diff options
author | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 |
---|---|---|
committer | Thomas Voss <mail@thomasvoss.com> | 2024-11-27 20:54:24 +0100 |
commit | 4bfd864f10b68b71482b35c818559068ef8d5797 (patch) | |
tree | e3989f47a7994642eb325063d46e8f08ffa681dc /doc/rfc/rfc2661.txt | |
parent | ea76e11061bda059ae9f9ad130a9895cc85607db (diff) |
doc: Add RFC documents
Diffstat (limited to 'doc/rfc/rfc2661.txt')
-rw-r--r-- | doc/rfc/rfc2661.txt | 4483 |
1 files changed, 4483 insertions, 0 deletions
diff --git a/doc/rfc/rfc2661.txt b/doc/rfc/rfc2661.txt new file mode 100644 index 0000000..78f01d7 --- /dev/null +++ b/doc/rfc/rfc2661.txt @@ -0,0 +1,4483 @@ + + + + + + +Network Working Group W. Townsley +Request for Comments: 2661 A. Valencia +Category: Standards Track cisco Systems + A. Rubens + Ascend Communications + G. Pall + G. Zorn + Microsoft Corporation + B. Palter + Redback Networks + August 1999 + + + Layer Two Tunneling Protocol "L2TP" + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (1999). All Rights Reserved. + +Abstract + + This document describes the Layer Two Tunneling Protocol (L2TP). STD + 51, RFC 1661 specifies multi-protocol access via PPP [RFC1661]. L2TP + facilitates the tunneling of PPP packets across an intervening + network in a way that is as transparent as possible to both end-users + and applications. + +Table of Contents + + 1.0 Introduction.......................................... 3 + 1.1 Specification of Requirements......................... 4 + 1.2 Terminology........................................... 4 + 2.0 Topology.............................................. 8 + 3.0 Protocol Overview..................................... 9 + 3.1 L2TP Header Format.................................... 9 + 3.2 Control Message Types................................. 11 + 4.0 Control Message Attribute Value Pairs................. 12 + 4.1 AVP Format............................................ 13 + 4.2 Mandatory AVPs........................................ 14 + 4.3 Hiding of AVP Attribute Values........................ 14 + + + +Townsley, et al. Standards Track [Page 1] + +RFC 2661 L2TP August 1999 + + + 4.4 AVP Summary........................................... 17 + 4.4.1 AVPs Applicable To All Control Messages.......... 17 + 4.4.2 Result and Error Codes........................... 18 + 4.4.3 Control Connection Management AVPs............... 20 + 4.4.4 Call Management AVPs............................. 27 + 4.4.5 Proxy LCP and Authentication AVPs................ 34 + 4.4.6 Call Status AVPs................................. 39 + 5.0 Protocol Operation.................................... 41 + 5.1 Control Connection Establishment...................... 41 + 5.1.1 Tunnel Authentication............................ 42 + 5.2 Session Establishment................................. 42 + 5.2.1 Incoming Call Establishment...................... 42 + 5.2.2 Outgoing Call Establishment...................... 43 + 5.3 Forwarding PPP Frames................................. 43 + 5.4 Using Sequence Numbers on the Data Channel............ 44 + 5.5 Keepalive (Hello)..................................... 44 + 5.6 Session Teardown...................................... 45 + 5.7 Control Connection Teardown........................... 45 + 5.8 Reliable Delivery of Control Messages................. 46 + 6.0 Control Connection Protocol Specification............. 48 + 6.1 Start-Control-Connection-Request (SCCRQ).............. 48 + 6.2 Start-Control-Connection-Reply (SCCRP)................ 48 + 6.3 Start-Control-Connection-Connected (SCCCN)............ 49 + 6.4 Stop-Control-Connection-Notification (StopCCN)........ 49 + 6.5 Hello (HELLO)......................................... 49 + 6.6 Incoming-Call-Request (ICRQ).......................... 50 + 6.7 Incoming-Call-Reply (ICRP)............................ 51 + 6.8 Incoming-Call-Connected (ICCN)........................ 51 + 6.9 Outgoing-Call-Request (OCRQ).......................... 52 + 6.10 Outgoing-Call-Reply (OCRP)........................... 53 + 6.11 Outgoing-Call-Connected (OCCN)....................... 53 + 6.12 Call-Disconnect-Notify (CDN)......................... 53 + 6.13 WAN-Error-Notify (WEN)............................... 54 + 6.14 Set-Link-Info (SLI).................................. 54 + 7.0 Control Connection State Machines..................... 54 + 7.1 Control Connection Protocol Operation................. 55 + 7.2 Control Connection States............................. 56 + 7.2.1 Control Connection Establishment................. 56 + 7.3 Timing considerations................................. 58 + 7.4 Incoming calls........................................ 58 + 7.4.1 LAC Incoming Call States......................... 60 + 7.4.2 LNS Incoming Call States......................... 62 + 7.5 Outgoing calls........................................ 63 + 7.5.1 LAC Outgoing Call States......................... 64 + 7.5.2 LNS Outgoing Call States......................... 66 + 7.6 Tunnel Disconnection.................................. 67 + 8.0 L2TP Over Specific Media.............................. 67 + 8.1 L2TP over UDP/IP...................................... 68 + + + +Townsley, et al. Standards Track [Page 2] + +RFC 2661 L2TP August 1999 + + + 8.2 IP.................................................... 69 + 9.0 Security Considerations............................... 69 + 9.1 Tunnel Endpoint Security.............................. 70 + 9.2 Packet Level Security................................. 70 + 9.3 End to End Security................................... 70 + 9.4 L2TP and IPsec........................................ 71 + 9.5 Proxy PPP Authentication.............................. 71 + 10.0 IANA Considerations.................................. 71 + 10.1 AVP Attributes....................................... 71 + 10.2 Message Type AVP Values.............................. 72 + 10.3 Result Code AVP Values............................... 72 + 10.3.1 Result Code Field Values........................ 72 + 10.3.2 Error Code Field Values......................... 72 + 10.4 Framing Capabilities & Bearer Capabilities........... 72 + 10.5 Proxy Authen Type AVP Values......................... 72 + 10.6 AVP Header Bits...................................... 73 + 11.0 References........................................... 73 + 12.0 Acknowledgments...................................... 74 + 13.0 Authors' Addresses................................... 75 + Appendix A: Control Channel Slow Start and Congestion + Avoidance..................................... 76 + Appendix B: Control Message Examples...................... 77 + Appendix C: Intellectual Property Notice.................. 79 + Full Copyright Statement.................................. 80 + +1.0 Introduction + + PPP [RFC1661] defines an encapsulation mechanism for transporting + multiprotocol packets across layer 2 (L2) point-to-point links. + Typically, a user obtains a L2 connection to a Network Access Server + (NAS) using one of a number of techniques (e.g., dialup POTS, ISDN, + ADSL, etc.) and then runs PPP over that connection. In such a + configuration, the L2 termination point and PPP session endpoint + reside on the same physical device (i.e., the NAS). + + L2TP extends the PPP model by allowing the L2 and PPP endpoints to + reside on different devices interconnected by a packet-switched + network. With L2TP, a user has an L2 connection to an access + concentrator (e.g., modem bank, ADSL DSLAM, etc.), and the + concentrator then tunnels individual PPP frames to the NAS. This + allows the actual processing of PPP packets to be divorced from the + termination of the L2 circuit. + + One obvious benefit of such a separation is that instead of requiring + the L2 connection terminate at the NAS (which may require a + long-distance toll charge), the connection may terminate at a (local) + circuit concentrator, which then extends the logical PPP session over + + + + +Townsley, et al. Standards Track [Page 3] + +RFC 2661 L2TP August 1999 + + + a shared infrastructure such as frame relay circuit or the Internet. + From the user's perspective, there is no functional difference between + having the L2 circuit terminate in a NAS directly or using L2TP. + + L2TP may also solve the multilink hunt-group splitting problem. + Multilink PPP [RFC1990] requires that all channels composing a + multilink bundle be grouped at a single Network Access Server (NAS). + Due to its ability to project a PPP session to a location other than + the point at which it was physically received, L2TP can be used to + make all channels terminate at a single NAS. This allows multilink + operation even when the calls are spread across distinct physical + NASs. + + This document defines the necessary control protocol for on-demand + creation of tunnels between two nodes and the accompanying + encapsulation for multiplexing multiple, tunneled PPP sessions. + +1.1 Specification of Requirements + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +1.2 Terminology + + Analog Channel + + A circuit-switched communication path which is intended to carry + 3.1 kHz audio in each direction. + + Attribute Value Pair (AVP) + + The variable length concatenation of a unique Attribute + (represented by an integer) and a Value containing the actual + value identified by the attribute. Multiple AVPs make up Control + Messages which are used in the establishment, maintenance, and + teardown of tunnels. + + Call + + A connection (or attempted connection) between a Remote System and + LAC. For example, a telephone call through the PSTN. A Call + (Incoming or Outgoing) which is successfully established between a + Remote System and LAC results in a corresponding L2TP Session + within a previously established Tunnel between the LAC and LNS. + (See also: Session, Incoming Call, Outgoing Call). + + + + + +Townsley, et al. Standards Track [Page 4] + +RFC 2661 L2TP August 1999 + + + Called Number + + An indication to the receiver of a call as to what telephone + number the caller used to reach it. + + Calling Number + + An indication to the receiver of a call as to the telephone number + of the caller. + + CHAP + + Challenge Handshake Authentication Protocol [RFC1994], a PPP + cryptographic challenge/response authentication protocol in which + the cleartext password is not passed over the line. + + Control Connection + + A control connection operates in-band over a tunnel to control the + establishment, release, and maintenance of sessions and of the + tunnel itself. + + Control Messages + + Control messages are exchanged between LAC and LNS pairs, + operating in-band within the tunnel protocol. Control messages + govern aspects of the tunnel and sessions within the tunnel. + + Digital Channel + + A circuit-switched communication path which is intended to carry + digital information in each