L2TP Access Concentrator

Description

The L2TP Access Concentrator (LAC) is a network element defined within 3GPP architectures for scenarios involving Layer 2 Tunneling Protocol (L2TP). Its primary role is to act as an initiator and terminator of L2TP tunnels on the network side, facilitating a user's access to packet data services. In a typical architecture involving mobile access, the User Equipment (UE) establishes a Point-to-Point Protocol (PPP) session. The LAC, often co-located with or interfacing the Gateway GPRS Support Node (GGSN) or Packet Data Network Gateway (PGW) in earlier 3GPP releases, terminates this PPP session and encapsulates the PPP frames within L2TP tunnels.

Operationally, the LAC works in conjunction with an L2TP Network Server (LNS). The LAC is responsible for the tunnel setup and maintenance procedures with the LNS, as defined in IETF RFC 2661 and later updates. It forwards the user's PPP frames through the secure L2TP tunnel to the LNS, which then de-encapsulates them and injects the IP traffic into the target Packet Data Network (PDN). The LAC handles the aggregation of multiple user sessions into a smaller number of tunnels towards the LNS, optimizing network resource usage. It also plays a role in authentication, often participating in CHAP or PAP exchanges by proxying authentication messages between the UE and the LNS or a RADIUS server.

Within the 3GPP network architecture, the LAC is a key component for enabling certain access types and interworking scenarios. It was particularly relevant for dial-up and DSL interworking, where mobile networks needed to provide seamless access to corporate intranets or ISP services that relied on PPP-based authentication and addressing. The LAC resides in the visitor or home network and provides the interface between the 3GPP packet core and non-3GPP, PPP-based access networks, ensuring secure and managed connectivity for roaming and fixed-mobile convergence use cases.

Purpose & Motivation

The LAC was introduced to solve the problem of integrating 3GPP mobile networks with existing corporate and Internet service provider (ISP) infrastructures that were built around PPP and L2TP technologies. Prior to ubiquitous native IP connectivity in mobile devices, many remote access solutions for enterprises used dial-up networks with PPP. The purpose of the LAC was to allow a mobile device to emulate a dial-up client, connecting via the 3GPP packet core to a corporate LNS, thereby providing secure, private network access without requiring changes to the corporate firewall and authentication servers.

Its creation was motivated by the need for interworking and service continuity during the evolution from 2G/3G to all-IP cores. It addressed the limitation of early mobile data services, which lacked the sophisticated secure tunneling and authentication mechanisms required by enterprises. By implementing L2TP termination in the network, operators could offer a value-added 'mobile VPN' service. This technology bridged the gap between the evolving mobile packet core and the entrenched legacy remote access infrastructure, facilitating business adoption of mobile data. It provided a standardized method for tunneling and user session management that was independent of the underlying radio access technology (GERAN, UTRAN).

Key Features

• Terminates PPP sessions initiated by User Equipment (UE)
• Initiates and maintains L2TP tunnels towards an L2TP Network Server (LNS)
• Encapsulates and de-encapsulates PPP frames within L2TP tunnels
• Aggregates multiple user sessions into consolidated tunnels for network efficiency
• Proxies authentication (e.g., CHAP, PAP) between UE and the LNS/AAA server
• Enables secure access to corporate intranets and ISP services over mobile networks

Evolution Across Releases

Defining Specifications