LNS

L2TP Network Server

Core Network
Introduced in Rel-4
A network element that terminates L2TP tunnels from an L2TP Access Concentrator (LAC). It provides the interface between a 3GPP packet core network and an external IP network (e.g., the Internet or a corporate intranet) for user data traffic in early 3GPP architectures.

Description

The L2TP Network Server (LNS) is a critical node defined in early 3GPP packet-switched architectures, particularly for GPRS and UMTS, to facilitate interworking with external IP networks using the Layer 2 Tunneling Protocol (L2TP). It operates as the termination point of L2TP tunnels established from an L2TP Access Concentrator (LAC), which in the 3GPP context is typically the Gateway GPRS Support Node (GGSN). The LNS resides in the service provider's or an enterprise's private IP network. Its primary function is to de-encapsulate incoming L2TP frames from the tunnel, extract the user's PPP (Point-to-Point Protocol) session data, and route the IP packets onto the destination IP network. Conversely, for downlink traffic, it encapsulates IP packets within PPP and L2TP frames for transmission back through the tunnel to the user's device (UE).

Architecturally, the LNS sits at the boundary between the 3GPP mobile network and an external Packet Data Network (PDN). The data path involves the UE establishing a PDP Context with the GGSN. The GGSN, acting as a LAC, then initiates an L2TP tunnel to a pre-configured LNS. The user's data traffic is carried over a PPP session, which is itself carried inside the L2TP tunnel. This creates a virtual point-to-point link between the UE and the LNS, making the UE appear as if it is directly connected to the LNS's network. The LNS is responsible for PPP negotiation (like IP address assignment via IPCP), authentication (often using CHAP or PAP), and accounting for the subscriber's session.

Key components of the LNS functionality include the L2TP tunnel endpoint management, PPP session termination, IP routing, and often integrated AAA (Authentication, Authorization, and Accounting) client capabilities to interact with a RADIUS server. Its role was pivotal for enabling secure access to corporate intranets (a forerunner to modern VPNs) and for ISPs to provide Internet access to mobile subscribers. By terminating the L2TP/PPP session, the LNS assigns the UE an IP address from the corporate/ISP pool and becomes the default gateway for the UE's traffic into the external network. This model provided a clear demarcation and a standardized method (L2TP) for connecting mobile networks to external IP service networks before the widespread adoption of GTP-based S8/SGi interfaces and IPsec.

Purpose & Motivation

The LNS was created to solve the problem of securely and transparently connecting mobile subscribers to external IP networks, particularly corporate private networks, in the early days of mobile data (GPRS/UMTS). Prior to standardized tunneling, providing direct corporate access was complex and insecure. The purpose of the L2TP/LNS architecture was to leverage the well-established PPP and L2TP protocols from the IETF to create a virtual dial-up connection over the IP-based mobile core network.

This approach addressed several limitations. It allowed corporations to use their existing remote access infrastructure (LNS servers) to accept connections from mobile users without major changes. It provided a layer of authentication and authorization separate from the mobile network's HLR/AuC. Furthermore, it created a private tunnel for user data, offering a degree of confidentiality within the mobile operator's backbone. The LNS model was central to the 'Wireless WAN' or 'Mobile VPN' service offerings, enabling business users to access email and internal applications remotely.

The motivation for its specification in 3GPP Rel-4 was to provide a standardized interworking solution between 3GPP networks and external IP networks, ensuring multi-vendor interoperability for end-to-end data services. As 3GPP architectures evolved towards a pure IP model with GTP on the SGi interface and later with IPsec, the reliance on L2TP and the LNS diminished for general Internet access. However, the concept laid the groundwork for secure access to packet data networks and influenced later architectures like eVPN and IMS-based services. It represented a crucial bridging technology between legacy dial-up remote access and modern mobile broadband.

Key Features

  • Terminates L2TP tunnels initiated by the GGSN (acting as LAC)
  • Terminates PPP sessions from mobile users, handling IPCP negotiation and IP address assignment
  • Routes de-encapsulated user IP traffic to/from an external Packet Data Network (PDN)
  • Provides authentication, authorization, and accounting (AAA) interface, often via RADIUS
  • Enables secure access to corporate intranets (APN-based)
  • Defines a standardized interworking point between 3GPP mobile networks and external IP service networks

Evolution Across Releases

Rel-4 Initial

Initially specified as a key network element for interworking with external PDNs using L2TP. Defined the architectural role where the GGSN acts as an LAC to tunnel user PPP sessions to the LNS. This enabled corporate access and ISP internet access services over UMTS packet-switched networks.

TS 21.905TS 29.061TS 29.244TS 29.561

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905
TS 29.061 3GPP TS 29.061
TS 29.244 3GPP TS 29.244
TS 29.561 3GPP TS 29.561