followed by a very large + packet before being tunneled by L2TP, it is possible (though + admittedly wrong) that the two resulting L2TP packets may be + consistently mis-ordered by the PSN in transit between L2TP nodes. + If sequence numbers were being enforced at the receiving node without + any buffering of out-of-order packets, then the fragmented IP packet + may never reach its destination. It may be worth noting here that + this condition is true for any tunneling mechanism of IP packets that + includes sequence number checking on receipt (i.e., GRE [RFC2890]). + + Utilization of a Data Sequencing Level (see Section 5.4.3) of 1 (only + non-IP data packets require sequencing) allows IP data packets being + tunneled by L2TP to not utilize sequence numbers, while utilizing + sequence numbers and enforcing packet order for any remaining non-IP + data packets. Depending on the requirements of the link layer being + tunneled and the network data traversing the data link, this is + sufficient in many cases to enforce packet order on frames that + require it (such as end-to-end data link control messages), while not + on IP packets that are known to be resilient to packet reordering. + + If a large number of packets (i.e., more than one new packet window) + are dropped due to an extended outage or loss of sequence number + state on one side of the connection (perhaps as part of a forwarding + plane reset or failover to a standby node), it is possible that a + large number of packets will be sent in-order, but be wrongly + detected by the peer as out-of-order. This can be generally + characterized for a window size, w, sequence number space, s, and + number of packets lost in transit between L2TP endpoints, p, as + follows: + + + + + + +Lau, et al. Standards Track [Page 92] + +RFC 3931 L2TPv3 March 2005 + + + If s > p > w, then an additional (s - p) packets that were otherwise + received in-order, will be incorrectly classified as out-of-order and + dropped. Thus, for a sequence number space, s = 128, window size, w + = 64, and number of lost packets, p = 70; 128 - 70 = 58 additional + packets would be dropped after the outage until the sequence number + wrapped back to the current expected next sequence number. + + To mitigate this additional packet loss, one MUST inspect the + sequence numbers of packets dropped due to being classified as "old" + and reset the expected sequence number accordingly. This may be + accomplished by counting the number of "old" packets dropped that + were in sequence among themselves and, upon reaching a threshold, + resetting the next expected sequence number to that seen in the + arriving data packets. Packet timestamps may also be used as an + indicator to reset the expected sequence number by detecting a period + of time over which "old" packets have been received in-sequence. The + ideal thresholds will vary depending on link speed, sequence number + space, and link tolerance to out-of-order packets, and MUST be + configurable. + +Editors' Addresses + + Jed Lau + cisco Systems + 170 W. Tasman Drive + San Jose, CA 95134 + + EMail: jedlau@cisco.com + + + W. Mark Townsley + cisco Systems + + EMail: mark@townsley.net + + + Ignacio Goyret + Lucent Technologies + + EMail: igoyret@lucent.com + + + + + + + + + + + +Lau, et al. Standards Track [Page 93] + +RFC 3931 L2TPv3 March 2005 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2005). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at ietf- + ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + +Lau, et al. Standards Track [Page 94] + -- cgit v1.2.3