direction. + + DSLAM + + Digital Subscriber Line (DSL) Access Module. A network device used + in the deployment of DSL service. This is typically a concentrator + of individual DSL lines located in a central office (CO) or local + exchange. + + Incoming Call + + A Call received at an LAC to be tunneled to an LNS (see Call, + Outgoing Call). + + + + + + + +Townsley, et al. Standards Track [Page 5] + +RFC 2661 L2TP August 1999 + + + L2TP Access Concentrator (LAC) + + A node that acts as one side of an L2TP tunnel endpoint and is a + peer to the L2TP Network Server (LNS). The LAC sits between an + LNS and a remote system and forwards packets to and from each. + Packets sent from the LAC to the LNS requires tunneling with the + L2TP protocol as defined in this document. The connection from + the LAC to the remote system is either local (see: Client LAC) or + a PPP link. + + L2TP Network Server (LNS) + + A node that acts as one side of an L2TP tunnel endpoint and is a + peer to the L2TP Access Concentrator (LAC). The LNS is the + logical termination point of a PPP session that is being tunneled + from the remote system by the LAC. + + Management Domain (MD) + + A network or networks under the control of a single + administration, policy or system. For example, an LNS's Management + Domain might be the corporate network it serves. An LAC's + Management Domain might be the Internet Service Provider that owns + and manages it. + + Network Access Server (NAS) + + A device providing local network access to users across a remote + access network such as the PSTN. An NAS may also serve as an LAC, + LNS or both. + + Outgoing Call + + A Call placed by an LAC on behalf of an LNS (see Call, Incoming + Call). + + Peer + + When used in context with L2TP, peer refers to either the LAC or + LNS. An LAC's Peer is an LNS and vice versa. When used in context + with PPP, a peer is either side of the PPP connection. + + POTS + + Plain Old Telephone Service. + + + + + + +Townsley, et al. Standards Track [Page 6] + +RFC 2661 L2TP August 1999 + + + Remote System + + An end-system or router attached to a remote access network (i.e. + a PSTN), which is either the initiator or recipient of a call. + Also referred to as a dial-up or virtual dial-up client. + + Session + + L2TP is connection-oriented. The LNS and LAC maintain state for + each Call that is initiated or answered by an LAC. An L2TP Session + is created between the LAC and LNS when an end-to-end PPP + connection is established between a Remote System and the LNS. + Datagrams related to the PPP connection are sent over the Tunnel + between the LAC and LNS. There is a one to one relationship + between established L2TP Sessions and their associated Calls. (See + also: Call). + + Tunnel + + A Tunnel exists between a LAC-LNS pair. The Tunnel consists of a + Control Connection and zero or more L2TP Sessions. The Tunnel + carries encapsulated PPP datagrams and Control Messages between + the LAC and the LNS. + + Zero-Length Body (ZLB) Message + + A control packet with only an L2TP header. ZLB messages are used + for explicitly acknowledging packets on the reliable control + channel. + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 7] + +RFC 2661 L2TP August 1999 + + +2.0 Topology + + The following diagram depicts a typical L2TP scenario. The goal is to + tunnel PPP frames between the Remote System or LAC Client and an LNS + located at a Home LAN. + + [Home LAN] + [LAC Client]----------+ | + ____|_____ +--[Host] + | | | + [LAC]---------| Internet |-----[LNS]-----+ + | |__________| | + _____|_____ : + | | + | PSTN | + [Remote]--| Cloud | + [System] | | [Home LAN] + |___________| | + | ______________ +---[Host] + | | | | + [LAC]-------| Frame Relay |---[LNS]-----+ + | or ATM Cloud | | + |______________| : + + The Remote System initiates a PPP connection across the PSTN Cloud to + an LAC. The LAC then tunnels the PPP connection across the Internet, + Frame Relay, or ATM Cloud to an LNS whereby access to a Home LAN is + obtained. The Remote System is provided addresses from the HOME LAN + + via PPP NCP negotiation. Authentication, Authorization and Accounting + may be provided by the Home LAN's Management Domain as if the user + were connected to a Network Access Server directly. + + A LAC Client (a Host which runs L2TP natively) may also participate + in tunneling to the Home LAN without use of a separate LAC. In this + case, the Host containing the LAC Client software already has a + connection to the public Internet. A "virtual" PPP connection is then + created and the local L2TP LAC Client software creates a tunnel to + the LNS. As in the above case, Addressing, Authentication, + Authorization and Accounting will be provided by the Home LAN's + Management Domain. + + + + + + + + + + +Townsley, et al. Standards Track [Page 8] + +RFC 2661 L2TP August 1999 + + +3.0 Protocol Overview + + L2TP utilizes two types of messages, control messages and data + messages. Control messages are used in the establishment, maintenance + and clearing of tunnels and calls. Data messages are used to + encapsulate PPP frames being carried over the tunnel. Control + messages utilize a reliable Control Channel within L2TP to guarantee + delivery (see section 5.1 for details). Data messages are not + retransmitted when packet loss occurs. + + +-------------------+ + | PPP Frames | + +-------------------+ +-----------------------+ + | L2TP Data Messages| | L2TP Control Messages | + +-------------------+ +-----------------------+ + | L2TP Data Channel | | L2TP Control Channel | + | (unreliable) | | (reliable) | + +------------------------------------------------+ + | Packet Transport (UDP, FR, ATM, etc.) | + +------------------------------------------------+ + + Figure 3.0 L2TP Protocol Structure + + Figure 3.0 depicts the relationship of PPP frames and Control + Messages over the L2TP Control and Data Channels. PPP Frames are + passed over an unreliable Data Channel encapsulated first by an L2TP + header and then a Packet Transport such as UDP, Frame Relay, ATM, + etc. Control messages are sent over a reliable L2TP Control Channel + which transmits packets in-band over the same Packet Transport. + + Sequence numbers are required to be present in all control messages + and are used to provide reliable delivery on the Control Channel. + Data Messages may use sequence numbers to reorder packets and detect + lost packets. + + All values are placed into their respective fields and sent in + network order (high order octets first). + +3.1 L2TP Header Format + + L2TP packets for the control channel and data channel share a common + header format. In each case where a field is optional, its space does + not exist in the message if the field is marked not present. Note + that while optional on data messages, the Length, Ns, and Nr fields + marked as optional below, are required to be present on all control + messages. + + + + + +Townsley, et al. Standards Track [Page 9] + +RFC 2661 L2TP August 1999 + + + This header is formatted: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |T|L|x|x|S|x|O|P|x|x|x|x| Ver | Length (opt) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Tunnel ID | Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Ns (opt) | Nr (opt) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Offset Size (opt) | Offset pad... (opt) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 3.1 L2TP Message Header + + The Type (T) bit indicates the type of message. It is set to 0 for a + data message and 1 for a control message. + + If the Length (L) bit is 1, the Length field is present. This bit + MUST be set to 1 for control messages. + + The x bits are reserved for future extensions. All reserved bits MUST + be set to 0 on outgoing messages and ignored on incoming messages. + + If the Sequence (S) bit is set to 1 the Ns and Nr fields are present. + The S bit MUST be set to 1 for control messages. + + If the Offset (O) bit is 1, the Offset Size field is present. The O + bit MUST be set to 0 (zero) for control messages. + + If the Priority (P) bit is 1, this data message should receive + preferential treatment in its local queuing and transmission. LCP + echo requests used as a keepalive for the link, for instance, should + generally be sent with this bit set to 1. Without it, a temporary + interval of local congestion could result in interference with + keepalive messages and unnecessary loss of the link. This feature is + only for use with data messages. The P bit MUST be set to 0 for all + control messages. + + Ver MUST be 2, indicating the version of the L2TP data message header + described in this document. The value 1 is reserved to permit + detection of L2F [RFC2341] packets should they arrive intermixed with + L2TP packets. Packets received with an unknown Ver field MUST be + discarded. + + The Length field indicates the total length of the message in octets. + + + + +Townsley, et al. Standards Track [Page 10] + +RFC 2661 L2TP August 1999 + + + Tunnel ID indicates the identifier for the control connection. L2TP + tunnels are named by identifiers that have local significance only. + That is, the same tunnel will be given different Tunnel IDs by each + end of the tunnel. Tunnel ID in each message is that of the intended + recipient, not the sender. Tunnel IDs are selected and exchanged as + Assigned Tunnel ID AVPs during the creation of a tunnel. + + Session ID indicates the identifier for a session within a tunnel. + L2TP sessions are named by identifiers that have local significance + only. That is, the same session will be given different Session IDs + by each end of the session. Session ID in each message is that of the + intended recipient, not the sender. Session IDs are selected and + exchanged as Assigned Session ID AVPs during the creation of a + session. + + Ns indicates the sequence number for this data or control message, + beginning at zero and incrementing by one (modulo 2**16) for each + message sent. See Section 5.8 and 5.4 for more information on using + this field. + + Nr indicates the sequence number expected in the next control message + to be received. Thus, Nr is set to the Ns of the last in-order + message received plus one (modulo 2**16). In data messages, Nr is + reserved and, if present (as indicated by the S-bit), MUST be ignored + upon receipt. See section 5.8 for more information on using this + field in control messages. + + The Offset Size field, if present, specifies the number of octets + past the L2TP header at which the payload data is expected to start. + Actual data within the offset padding is undefined. If the offset + field is present, the L2TP header ends after the last octet of the + offset padding. + +3.2 Control Message Types + + The Message Type AVP (see section 4.4.1) defines the specific type of + control message being sent. Recall from section 3.1 that this is only + for control messages, that is, messages with the T-bit set to 1. + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 11] + +RFC 2661 L2TP August 1999 + + + This document defines the following control message types (see + Section 6.1 through 6.14 for details on the construction and use of + each message): + + Control Connection Management + + 0 (reserved) + + 1 (SCCRQ) Start-Control-Connection-Request + 2 (SCCRP) Start-Control-Connection-Reply + 3 (SCCCN) Start-Control-Connection-Connected + 4 (StopCCN) Stop-Control-Connection-Notification + 5 (reserved) + 6 (HELLO) Hello + + Call Management + + 7 (OCRQ) Outgoing-Call-Request + 8 (OCRP) Outgoing-Call-Reply + 9 (OCCN) Outgoing-Call-Connected + 10 (ICRQ) Incoming-Call-Request + 11 (ICRP) Incoming-Call-Reply + 12 (ICCN) Incoming-Call-Connected + 13 (reserved) + 14 (CDN) Call-Disconnect-Notify + + Error Reporting + + 15 (WEN) WAN-Error-Notify + + PPP Session Control + + 16 (SLI) Set-Link-Info + +4.0 Control Message Attribute Value Pairs + + To maximize extensibility while still permitting interoperability, a + uniform method for encoding message types and bodies is used + throughout L2TP. This encoding will be termed AVP (Attribute-Value + Pair) in the remainder of this document. + + + + + + + + + + + +Townsley, et al. Standards Track [Page 12] + +RFC 2661 L2TP August 1999 + + +4.1 AVP Format + + Each AVP is encoded as: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |M|H| rsvd | Length | Vendor ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Attribute Type | Attribute Value... