Layer Two Tunneling Protocol

Description

Layer Two Tunneling Protocol (L2TP) is a standardized tunneling protocol, originally defined by the IETF (RFC 2661, later updated), that is adopted and referenced within 3GPP specifications for specific interfaces. In the 3GPP architecture, L2TPv2 is used primarily over the SGi interface (between the Packet Data Network Gateway - PGW and an external packet data network) and within the Packet Data Network (PDN) connection setup. It provides a mechanism to tunnel Point-to-Point Protocol (PPP) frames or other Layer 2 traffic over an IP network, creating a virtual point-to-point link.

L2TP operates by establishing a control connection and one or more sessions within that connection. The L2TP Access Concentrator (LAC) and L2TP Network Server (LNS) are the two endpoints. In a 3GPP context, the User Equipment (UE) acts as a PPP peer, the PGW often incorporates the LNS function, and an external broadband network server (BNS) or the UE's enterprise network may act as the LAC. The protocol encapsulates the original PPP frames inside L2TP packets, which are then further encapsulated in UDP/IP for transport across the network. This creates a secure, logical extension of a Layer 2 network over an IP infrastructure.

Key components within 3GPP include the L2TP control message exchange for tunnel/session establishment, maintenance, and teardown, and the data encapsulation process. Its role is crucial for certain types of PDN connectivity, especially for interworking with legacy dial-up networks, providing Virtual Private Network (VPN) access for users, or for specific fixed-mobile convergence scenarios. It allows mobile operators to offer seamless secure access to corporate networks or ISP services by extending a traditional dial-up or broadband PPP session over the mobile core network.

Purpose & Motivation

L2TP was incorporated into 3GPP specifications to solve the problem of providing remote, authenticated network access over IP-based core networks. In early 3GPP releases (Rel-4/5), there was a need to support interworking with existing Internet Service Provider (ISP) infrastructures that relied heavily on PPP for user authentication (like CHAP/PAP) and IP address assignment. L2TP provided a standardized way to tunnel these PPP sessions from the UE, through the mobile packet core, to the ISP's network server.

Its creation was motivated by the transition from circuit-switched data (where the UE had a direct modem-like connection) to packet-switched core networks. Simply sending raw PPP over the GPRS network was not feasible. L2TP addressed this by defining a robust tunneling mechanism that could traverse Network Address Translation (NAT) devices (using UDP), provide its own sequencing and delivery guarantees, and separate control and data planes. It enabled operators to leverage existing AAA (Authentication, Authorization, Accounting) and billing systems built for dial-up PPP users.

While newer, more integrated authentication methods like EAP have become prevalent for direct mobile access, L2TP remains relevant for specific use cases requiring transparent Layer 2 tunnel termination outside the mobile operator's network, such as certain types of enterprise VPNs or legacy service integration, providing a bridge between modern mobile IP architectures and traditional network access servers.

Key Features

• Tunneling of PPP frames over IP networks (UDP port 1701)
• Separate control connection for tunnel/session management and data sessions for user traffic
• Support for tunnel authentication and security (using AVPs and optional IPsec)
• Ability to traverse NAT devices due to UDP encapsulation
• Mechanisms for flow control, error handling, and session keep-alive
• Used for specific PDN types (e.g., to interface with external ISP networks) in 3GPP

Evolution Across Releases

Defining Specifications