Scalability is always a requirement with anything having to do with networking. This tip offers a protocol that can improve the scalability of your VPN.
If you are considering implementing a very large, secure dialup network using L2TP, (Layer two tunneling protocol) you should consider enhancing your scalability by using a layered approach to your L2TP Access Clients (LAC) and L2TP Network Servers (LNS). This can be accomplished using "L2TP Multihop".
Generally, when a remote user dials into the network, his phone call is terminated at the LAC, which then establishes a L2TP session between itself and the LNS. The LNS terminates the L2TP tunnel. In other words, the LNS connects the tunnel with the private network. With L2TP Multihop, the LAC will establish a session with the LNS and that LNS will itself then act as a LAC and establish another session with another LNS.
By redirecting tunnels on behalf of the client LAC to many other LNS, a set of devices acting as LNS and LAC can aggregate a number of access devices (LAC) so that the total tunnels aren't constrained by the ability of one LNS.
The configuration of a Cisco router performing L2TP Multihop might look something like this:
! vpdn enable vpdn multihop ! vpdn-group 1 accept dialin l2tp virtual-template 1 remote xyz local name abc ! vpdn-group 2 request dialin l2tp ip 192.168.1.1 domain searchnetworking.com local name abc
If a client wants to access the searchnetworking.com
Requires Free Membership to View
domain, the router automatically creates a L2TP tunnel between itself and 192.168.1.1 (unless one already exists) and redirects the client's traffic from the first tunnel to the new tunnel. You can create vpdn-groups for multiple domains.Thomas Alexander Lancaster IV is a consultant and author with over 15 years experience in the networking industry, focused on Internet infrastructure.
This was first published in September 2005