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + [until Length is reached]... | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The first six bits are a bit mask, describing the general attributes + of the AVP. + + Two bits are defined in this document, the remaining are reserved for + future extensions. Reserved bits MUST be set to 0. An AVP received + with a reserved bit set to 1 MUST be treated as an unrecognized AVP. + + Mandatory (M) bit: Controls the behavior required of an + implementation which receives an AVP which it does not recognize. If + the M bit is set on an unrecognized AVP within a message associated + with a particular session, the session associated with this message + MUST be terminated. If the M bit is set on an unrecognized AVP within + a message associated with the overall tunnel, the entire tunnel (and + all sessions within) MUST be terminated. If the M bit is not set, an + unrecognized AVP MUST be ignored. The control message must then + continue to be processed as if the AVP had not been present. + + Hidden (H) bit: Identifies the hiding of data in the Attribute Value + field of an AVP. This capability can be used to avoid the passing of + sensitive data, such as user passwords, as cleartext in an AVP. + Section 4.3 describes the procedure for performing AVP hiding. + + Length: Encodes the number of octets (including the Overall Length + and bitmask fields) contained in this AVP. The Length may be + calculated as 6 + the length of the Attribute Value field in octets. + The field itself is 10 bits, permitting a maximum of 1023 octets of + data in a single AVP. The minimum Length of an AVP is 6. If the + length is 6, then the Attribute Value field is absent. + + Vendor ID: The IANA assigned "SMI Network Management Private + Enterprise Codes" [RFC1700] value. The value 0, corresponding to + IETF adopted attribute values, is used for all AVPs defined within + this document. Any vendor wishing to implement their own L2TP + extensions can use their own Vendor ID along with private Attribute + + + +Townsley, et al. Standards Track [Page 13] + +RFC 2661 L2TP August 1999 + + + values, guaranteeing that they will not collide with any other + vendor's extensions, nor with future IETF extensions. Note that there + are 16 bits allocated for the Vendor ID, thus limiting this feature + to the first 65,535 enterprises. + + Attribute Type: A 2 octet value with a unique interpretation across + all AVPs defined under a given Vendor ID. + + Attribute Value: This is the actual value as indicated by the Vendor + ID and Attribute Type. It follows immediately after the Attribute + Type field, and runs for the remaining octets indicated in the Length + (i.e., Length minus 6 octets of header). This field is absent if the + Length is 6. + +4.2 Mandatory AVPs + + Receipt of an unknown AVP that has the M-bit set is catastrophic to + the session or tunnel it is associated with. Thus, the M bit should + only be defined for AVPs which are absolutely crucial to proper + operation of the session or tunnel. Further, in the case where the + LAC or LNS receives an unknown AVP with the M-bit set and shuts down + the session or tunnel accordingly, it is the full responsibility of + the peer sending the Mandatory AVP to accept fault for causing an + non-interoperable situation. Before defining an AVP with the M-bit + set, particularly a vendor-specific AVP, be sure that this is the + intended consequence. + + When an adequate alternative exists to use of the M-bit, it should be + utilized. For example, rather than simply sending an AVP with the M- + bit set to determine if a specific extension exists, availability may + be identified by sending an AVP in a request message and expecting a + corresponding AVP in a reply message. + + Use of the M-bit with new AVPs (those not defined in this document) + MUST provide the ability to configure the associated feature off, + such that the AVP is either not sent, or sent with the M-bit not set. + +4.3 Hiding of AVP Attribute Values + + The H bit in the header of each AVP provides a mechanism to indicate + to the receiving peer whether the contents of the AVP are hidden or + present in cleartext. This feature can be used to hide sensitive + control message data such as user passwords or user IDs. + + The H bit MUST only be set if a shared secret exists between the LAC + and LNS. The shared secret is the same secret that is used for tunnel + authentication (see Section 5.1.1). If the H bit is set in any + + + + +Townsley, et al. Standards Track [Page 14] + +RFC 2661 L2TP August 1999 + + + AVP(s) in a given control message, a Random Vector AVP must also be + present in the message and MUST precede the first AVP having an H bit + of 1. + + Hiding an AVP value is done in several steps. The first step is to + take the length and value fields of the original (cleartext) AVP and + encode them into a Hidden AVP Subformat as follows: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Length of Original Value | Original Attribute Value ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... | Padding ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Length of Original Attribute Value: This is length of the Original + Attribute Value to be obscured in octets. This is necessary to + determine the original length of the Attribute Value which is lost + when the additional Padding is added. + + Original Attribute Value: Attribute Value that is to be obscured. + + Padding: Random additional octets used to obscure length of the + Attribute Value that is being hidden. + + To mask the size of the data being hidden, the resulting subformat + MAY be padded as shown above. Padding does NOT alter the value placed + in the Length of Original Attribute Value field, but does alter the + length of the resultant AVP that is being created. For example, If an + Attribute Value to be hidden is 4 octets in length, the unhidden AVP + length would be 10 octets (6 + Attribute Value length). After hiding, + the length of the AVP will become 6 + Attribute Value length + size + of the Length of Original Attribute Value field + Padding. Thus, if + Padding is 12 octets, the AVP length will be 6 + 4 + 2 + 12 = 24 + octets. + + Next, An MD5 hash is performed on the concatenation of: + + + the 2 octet Attribute number of the AVP + + the shared secret + + an arbitrary length random vector + + The value of the random vector used in this hash is passed in the + value field of a Random Vector AVP. This Random Vector AVP must be + placed in the message by the sender before any hidden AVPs. The same + random vector may be used for more than one hidden AVP in the same + + + + +Townsley, et al. Standards Track [Page 15] + +RFC 2661 L2TP August 1999 + + + message. If a different random vector is used for the hiding of + subsequent AVPs then a new Random Vector AVP must be placed in the + command message before the first AVP to which it applies. + + The MD5 hash value is then XORed with the first 16 octet (or less) + segment of the Hidden AVP Subformat and placed in the Attribute Value + field of the Hidden AVP. If the Hidden AVP Subformat is less than 16 + octets, the Subformat is transformed as if the Attribute Value field + had been padded to 16 octets before the XOR, but only the actual + octets present in the Subformat are modified, and the length of the + AVP is not altered. + + If the Subformat is longer than 16 octets, a second one-way MD5 hash + is calculated over a stream of octets consisting of the shared secret + followed by the result of the first XOR. That hash is XORed with the + second 16 octet (or less) segment of the Subformat and placed in the + corresponding octets of the Value field of the Hidden AVP. + + If necessary, this operation is repeated, with the shared secret used + along with each XOR result to generate the next hash to XOR the next + segment of the value with. + + The hiding method was adapted from RFC 2138 [RFC2138] which was taken + from the "Mixing in the Plaintext" section in the book "Network + Security" by Kaufman, Perlman and Speciner [KPS]. A detailed + explanation of the method follows: + + Call the shared secret S, the Random Vector RV, and the Attribute + Value AV. Break the value field into 16-octet chunks p1, p2, etc. + with the last one padded at the end with random data to a 16-octet + boundary. Call the ciphertext blocks c(1), c(2), etc. We will also + define intermediate values b1, b2, etc. + + b1 = MD5(AV + S + RV) c(1) = p1 xor b1 + b2 = MD5(S + c(1)) c(2) = p2 xor b2 + . . + . . + . . + bi = MD5(S + c(i-1)) c(i) = pi xor bi + + The String will contain c(1)+c(2)+...+c(i) where + denotes + concatenation. + + On receipt, the random vector is taken from the last Random Vector + AVP encountered in the message prior to the AVP to be unhidden. The + above process is then reversed to yield the original value. + + + + + +Townsley, et al. Standards Track [Page 16] + +RFC 2661 L2TP August 1999 + + +4.4 AVP Summary + + The following sections contain a list of all L2TP AVPs defined in + this document. + + Following the name of the AVP is a list indicating the message types + that utilize each AVP. After each AVP title follows a short + description of the purpose of the AVP, a detail (including a graphic) + of the format for the Attribute Value, and any additional information + needed for proper use of the avp. + +4.4.1 AVPs Applicable To All Control Messages + + Message Type (All Messages) + + The Message Type AVP, Attribute Type 0, identifies the control + message herein and defines the context in which the exact meaning + of the following AVPs will be determined. