Extending Layer 2 Across Layer 3 With L2TPv3 Pseudo-Wires

Extending Layer 2 across Layer 3 with L2TPv3 Pseudo-wires - Packet Pu...
1 of 5
PODCAST SITES ->
HOME
ABOUT
PRIORITY QUEUE
FAQ
ADVERTISE
http://packetpushers.net/extending-layer-2-across-layer-3-with-l2tpv3-ps...
COMMUNITY PODCASTS
SUPPORT THE SHOW
IRC
WEEKLY SHOW
SUBSCRIBE
BACK CATALOGUE
Extending Layer 2 across Layer 3 with L2TPv3 Pseudo-wires

22 January 2013 by Brandon Roberson
NETWORK BREAK SHOW
@PACKETPUSHERS
Search this website
Search
4 Comments
Imagine one day your boss comes to you wanting to provide Internet access for a tenant in a
distant building location that your organization has a presence (WAN connectivity) at. You think
for a moment how to accomplish this task while keeping the following points in mind. How can
we do this
1. securely,
2. across a Layer 3 segment,
3. connect them to the company guest internet router at the main site,
4. keep the configuration/setup relatively non-complex,
5. and of course with-in a budget.
As you begin to research how you would like to approach this scenario with the points above in
mind, the greatest technical challenge you see is the across a layer 3 segment point.
While researching solutions, you remember some of the new benefits the more recent L2TPv3
can provide. As you research some of the benefits of L2TPv3 you learn that a Layer 2 connection
can be extended across a Layer 3 network using a feature called x-connect or a pseudo-wire . As
you investigate further the requirements and configuration you realize you have everything
needed to make this connectivity scenario happen. The hardware involved is a Cisco 2811 router
at the remote distant building (across a L3 WAN) with the guest Internet router at the main site
also being a 2811 both running a 12.4 T code that supports L2TPv3. An obvious requirement is IP
connectivity between each 2811 router for the pseudo-wire to function. The remote router at
the distant location is reachable already since its within your companys routing (table) domain
while the guest Internet router is L3 reachable via a management interface.
For the network diagram used in this scenario see the below link:
L2TPv3_Pseudowire_Diagram
First off, heres some quick definitions for L2TPv3 and Pseudo-wire:
PACKET PUSHERS BACK CATALOGUE

Here is an updated list to EVERY podcast that has
been published
Source Wikipedia.org
L2TPv3 -Layer 2 Tunneling Protocol Version 3 is an IETF standard related to
L2TP that can be used as an alternative protocol to Multiprotocol Label Switching
(MPLS) for encapsulation of multiprotocol Layer 2 communications traffic over IP
networks. Like L2TP, L2TPv3 provides a pseudo-wire service, but scaled to fit
ETHEREALMIND.COM
carrier requirements.
Response: Open Web Alliance Lobbies to

Intercept Your Traffic
Pseudo-wire a pseudo-wire (or pseudo-wire) is an emulation of a point-
Time-division multiplexing (TDM) while the packet network may be Multi-protocol
Being Hacked Is Good For Business! or Why You

Need To Security Detection not Security
Prevention
label switching (MPLS), Internet Protocol (IPv4 or IPv6), or Layer 2 Tunneling
Analysis: Example of WAN Orchestration
to-point connection over a packet-switching network. The service being carried over
the wire may be Asynchronous Transfer Mode (ATM), Frame Relay, Ethernet or
Protocol Version 3 (L2TPv3).

HP Embracing Whitebrand/Bare Metal/Britebox
Ethernet Switching
Note: in this scenario, the Guest Internet Router has an HWIC-2FE and HWIC-4ESW card installed
10/03/2015 6:35 PM
2 of 5
where FA0/3/0 (HWIC-2FE) connects to FA0/1/2 (HWIC-4ESW) on the Guest Internet Router with a
Network Dictionary Whitebrand Ethernet
small straight-thru patch cable. Here we are going to configure the pseudo-wire tunnel between
routers Savannah and Guest Internet Router with the tunnel configured on the LAN side
interface of each router, this will be FA0/1 on the Savannah Router and FA0/3/0 on the Guest
Internet Routers FE port. Our source of the tunnel will be the WAN facing interface G0/0/0 on
Savannah and a vlan (mgt) interface (vlan 1) FA0/0/0 on the Guest Internet Routers switch card.
ETHANCBANKS.COM
The Why Talented Employees Stay Listicle
ORLY?
As stated earlier, L3 connectivity is a requirement, and we can ping between Savannahs G0/0/0
and the Guest Internet Routers FA0/0/0 (vlan1) interfaces. In this scenario, EIGRP is the WAN
What is the difference between throughput &
routing protocol of choice.
goodput?
Our first step.
Review: Hosting WordPress with GoDaddy

