Tip

Install L2TP multihop for better scaling

Scalability is always a requirement with anything having to do with networking. This tip offers a protocol that can improve the scalability of your VPN.

If you are considering implementing a very large, secure dialup network using L2TP, (Layer two tunneling protocol) you should consider enhancing your scalability by using a layered approach to your L2TP Access Clients (LAC) and L2TP Network Servers (LNS). This can be accomplished using "L2TP Multihop".

Generally, when a remote user dials into the network, his phone call is terminated at the LAC, which then establishes a L2TP session between itself and the LNS. The LNS terminates the L2TP tunnel. In other words, the LNS connects the tunnel with the private network. With L2TP Multihop, the LAC will establish a session with the LNS and that LNS will itself then act as a LAC and establish another session with another LNS.

By redirecting tunnels on behalf of the client LAC to many other LNS, a set of devices acting as LNS and LAC can aggregate a number of access devices (LAC) so that the total tunnels aren't constrained by the ability of one LNS.

The configuration of a Cisco router performing L2TP Multihop might look something like this:

!
vpdn enable
vpdn multihop
!
vpdn-group 1
accept dialin l2tp virtual-template 1 remote xyz
local name abc
!
vpdn-group 2
request dialin l2tp ip 192.168.1.1 domain searchnetworking.com
local name abc

If a client wants to access the searchnetworking.com

    Requires Free Membership to View

domain, the router automatically creates a L2TP tunnel between itself and 192.168.1.1 (unless one already exists) and redirects the client's traffic from the first tunnel to the new tunnel. You can create vpdn-groups for multiple domains.

Thomas Alexander Lancaster IV is a consultant and author with over 15 years experience in the networking industry, focused on Internet infrastructure.


This was first published in September 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.