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Message Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Message Type is a 2 octet unsigned integer. + + The Message Type AVP MUST be the first AVP in a message, + immediately following the control message header (defined in + section 3.1). See Section 3.2 for the list of defined control + message types and their identifiers. + + The Mandatory (M) bit within the Message Type AVP has special + meaning. Rather than an indication as to whether the AVP itself + should be ignored if not recognized, it is an indication as to + whether the control message itself should be ignored. Thus, if the + M-bit is set within the Message Type AVP and the Message Type is + unknown to the implementation, the tunnel MUST be cleared. If the + M-bit is not set, then the implementation may ignore an unknown + message type. The M-bit MUST be set to 1 for all message types + defined in this document. This AVP may not be hidden (the H-bit + MUST be 0). The Length of this AVP is 8. + + + + + + + +Townsley, et al. Standards Track [Page 17] + +RFC 2661 L2TP August 1999 + + + Random Vector (All Messages) + + The Random Vector AVP, Attribute Type 36, is used to enable the + hiding of the Attribute Value of arbitrary AVPs. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Random Octet String ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Random Octet String may be of arbitrary length, although a + random vector of at least 16 octets is recommended. The string + contains the random vector for use in computing the MD5 hash to + retrieve or hide the Attribute Value of a hidden AVP (see Section + 4.2). + + More than one Random Vector AVP may appear in a message, in which + case a hidden AVP uses the Random Vector AVP most closely + preceding it. This AVP MUST precede the first AVP with the H bit + set. + + The M-bit for this AVP MUST be set to 1. This AVP MUST NOT be + hidden (the H-bit MUST be 0). The Length of this AVP is 6 plus the + length of the Random Octet String. + +4.4.2 Result and Error Codes + + Result Code (CDN, StopCCN) + + The Result Code AVP, Attribute Type 1, indicates the reason for + terminating the control channel or session. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Result Code | Error Code (opt) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Error Message (opt) ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Result Code is a 2 octet unsigned integer. The optional Error + Code is a 2 octet unsigned integer. An optional Error Message can + follow the Error Code field. Presence of the Error Code and + + + +Townsley, et al. Standards Track [Page 18] + +RFC 2661 L2TP August 1999 + + + Message are indicated by the AVP Length field. The Error Message + contains an arbitrary string providing further (human readable) + text associated with the condition. Human readable text in all + error messages MUST be provided in the UTF-8 charset using the + Default Language [RFC2277]. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length is 8 if there is no Error + Code or Message, 10 if there is an Error Code and no Error Message + or 10 + the length of the Error Message if there is an Error Code + and Message. + + Defined Result Code values for the StopCCN message are: + + 0 - Reserved + 1 - General request to clear control connection + 2 - General error--Error Code indicates the problem + 3 - Control channel already exists + 4 - Requester is not authorized to establish a control + channel + 5 - The protocol version of the requester is not + supported + Error Code indicates highest version supported + 6 - Requester is being shut down + 7 - Finite State Machine error + + Defined Result Code values for the CDN message are: + + 0 - Reserved + 1 - Call disconnected due to loss of carrier + 2 - Call disconnected for the reason indicated + in error code + 3 - Call disconnected for administrative reasons + 4 - Call failed due to lack of appropriate facilities + being available (temporary condition) + 5 - Call failed due to lack of appropriate facilities being + available (permanent condition) + 6 - Invalid destination + 7 - Call failed due to no carrier detected + 8 - Call failed due to detection of a busy signal + 9 - Call failed due to lack of a dial tone + 10 - Call was not established within time allotted by LAC + 11 - Call was connected but no appropriate framing was + detected + + The Error Codes defined below pertain to types of errors that are + not specific to any particular L2TP request, but rather to + protocol or message format errors. If an L2TP reply indicates in + + + +Townsley, et al. Standards Track [Page 19] + +RFC 2661 L2TP August 1999 + + + its Result Code that a general error occurred, the General Error + value should be examined to determine what the error was. The + currently defined General Error codes and their meanings are: + + 0 - No general error + 1 - No control connection exists yet for this LAC-LNS pair + 2 - Length is wrong + 3 - One of the field values was out of range or + reserved field was non-zero + 4 - Insufficient resources to handle this operation now + 5 - The Session ID is invalid in this context + 6 - A generic vendor-specific error occurred in the LAC + 7 - Try another. If LAC is aware of other possible LNS + destinations, it should try one of them. This can be + used to guide an LAC based on LNS policy, for instance, + the existence of multilink PPP bundles. + 8 - Session or tunnel was shutdown due to receipt of an unknown + AVP with the M-bit set (see section 4.2). The Error Message + SHOULD contain the attribute of the offending AVP in (human + readable) text form. + + When a General Error Code of 6 is used, additional information + about the error SHOULD be included in the Error Message field. + +4.4.3 Control Connection Management AVPs + + Protocol Version (SCCRP, SCCRQ) + + The Protocol Version AVP, Attribute Type 2, indicates the L2TP + protocol version of the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Ver | Rev | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Ver field is a 1 octet unsigned integer containing the value + 1. Rev field is a 1 octet unsigned integer containing 0. This + pertains to L2TP protocol version 1, revision 0. Note this is not + the same version number that is included in the header of each + message. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 8. + + + + +Townsley, et al. Standards Track [Page 20] + +RFC 2661 L2TP August 1999 + + + Framing Capabilities (SCCRP, SCCRQ) + + The Framing Capabilities AVP, Attribute Type 3, provides the peer + with an indication of the types of framing that will be accepted + or requested by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future framing type definitions |A|S| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Attribute Value field is a 32-bit mask, with two bits defined. + If bit A is set, asynchronous framing is supported. If bit S is + set, synchronous framing is supported. + + A peer MUST NOT request an incoming or outgoing call with a + Framing Type AVP specifying a value not advertised in the Framing + Capabilities AVP it received during control connection + establishment. Attempts to do so will result in the call being + rejected. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) is 10. + + Bearer Capabilities (SCCRP, SCCRQ) + + The Bearer Capabilities AVP, Attribute Type 4, provides the peer + with an indication of the bearer device types supported by the + hardware interfaces of the sender for outgoing calls. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future bearer type definitions |A|D| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + This is a 32-bit mask, with two bits defined. If bit A is set, + analog access is supported. If bit D is set, digital access is + supported. + + + + + + + +Townsley, et al. Standards Track [Page 21] + +RFC 2661 L2TP August 1999 + + + An LNS should not request an outgoing call specifying a value in + the Bearer Type AVP for a device type not advertised in the Bearer + Capabilities AVP it received from the LAC during control + connection establishment. Attempts to do so will result in the + call being rejected. + + This AVP MUST be present if the sender can place outgoing calls + when requested. + + Note that an LNS that cannot act as an LAC as well will not + support hardware devices for handling incoming and outgoing calls + and should therefore set the A and D bits of this AVP to 0, or + should not send the AVP at all. An LNS that can also act as an LAC + and place outgoing calls should set A or D as appropriate. + Presence of this message is not a guarantee that a given outgoing + call will be placed by the sender if requested, just that the + physical capability exists. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) is 10. + + Tie Breaker (SCCRQ) + + The Tie Breaker AVP, Attribute Type 5, indicates that the sender + wishes a single tunnel to exist between the given LAC-LNS pair. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Tie Break Value... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ...(64 bits) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Tie Breaker Value is an 8 octet value that is used to choose a + single tunnel where both LAC and LNS request a tunnel + concurrently. The recipient of a SCCRQ must check to see if a + SCCRQ has been sent to the peer, and if so, must compare its Tie + Breaker value with the received one. The lower value "wins", and + the "loser" MUST silently discard its tunnel. In the case where a + tie breaker is present on both sides, and the value is equal, both + sides MUST discard their tunnels. + + + + + + + +Townsley, et al. Standards Track [Page 22] + +RFC 2661 L2TP August 1999 + + + If a tie breaker is received, and an outstanding SCCRQ had no tie + breaker value, the initiator which included the Tie Breaker AVP + "wins". If neither side issues a tie breaker, then two separate + tunnels are opened. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 0. The Length of this AVP is 14. + + Firmware Revision (SCCRP, SCCRQ) + + The Firmware Revision AVP, Attribute Type 6, indicates the + firmware revision of the issuing device. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Firmware Revision | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Firmware Revision is a 2 octet unsigned integer encoded in a + vendor specific format. + + For devices which do not have a firmware revision (general purpose + computers running L2TP software modules, for instance), the + revision of the L2TP software module may be reported instead. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) is 8. + + Host Name (SCCRP, SCCRQ) + + The Host Name AVP, Attribute Type 7, indicates the name of the + issuing LAC or LNS. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Host Name ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Host Name is of arbitrary length, but MUST be at least 1 + octet. + + + + + +Townsley, et al. Standards Track [Page 23] + +RFC 2661 L2TP August 1999 + + + This name should be as broadly unique as possible; for hosts + participating in DNS [RFC1034], a hostname with fully qualified + domain would be appropriate. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 6 plus the + length of the Host Name. + + Vendor Name (SCCRP, SCCRQ) + + The Vendor Name AVP, Attribute Type 8, contains a vendor specific + (possibly human readable) string describing the type of LAC or LNS + being used. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Vendor Name ...(arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Vendor Name is the indicated number of octets representing the + vendor string. Human readable text for this AVP MUST be provided + in the UTF-8 charset using the Default Language [RFC2277]. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the Vendor Name. + + Assigned Tunnel ID (SCCRP, SCCRQ, StopCCN) + + The Assigned Tunnel ID AVP, Attribute Type 9, encodes the ID being + assigned to this tunnel by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assigned Tunnel ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Assigned Tunnel ID is a 2 octet non-zero unsigned integer. + + The Assigned Tunnel ID AVP establishes a value used to multiplex + and demultiplex multiple tunnels between the LNS and LAC. The L2TP + peer MUST place this value in the Tunnel ID header field of all + + + +Townsley, et al. Standards Track [Page 24] + +RFC 2661 L2TP August 1999 + + + control and data messages that it subsequently transmits over the + associated tunnel. Before the Assigned Tunnel ID AVP is received + from a peer, messages MUST be sent to that peer with a Tunnel ID + value of 0 in the header of all control messages. + + In the StopCCN control message, the Assigned Tunnel ID AVP MUST be + the same as the Assigned Tunnel ID AVP first sent to the receiving + peer, permitting the peer to identify the appropriate tunnel even + if a StopCCN is sent before an Assigned Tunnel ID AVP is received. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 8. + + Receive Window Size (SCCRQ, SCCRP) + + The Receive Window Size AVP, Attribute Type 10, specifies the + receive window size being offered to the remote peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Window Size | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Window Size is a 2 octet unsigned integer. + + If absent, the peer must assume a Window Size of 4 for its + transmit window. The remote peer may send the specified number of + control messages before it must wait for an acknowledgment. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 8. + + Challenge (SCCRP, SCCRQ) + + The Challenge AVP, Attribute Type 11, indicates that the issuing + peer wishes to authenticate the tunnel endpoints using a CHAP- + style authentication mechanism. + + + + + + + + + + +Townsley, et al. Standards Track [Page 25] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Challenge ... (arbitrary number of octets) + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Challenge is one or more octets of random data. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Challenge. + + Challenge Response (SCCCN, SCCRP) + + The Response AVP, Attribute Type 13, provides a response to a + challenge received. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Response ... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ... (16 octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Response is a 16 octet value reflecting the CHAP-style + [RFC1994] response to the challenge. + + This AVP MUST be present in an SCCRP or SCCCN if a challenge was + received in the preceding SCCRQ or SCCRP. For purposes of the ID + value in the CHAP response calculation, the value of the Message + Type AVP for this message is used (e.g. 2 for an SCCRP, and 3 for + an SCCCN). + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 22. + + + + + + +Townsley, et al. Standards Track [Page 26] + +RFC 2661 L2TP August 1999 + + +4.4.4 Call Management AVPs + + Q.931 Cause Code (CDN) + + The Q.931 Cause Code AVP, Attribute Type 12, is used to give + additional information in case of unsolicited call disconnection. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Cause Code | Cause Msg | Advisory Msg... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Cause Code is the returned Q.931 Cause code, and Cause Msg is the + returned Q.931 message code (e.g., DISCONNECT) associated with the + Cause Code. Both values are returned in their native ITU + encodings [DSS1]. An additional ASCII text Advisory Message may + also be included (presence indicated by the AVP Length) to further + explain the reason for disconnecting. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 9, plus the + size of the Advisory Message. + + Assigned Session ID (CDN, ICRP, ICRQ, OCRP, OCRQ) + + The Assigned Session ID AVP, Attribute Type 14, encodes the ID + being assigned to this session by the sender. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Assigned Session ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Assigned Session ID is a 2 octet non-zero unsigned integer. + + The Assigned Session ID AVP is establishes a value used to + multiplex and demultiplex data sent over a tunnel between the LNS + and LAC. The L2TP peer MUST place this value in the Session ID + header field of all control and data messages that it subsequently + transmits over the tunnel that belong to this session. Before the + + + + + +Townsley, et al. Standards Track [Page 27] + +RFC 2661 L2TP August 1999 + + + Assigned Session ID AVP is received from a peer, messages MUST be + sent to that peer with a Session ID of 0 in the header of all + control messages. + + In the CDN control message, the same Assigned Session ID AVP first + sent to the receiving peer is used, permitting the peer to + identify the appropriate tunnel even if CDN is sent before an + Assigned Session ID is received. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 8. + + Call Serial Number (ICRQ, OCRQ) + + The Call Serial Number AVP, Attribute Type 15, encodes an + identifier assigned by the LAC or LNS to this call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Call Serial Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Call Serial Number is a 32 bit value. + + The Call Serial Number is intended to be an easy reference for + administrators on both ends of a tunnel to use when investigating + call failure problems. Call Serial Numbers should be set to + progressively increasing values, which are likely to be unique for + a significant period of time across all interconnected LNSs and + LACs. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Minimum BPS (OCRQ) + + The Minimum BPS AVP, Attribute Type 16, encodes the lowest + acceptable line speed for this call. + + + + + + + + +Townsley, et al. Standards Track [Page 28] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Minimum BPS | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Minimum BPS is a 32 bit value indicates the speed in bits per + second. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Maximum BPS (OCRQ) + + The Maximum BPS AVP, Attribute Type 17, encodes the highest + acceptable line speed for this call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Maximum BPS | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Maximum BPS is a 32 bit value indicates the speed in bits per + second. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Bearer Type (ICRQ, OCRQ) + + The Bearer Type AVP, Attribute Type 18, encodes the bearer type + for the incoming or outgoing call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future Bearer Types |A|D| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Townsley, et al. Standards Track [Page 29] + +RFC 2661 L2TP August 1999 + + + The Bearer Type is a 32-bit bit mask, which indicates the bearer + capability of the call (ICRQ) or required for the call (OCRQ). If + set, bit A indicates that the call refers to an analog channel. If + set, bit D indicates that the call refers to a digital channel. + Both may be set, indicating that the call was either + indistinguishable, or can be placed on either type of channel. + + Bits in the Value field of this AVP MUST only be set by the LNS + for an OCRQ if it was set in the Bearer Capabilities AVP received + from the LAC during control connection establishment. + + It is valid to set neither the A nor D bits in an ICRQ. Such a + setting may indicate that the call was not received over a + physical link (e.g if the LAC and PPP are located in the same + subsystem). + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Framing Type (ICCN, OCCN, OCRQ) + + The Framing Type AVP, Attribute Type 19, encodes the framing type + for the incoming or outgoing call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved for future Framing Types |A|S| + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Framing Type is a 32-bit mask, which indicates the type of PPP + framing requested for an OCRQ, or the type of PPP framing + negotiated for an OCCN or ICCN. The framing type MAY be used as an + indication to PPP on the LNS as to what link options to use for + LCP negotiation [RFC1662]. + + Bit A indicates asynchronous framing. Bit S indicates synchronous + framing. For an OCRQ, both may be set, indicating that either type + of framing may be used. + + Bits in the Value field of this AVP MUST only be set by the LNS + for an OCRQ if it was set in the Framing Capabilities AVP received + from the LAC during control connection establishment. + + + + + +Townsley, et al. Standards Track [Page 30] + +RFC 2661 L2TP August 1999 + + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + Called Number (ICRQ, OCRQ) + + The Called Number AVP, Attribute Type 21, encodes the telephone + number to be called for an OCRQ, and the Called number for an + ICRQ. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Called Number... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Called Number is an ASCII string. Contact between the + administrator of the LAC and the LNS may be necessary to + coordinate interpretation of the value needed in this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Called Number. + + Calling Number (ICRQ) + + The Calling Number AVP, Attribute Type 22, encodes the originating + number for the incoming call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Calling Number... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Calling Number is an ASCII string. Contact between the + administrator of the LAC and the LNS may be necessary to + coordinate interpretation of the value in this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Calling Number. + + + + + +Townsley, et al. Standards Track [Page 31] + +RFC 2661 L2TP August 1999 + + + Sub-Address (ICRQ, OCRQ) + + The Sub-Address AVP, Attribute Type 23, encodes additional dialing + information. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sub-Address ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Sub-Address is an ASCII string. Contact between the + administrator of the LAC and the LNS may be necessary to + coordinate interpretation of the value in this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 6 plus the length of the Sub-Address. + + (Tx) Connect Speed (ICCN, OCCN) + + The (Tx) Connect Speed BPS AVP, Attribute Type 24, encodes the + speed of the facility chosen for the connection attempt. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | BPS | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The (Tx) Connect Speed BPS is a 4 octet value indicating the speed + in bits per second. + + When the optional Rx Connect Speed AVP is present, the value in + this AVP represents the transmit connect speed, from the + perspective of the LAC (e.g. data flowing from the LAC to the + remote system). When the optional Rx Connect Speed AVP is NOT + present, the connection speed between the remote system and LAC is + assumed to be symmetric and is represented by the single value in + this AVP. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 10. + + + +Townsley, et al. Standards Track [Page 32] + +RFC 2661 L2TP August 1999 + + + Rx Connect Speed (ICCN, OCCN) + + The Rx Connect Speed AVP, Attribute Type 38, represents the speed + of the connection from the perspective of the LAC (e.g. data + flowing from the remote system to the LAC). + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | BPS (H) | BPS (L) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + BPS is a 4 octet value indicating the speed in bits per second. + + Presence of this AVP implies that the connection speed may be + asymmetric with respect to the transmit connect speed given in the + (Tx) Connect Speed AVP. + + This AVP may be hidden (the H-bit MAY be 1 or 0). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 10. + + Physical Channel ID (ICRQ, OCRP) + + The Physical Channel ID AVP, Attribute Type 25, encodes the vendor + specific physical channel number used for a call. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Physical Channel ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Physical Channel ID is a 4 octet value intended to be used for + logging purposes only. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 10. + + + + + + + + +Townsley, et al. Standards Track [Page 33] + +RFC 2661 L2TP August 1999 + + + Private Group ID (ICCN) + + The Private Group ID AVP, Attribute Type 37, is used by the LAC to + indicate that this call is to be associated with a particular + customer group. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Private Group ID ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Private Group ID is a string of octets of arbitrary length. + + The LNS MAY treat the PPP session as well as network traffic + through this session in a special manner determined by the peer. + For example, if the LNS is individually connected to several + private networks using unregistered addresses, this AVP may be + included by the LAC to indicate that a given call should be + associated with one of the private networks. + + The Private Group ID is a string corresponding to a table in the + LNS that defines the particular characteristics of the selected + group. A LAC MAY determine the Private Group ID from a RADIUS + response, local configuration, or some other source. + + This AVP may be hidden (the H-bit MAY be 1 or 0). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the Private Group ID. + + Sequencing Required (ICCN, OCCN) + + The Sequencing Required AVP, Attribute Type 39, indicates to the + LNS that Sequence Numbers MUST always be present on the data + channel. + + This AVP has no Attribute Value field. + + This AVP MUST NOT be hidden (the H-bit MUST be 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 6. + +4.4.5 Proxy LCP and Authentication AVPs + + The LAC may have answered the call and negotiated LCP with the + remote system, perhaps in order to establish the system's apparent + identity. In this case, these AVPs may be included to indicate the + + + +Townsley, et al. Standards Track [Page 34] + +RFC 2661 L2TP August 1999 + + + link properties the remote system initially requested, properties + the remote system and LAC ultimately negotiated, as well as PPP + authentication information sent and received by the LAC. This + information may be used to initiate the PPP LCP and authentication + systems on the LNS, allowing PPP to continue without renegotiation + of LCP. Note that the LNS policy may be to enter an additional + round of LCP negotiation and/or authentication if the LAC is not + trusted. + + Initial Received LCP CONFREQ (ICCN) + + In the Initial Received LCP CONFREQ AVP, Attribute Type 26, + provides the LNS with the Initial CONFREQ received by the LAC from + the PPP Peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | LCP CONFREQ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + LCP CONFREQ is a copy of the body of the initial CONFREQ received, + starting at the first option within the body of the LCP message. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the CONFREQ. + + Last Sent LCP CONFREQ (ICCN) + + In the Last Sent LCP CONFREQ AVP, Attribute Type 27, provides the + LNS with the Last CONFREQ sent by the LAC to the PPP Peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | LCP CONFREQ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The LCP CONFREQ is a copy of the body of the final CONFREQ sent to + the client to complete LCP negotiation, starting at the first + option within the body of the LCP message. + + + + + +Townsley, et al. Standards Track [Page 35] + +RFC 2661 L2TP August 1999 + + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the CONFREQ. + + Last Received LCP CONFREQ (ICCN) + + The Last Received LCP CONFREQ AVP, Attribute Type 28, provides the + LNS with the Last CONFREQ received by the LAC from the PPP Peer. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | LCP CONFREQ... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The LCP CONFREQ is a copy of the body of the final CONFREQ + received from the client to complete LCP negotiation, starting at + the first option within the body of the LCP message. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the CONFREQ. + + Proxy Authen Type (ICCN) + + The Proxy Authen Type AVP, Attribute Type 29, determines if proxy + authentication should be used. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Authen Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Authen Type is a 2 octet unsigned integer, holding: + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 8. + + + + + + + + +Townsley, et al. Standards Track [Page 36] + +RFC 2661 L2TP August 1999 + + + Defined Authen Type values are: + 0 - Reserved + 1 - Textual username/password exchange + 2 - PPP CHAP + 3 - PPP PAP + 4 - No Authentication + 5 - Microsoft CHAP Version 1 (MSCHAPv1) + + This AVP MUST be present if proxy authentication is to be + utilized. If it is not present, then it is assumed that this + peer cannot perform proxy authentication, requiring + a restart of the authentication phase at the LNS if the client + has already entered this phase with the + LAC (which may be determined by the Proxy LCP AVP if present). + + Associated AVPs for each type of authentication follow. + + Proxy Authen Name (ICCN) + + The Proxy Authen Name AVP, Attribute Type 30, specifies the name + of the authenticating client when using proxy authentication. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Authen Name... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Authen Name is a string of octets of arbitrary length. It + contains the name specified in the client's authentication + response. + + This AVP MUST be present in messages containing a Proxy Authen + Type AVP with an Authen Type of 1, 2, 3 or 5. It may be desirable + to employ AVP hiding for obscuring the cleartext name. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) is 6 plus + the length of the cleartext name. + + Proxy Authen Challenge (ICCN) + + The Proxy Authen Challenge AVP, Attribute Type 31, specifies the + challenge sent by the LAC to the PPP Peer, when using proxy + authentication. + + + + +Townsley, et al. Standards Track [Page 37] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Challenge... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Challenge is a string of one or more octets. + + This AVP MUST be present for Proxy Authen Types 2 and 5. The + Challenge field contains the CHAP challenge presented to the + client by the LAC. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6, plus the length of the Challenge. + + Proxy Authen ID (ICCN) + + The Proxy Authen ID AVP, Attribute Type 32, specifies the ID value + of the PPP Authentication that was started between the LAC and the + PPP Peer, when proxy authentication is being used. + + The Attribute Value field for this AVP has the following format: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | ID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + ID is a 2 octet unsigned integer, the most significant octet MUST + be 0. + + The Proxy Authen ID AVP MUST be present for Proxy authen types 2, + 3 and 5. For 2 and 5, the ID field contains the byte ID value + presented to the client by the LAC in its Challenge. For 3, it is + the Identifier value of the Authenticate-Request. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. + + Proxy Authen Response (ICCN) + + The Proxy Authen Response AVP, Attribute Type 33, specifies the + PPP Authentication response received by the LAC from the PPP Peer, + when proxy authentication is used. + + + +Townsley, et al. Standards Track [Page 38] + +RFC 2661 L2TP August 1999 + + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Response... (arbitrary number of octets) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + The Response is a string of octets. + + This AVP MUST be present for Proxy authen types 1, 2, 3 and 5. The + Response field contains the client's response to the challenge. + For Proxy authen types 2 and 5, this field contains the response + value received by the LAC. For types 1 or 3, it contains the clear + text password received from the client by the LAC. In the case of + cleartext passwords, AVP hiding is recommended. + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 0. The Length (before hiding) of this AVP + is 6 plus the length of the Response. + +4.4.6 Call Status AVPs + + Call Errors (WEN) + + The Call Errors AVP, Attribute Type 34, is used by the LAC to send + error information to the LNS. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | CRC Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | CRC Errors (L) | Framing Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Framing Errors (L) | Hardware Overruns (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Hardware Overruns (L) | Buffer Overruns (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Buffer Overruns (L) | Time-out Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Time-out Errors (L) | Alignment Errors (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Alignment Errors (L) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + + +Townsley, et al. Standards Track [Page 39] + +RFC 2661 L2TP August 1999 + + + The following fields are defined: + + Reserved - Not used, MUST be 0 + CRC Errors - Number of PPP frames received with CRC errors + since call was established + Framing Errors - Number of improperly framed PPP packets + received + Hardware Overruns - Number of receive buffer over-runs since + call was established + Buffer Overruns - Number of buffer over-runs detected since + call was established + Time-out Errors - Number of time-outs since call was + established + Alignment Errors - Number of alignment errors since call was + established + + This AVP may be hidden (the H-bit may be 0 or 1). The M-bit for + this AVP MUST be set to 1. The Length (before hiding) of this AVP + is 32. + + ACCM (SLI) + + The ACCM AVP, Attribute Type 35, is used by the LNS to inform LAC + of the ACCM negotiated with the PPP Peer by the LNS. + + The Attribute Value field for this AVP has the following format: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reserved | Send ACCM (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Send ACCM (L) | Receive ACCM (H) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Receive ACCM (L) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Send ACCM and Receive ACCM are each 4 octet values preceded by a 2 + octet reserved quantity. The send ACCM value should be used by the + LAC to process packets it sends on the connection. The receive + ACCM value should be used by the LAC to process incoming packets + on the connection. The default values used by the LAC for both + these fields are 0xFFFFFFFF. The LAC should honor these fields + unless it has specific configuration information to indicate that + the requested mask must be modified to permit operation. + + This AVP may be hidden (the H-bit MAY be 1 or 0). The M-bit for + this AVP MUST be set to 1. The Length of this AVP is 16. + + + +Townsley, et al. Standards Track [Page 40] + +RFC 2661 L2TP August 1999 + + +5.0 Protocol Operation + + The necessary setup for tunneling a PPP session with L2TP consists of + two steps, (1) establishing the Control Connection for a Tunnel, and + (2) establishing a Session as triggered by an incoming or outgoing + call request. The Tunnel and corresponding Control Connection MUST be + established before an incoming or outgoing call is initiated. An L2TP + Session MUST be established before L2TP can begin to tunnel PPP + frames. Multiple Sessions may exist across a single Tunnel and + multiple Tunnels may exist between the same LAC and LNS. + + +-----+ +-----+ + | |~~~~~~~~~~L2TP Tunnel~~~~~~~~~~| | + | LAC | | LNS | + | #######Control Connection######## | + [Remote] | | | | + [System]------Call----------*============L2TP Session=============* | + PPP +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | + | | | | + [Remote] | | | | + [System]------Call----------*============L2TP Session=============* | + PPP +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | + | | | | + | |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | + +-----+ +-----+ + + Figure 5.1 Tunneling PPP + +5.1 Control Connection Establishment + + The Control Connection is the initial connection that must be + achieved between an LAC and LNS before sessions may be brought up. + Establishment of the control connection includes securing the + identity of the peer, as well as identifying the peer's L2TP version, + framing, and bearer capabilities, etc. + + A three message exchange is utilized to setup the control connection. + Following is a typical message exchange: + + LAC or LNS LAC or LNS + ---------- ---------- + SCCRQ -> + <- SCCRP + SCCCN -> + <- ZLB ACK + + The ZLB ACK is sent if there are no further messages waiting in queue + for that peer. + + + +Townsley, et al. Standards Track [Page 41] + +RFC 2661 L2TP August 1999 + + +5.1.1 Tunnel Authentication + + L2TP incorporates a simple, optional, CHAP-like [RFC1994] tunnel + authentication system during control connection establishment. If an + LAC or LNS wishes to authenticate the identity of the peer it is + contacting or being contacted by, a Challenge AVP is included in the + SCCRQ or SCCRP message. If a Challenge AVP is received in an SCCRQ or + SCCRP, a Challenge Response AVP MUST be sent in the following SCCRP + or SCCCN, respectively. If the expected response and response + received from a peer does not match, establishment of the tunnel MUST + be disallowed. + + To participate in tunnel authentication, a single shared secret MUST + exist between the LAC and LNS. This is the same shared secret used + for AVP hiding (see Section 4.3). See Section 4.4.3 for details on + construction of the Challenge and Response AVPs. + +5.2 Session Establishment + + After successful control connection establishment, individual + sessions may be created. Each session corresponds to single PPP + stream between the LAC and LNS. Unlike control connection + establishment, session establishment is directional with respect to + the LAC and LNS. The LAC requests the LNS to accept a session for an + incoming call, and the LNS requests the LAC to accept a session for + placing an outgoing call. + +5.2.1 Incoming Call Establishment + + A three message exchange is employed to setup the session. Following + is a typical sequence of events: + + LAC LNS + --- --- + (Call + Detected) + + ICRQ -> + <- ICRP + ICCN -> + <- ZLB ACK + + The ZLB ACK is sent if there are no further messages waiting in queue + for that peer. + + + + + + + +Townsley, et al. Standards Track [Page 42] + +RFC 2661 L2TP August 1999 + + +5.2.2 Outgoing Call Establishment + + A three message exchange is employed to setup the session. Following + is a typical sequence of events: + + LAC LNS + --- --- + <- OCRQ + OCRP -> + + (Perform + Call + Operation) + + OCCN -> + <- ZLB ACK + + The ZLB ACK is sent if there are no further messages waiting in queue + for that peer. + +5.3 Forwarding PPP Frames + + Once tunnel establishment is complete, PPP frames from the remote + system are received at the LAC, stripped of CRC, link framing, and + transparency bytes, encapsulated in L2TP, and forwarded over the + appropriate tunnel. The LNS receives the L2TP packet, and processes + the encapsulated PPP frame as if it were received on a local PPP + interface. + + The sender of a message associated with a particular session and + tunnel places the Session ID and Tunnel ID (specified by its peer) in + the Session ID and Tunnel ID header for all outgoing messages. In + this manner, PPP frames are multiplexed and demultiplexed over a + single tunnel between a given LNS-LAC pair. Multiple tunnels may + exist between a given LNS-LAC pair, and multiple sessions may exist + within a tunnel. + + The value of 0 for Session ID and Tunnel ID is special and MUST NOT + be used as an Assigned Session ID or Assigned Tunnel ID. For the + cases where a Session ID has not yet been assigned by the peer (i.e., + during establishment of a new session or tunnel), the Session ID + field MUST be sent as 0, and the Assigned Session ID AVP within the + message MUST be used to identify the session. Similarly, for cases + where the Tunnel ID has not yet been assigned from the peer, the + Tunnel ID MUST be sent as 0 and Assigned Tunnel ID AVP used to + identify the tunnel. + + + + + +Townsley, et al. Standards Track [Page 43] + +RFC 2661 L2TP August 1999 + + +5.4 Using Sequence Numbers on the Data Channel + + Sequence numbers are defined in the L2TP header for control messages + and optionally for data messages (see Section 3.1). These are used to + provide a reliable control message transport (see Section 5.8) and + optional data message sequencing. Each peer maintains separate + sequence numbers for the control connection and each individual data + session within a tunnel. + + Unlike the L2TP control channel, the L2TP data channel does not use + sequence numbers to retransmit lost data messages. Rather, data + messages may use sequence numbers to detect lost packets and/or + restore the original sequence of packets that may have been reordered + during transport. The LAC may request that sequence numbers be + present in data messages via the Sequencing Required AVP (see Section + 4.4.6). If this AVP is present during session setup, sequence numbers + MUST be present at all times. If this AVP is not present, sequencing + presence is under control of the LNS. The LNS controls enabling and + disabling of sequence numbers by sending a data message with or + without sequence numbers present at any time during the life of a + session. Thus, if the LAC receives a data message without sequence + numbers present, it MUST stop sending sequence numbers in future data + messages. If the LAC receives a data message with sequence numbers + present, it MUST begin sending sequence numbers in future outgoing + data messages. If the LNS enables sequencing after disabling it + earlier in the session, the sequence number state picks up where it + left off before. + + The LNS may initiate disabling of sequencing at any time during the + session (including the first data message sent). It is recommended + that for connections where reordering or packet loss may occur, + sequence numbers always be enabled during the initial negotiation + stages of PPP and disabled only when and if the risk is considered + acceptable. For example, if the PPP session being tunneled is not + utilizing any stateful compression or encryption protocols and is + only carrying IP (as determined by the PPP NCPs that are + established), then the LNS might decide to disable sequencing as IP + is tolerant to datagram loss and reordering. + +5.5 Keepalive (Hello) + + A keepalive mechanism is employed by L2TP in order to differentiate + tunnel outages from extended periods of no control or data activity + on a tunnel. This is accomplished by injecting Hello control messages + (see Section 6.5) after a specified period of time has elapsed since + the last data or control message