Lets Meet at Interop Las Vegas 2015
Create our L2TPv3 class Used to configure the authentication as follows:

-Savannah & Guest Internet Routerl2tp-class networkstV3class
News Analysis: CloudGenix, LightCyber, VMware,

Meru
authentication
password L2TPv3
RECENT COMMENTS
Our 2nd step.

Our next step is to apply this to a pseudo-wire defining our source interfaces for the L2TPv3
tunnel.
-Savannahpseudowire-class NETWO RKPW
encapsulation l2tpv3
Kunal on How we upgraded the entire Network

Infrastructure in 2 weeks
Iamjeffvader on How the CCIE changed my life
Cristian on How we upgraded the entire Network
protocol l2tpv3 networkstV3class
Edwin Martinez on How the CCIE changed my
ip local interface GigabitEthernet0/0/0
life
-Guest Internet Routerpseudowire-class NETWO RKPW
Thejas on How we upgraded the entire Network

encapsulation l2tpv3
protocol l2tpv3 networkstV3class
ip local interface Vlan1
Our 3rd and almost final step!

Apply the pseudo-wire to the LAN facing interface.
-Savannahinterface FastEthernet0/1
description LAN Facing
no ip address
duplex auto
Jonathan Davis on Why you should dig the Dig

command.
Allan Maseghe on How the CCIE changed my life
returnofthemus on CCDE and CCAr Certificates
FAQ
andy on Show 226 What Is A Load Balancer,
Anyway?
Russ White on NAT, Security, and Repeating
Myself
speed auto
xconnect 10.100.10.1 1 encapsulation l2tpv3 pw-class NETWO RKPW
- the xconnect cmd associates interface vlan1 to the Guest Internet Routers pseudo-wire located
at 10.100.10.1
the VC ID of 1 is a virtual circuit ID and needs to match at both ends.
-Guest Internet Routerinterface FastEthernet0/3/0
description LAN Facing
no ip address
WEEKLY COMPENDIUM EMAIL LIST
duplex auto
speed auto
xconnect 10.200.255.2 1 encapsulation l2tpv3 pw-class NETWO RKPW
- the xconnect cmd associates interface g0/0/0 to Savannahs pseudo-wire located at
10.200.255.2
A weekly email listing everything that was

published on Packet Pushers that week in a short,
summarised email.
E-Mail Address
Go
the VC ID of 1 is a virtual circuit ID and needs to match at both ends.
Our 4th and final step!

We will verify our configuration from one of the routers with a couple of commands to check that
10/03/2015 6:35 PM
3 of 5
the pseudo-wire tunnel is up.

-Savannahsh xconnect all
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1
S1 Segment 2
S2
++++
UP
ac Fa0/1(Ethernet)
UP l2tp 10.100.10.1:1
UP
sh l2tun tunnel all

L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 15828 is up, remote id is 27169, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 6d00h
Tunnel transport is IP (L2TP) (115)
Remote tunnel name is Guest Internet Router
Internet Address 10.100.10.1, port 0
Local tunnel name is Savannah
Internet Address 10.200.255.2, port 0
L2TP class for tunnel is networkstV3class
Counters, taking last clear into account:
1655537 packets sent, 1897898 received
397149740 bytes sent, 1140016470 received
Last clearing of counters never
Counters, ignoring last clear:
1655537 packets sent, 1897898 received
397149740 bytes sent, 1140016470 received
Control Ns 4525, Nr 4343
Local RWS 1024 (default), Remote RWS 1024
Control channel Congestion Control is disabled
Tunnel PMTU checking disabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs sent 4341
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
If you experience any issues with the tunnel, troubleshoot from bottom up first
verifying physical connectivity then IP connectivity.
A couple of additional items about this scenario to note:

-To ensure security, a vrf was created on the Guest Internet Router and assigned to the L3 vlan
401 interface.
-DHCP service for vlan 401 is configured on the Guest Internet Router.
Bio
Latest Posts
Brandon Roberson
Brandon is a Sr. Network Engineer, focused mostly on Route Switch, Data
Center, and network Security. Brandon currently works in the healthcare
industry and teaches networking courses from time to time. He is currently
working on his CCIE (R&S) and holds CCNP, CCDP, CCNP Security, and CWNA
credentials.
10/03/2015 6:35 PM
4 of 5
Share this:
Filed Under: Blogs, Service Provider, Switching
Tagged With: l2tpv3, layer 2 extension, pseudowire,
tunneling, x-connect
5 Comments
Ivan Pepelnjak
And what exactly is wrong with VRFs and GRE tunnels (apart from being
old-school and actually working on any platform there is out there)?
Brandon Roberson
GRE and VRF's which most everyone knows about would in-deed both be
good approaches.This scenario is just showing another way to accomplish the
same task. Actually in this particular scenario the PW was an overall better
and more simplified approach.
Ben
Thank you for presenting and explaining this interesting design solution.
Brent Salisbury
Appreciate the time spent writing this up Brandon. That will be handy to have
for reference.
Cheers.
striker2204
nice solution. although regarding your requirements I don't see the need to
stretch your L2-Domain. Wouldn't be a GRE-Tunnel from the Branch Router a
better solution, assuming that you have more Guest-Internet from other
locations ? Services such as DHCP provided by the Guest-Internet-Router
which still allows central management.
10/03/2015 6:35 PM
5 of 5
WHO IS GREG FERRO?

Greg Ferro is a Network
Engineer/Architect, mostly focussed
on Data Centre, Security
Infrastructure, and recently Virtualization. He
has over 20 years in IT, in wide range of
employers working as a freelance consultant
including Finance, Service Providers and Online
Companies. He is CCIE#6920 and has a few ideas
about the world, but not enough to really count.
BLOG CATEGORIES
Book Review
Certification
Data Center
Jobs
E-Mail Address
Go
Thanks for subscribing to the Packet Pushers

Load Balancing
@etherealmind and Google Plus.
Routing
View My Blog Posts
SDN (Software Defined Networking)
WHO IS ETHAN BANKS?
Security
Supporters list. We won't abuse your email or

privacy. We will send a newsletter a few times a
year.
Service Provider
Show News
Switching
reaches over 10K listeners. With whatever time is

left, Ethan writes for fun & profit, studies for
Virtualization
certifications, and enjoys science fiction.

@ecbanks
Voice
View My Blog Posts
news, updates and events that is happening in

the Packet Pushers network. This helps to
support us when we run special events and helps
us to bring you more content.
Network Management
managing networks for higher ed,

government, financials and high tech
since 1995. Ethan co-hosts the Packet Pushers
Podcast, which has seen over 3M downloads and
Sign up to receive our infrequent newsletter with
IPv6
He is a host on the Packet Pushers Podcast,

blogger at EtherealMind.com and on Twitter
Ethan Banks, CCIE #20655, has been
PACKET PUSHERS SUPPORTERS NEWSLETTER
WAN Optimization
Work Life
RETURN TO TOP OF PAGE

COPYRIGHT THROPOS LTD ( A LIMITED COMPANY REGISTERED IN THE UK) 2008-2015 - CONTACT US FOR SPONSORSHIP AND ADVERTISING.
10/03/2015 6:35 PM

Extending Layer 2 Across Layer 3 With L2TPv3 Pseudo-Wires - Packet Pushers Podcast

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Extending Layer 2 Across Layer 3 With L2TPv3 Pseudo-Wires - Packet Pushers Podcast

Uploaded by

Copyright:

Available Formats

Extending Layer 2 across Layer 3 with L2TPv3 Pseudo-wires - Packet Pu...

PODCAST SITES ->

SUPPORT THE SHOW

NETWORK BREAK SHOW

Search this website

PACKET PUSHERS BACK CATALOGUE

Response: Open Web Alliance Lobbies to

Pseudo-wire a pseudo-wire (or pseudo-wire) is an emulation of a point-

Time-division multiplexing (TDM) while the packet network may be Multi-protocol

Being Hacked Is Good For Business! or Why You

label switching (MPLS), Internet Protocol (IPv4 or IPv6), or Layer 2 Tunneling

Analysis: Example of WAN Orchestration

Protocol Version 3 (L2TPv3).