was received on a tunnel. As for any + other control message, if the Hello message is not reliably delivered + then the tunnel is declared down and is reset. The transport reset + + + +Townsley, et al. Standards Track [Page 44] + +RFC 2661 L2TP August 1999 + + + mechanism along with the injection of Hello messages ensures that a + connectivity failure between the LNS and the LAC will be detected at + both ends of a tunnel. + +5.6 Session Teardown + + Session teardown may be initiated by either the LAC or LNS and is + accomplished by sending a CDN control message. After the last session + is cleared, the control connection MAY be torn down as well (and + typically is). Following is an example of a typical control message + exchange: + + LAC or LNS LAC or LNS + + CDN -> + (Clean up) + + <- ZLB ACK + (Clean up) + +5.7 Control Connection Teardown + + Control connection teardown may be initiated by either the LAC or LNS + and is accomplished by sending a single StopCCN control message. The + receiver of a StopCCN MUST send a ZLB ACK to acknowledge receipt of + the message and maintain enough control connection state to properly + accept StopCCN retransmissions over at least a full retransmission + cycle (in case the ZLB ACK is lost). The recommended time for a full + retransmission cycle is 31 seconds (see section 5.8). Following is an + example of a typical control message exchange: + + LAC or LNS LAC or LNS + + StopCCN -> + (Clean up) + + <- ZLB ACK + (Wait) + (Clean up) + + An implementation may shut down an entire tunnel and all sessions on + the tunnel by sending the StopCCN. Thus, it is not necessary to clear + each session individually when tearing down the whole tunnel. + + + + + + + + +Townsley, et al. Standards Track [Page 45] + +RFC 2661 L2TP August 1999 + + +5.8 Reliable Delivery of Control Messages + + L2TP provides a lower level reliable transport service for all + control messages. The Nr and Ns fields of the control message header + (see section 3.1) belong to this transport. The upper level + functions of L2TP are not concerned with retransmission or ordering + of control messages. The reliable control message is a sliding window + transport that provides control message retransmission and congestion + control. Each peer maintains separate sequence number state for the + control connection within a tunnel. + + The message sequence number, Ns, begins at 0. Each subsequent message + is sent with the next increment of the sequence number. The sequence + number is thus a free running counter represented modulo 65536. The + sequence number in the header of a received message is considered + less than or equal to the last received number if its value lies in + the range of the last received number and the preceding 32767 values, + inclusive. For example, if the last received sequence number was 15, + then messages with sequence numbers 0 through 15, as well as 32784 + through 65535, would be considered less than or equal. Such a message + would be considered a duplicate of a message already received and + ignored from processing. However, in order to ensure that all + messages are acknowledged properly (particularly in the case of a + lost ZLB ACK message), receipt of duplicate messages MUST be + acknowledged by the reliable transport. This acknowledgement may + either piggybacked on a message in queue, or explicitly via a ZLB + ACK. + + All control messages take up one slot in the control message sequence + number space, except the ZLB acknowledgement. Thus, Ns is not + incremented after a ZLB message is sent. + + The last received message number, Nr, is used to acknowledge messages + received by an L2TP peer. It contains the sequence number of the + message the peer expects to receive next (e.g. the last Ns of a non- + ZLB message received plus 1, modulo 65536). While the Nr in a + received ZLB is used to flush messages from the local retransmit + queue (see below), Nr of the next message sent is not be updated by + the Ns of the ZLB. + + The reliable transport at a receiving peer is responsible for making + sure that control messages are delivered in order and without + duplication to the upper level. Messages arriving out of order may be + queued for in-order delivery when the missing messages are received, + or they may be discarded requiring a retransmission by the peer. + + + + + + +Townsley, et al. Standards Track [Page 46] + +RFC 2661 L2TP August 1999 + + + Each tunnel maintains a queue of control messages to be transmitted + to its peer. The message at the front of the queue is sent with a + given Ns value, and is held until a control message arrives from the + peer in which the Nr field indicates receipt of this message. After a + period of time (a recommended default is 1 second) passes without + acknowledgement, the message is retransmitted. The retransmitted + message contains the same Ns value, but the Nr value MUST be updated + with the sequence number of the next expected message. + + Each subsequent retransmission of a message MUST employ an + exponential backoff interval. Thus, if the first retransmission + occurred after 1 second, the next retransmission should occur after 2 + seconds has elapsed, then 4 seconds, etc. An implementation MAY place + a cap upon the maximum interval between retransmissions. This cap + MUST be no less than 8 seconds per retransmission. If no peer + response is detected after several retransmissions, (a recommended + default is 5, but SHOULD be configurable), the tunnel and all + sessions within MUST be cleared. + + When a tunnel is being shut down for reasons other than loss of + connectivity, the state and reliable delivery mechanisms MUST be + maintained and operated for the full retransmission interval after + the final message exchange has occurred. + + A sliding window mechanism is used for control message transmission. + Consider two peers A & B. Suppose A specifies a Receive Window Size + AVP with a value of N in the SCCRQ or SCCRP messages. B is now + allowed to have up to N outstanding control messages. Once N have + been sent, it must wait for an acknowledgment that advances the + window before sending new control messages. An implementation may + support a receive window of only 1 (i.e., by sending out a Receive + Window Size AVP with a value of 1), but MUST accept a window of up to + 4 from its peer (e.g. have the ability to send 4 messages before + backing off). A value of 0 for the Receive Window Size AVP is + invalid. + + When retransmitting control messages, a slow start and congestion + avoidance window adjustment procedure SHOULD be utilized. The + recommended procedure for this is described in Appendix A. + + A peer MUST NOT withhold acknowledgment of messages as a technique + for flow controlling control messages. An L2TP implementation is + expected to be able to keep up with incoming control messages, + possibly responding to some with errors reflecting an inability to + honor the requested action. + + Appendix B contains examples of control message transmission, + acknowledgement, and retransmission. + + + +Townsley, et al. Standards Track [Page 47] + +RFC 2661 L2TP August 1999 + + +6.0 Control Connection Protocol Specification + + The following control connection messages are used to establish, + clear and maintain L2TP tunnels. All data is sent in network order + (high order octets first). Any "reserved" or "empty" fields MUST be + sent as 0 values to allow for protocol extensibility. + +6.1 Start-Control-Connection-Request (SCCRQ) + + Start-Control-Connection-Request (SCCRQ) is a control message used to + initialize a tunnel between an LNS and an LAC. It is sent by either + the LAC or the LNS to being the tunnel establishment process. + + The following AVPs MUST be present in the SCCRQ: + + Message Type AVP + Protocol Version + Host Name + Framing Capabilities + Assigned Tunnel ID + + The Following AVPs MAY be present in the SCCRQ: + + Bearer Capabilities + Receive Window Size + Challenge + Tie Breaker + Firmware Revision + Vendor Name + +6.2 Start-Control-Connection-Reply (SCCRP) + + Start-Control-Connection-Reply (SCCRP) is a control message sent in + reply to a received SCCRQ message. SCCRP is used to indicate that the + SCCRQ was accepted and establishment of the tunnel should continue. + + The following AVPs MUST be present in the SCCRP: + + Message Type + Protocol Version + Framing Capabilities + Host Name + Assigned Tunnel ID + + + + + + + + +Townsley, et al. Standards Track [Page 48] + +RFC 2661 L2TP August 1999 + + + The following AVPs MAY be present in the SCCRP: + + Bearer Capabilities + Firmware Revision + Vendor Name + Receive Window Size + Challenge + Challenge Response + +6.3 Start-Control-Connection-Connected (SCCCN) + + Start-Control-Connection-Connected (SCCCN) is a control message sent + in reply to an SCCRP. SCCCN completes the tunnel establishment + process. + + The following AVP MUST be present in the SCCCN: + + Message Type + + The following AVP MAY be present in the SCCCN: + + Challenge Response + +6.4 Stop-Control-Connection-Notification (StopCCN) + + Stop-Control-Connection-Notification (StopCCN) is a control message + sent by either the LAC or LNS to inform its peer that the tunnel is + being shutdown and the control connection should be closed. In + addition, all active sessions are implicitly cleared (without sending + any explicit call control messages). The reason for issuing this + request is indicated in the Result Code AVP. There is no explicit + reply to the message, only the implicit ACK that is received by the + reliable control message transport layer. + + The following AVPs MUST be present in the StopCCN: + + Message Type + Assigned Tunnel ID + Result Code + +6.5 Hello (HELLO) + + The Hello (HELLO) message is an L2TP control message sent by either + peer of a LAC-LNS control connection. This control message is used as + a "keepalive" for the tunnel. + + + + + + +Townsley, et al. Standards Track [Page 49] + +RFC 2661 L2TP August 1999 + + + The sending of HELLO messages and the policy for sending them are + left up to the implementation. A peer MUST NOT expect HELLO messages + at any time or interval. As with all messages sent on the control + connection, the receiver will return either a ZLB ACK or an + (unrelated) message piggybacking the necessary acknowledgement + information. + + Since a HELLO is a control message, and control messages are reliably + sent by the lower level transport, this keepalive function operates + by causing the transport level to reliably deliver a message. If a + media interruption has occurred, the reliable transport will be + unable to deliver the HELLO across, and will clean up the tunnel. + + Keepalives for the tunnel MAY be implemented by sending a HELLO if a + period of time (a recommended default is 60 seconds, but SHOULD be + configurable) has passed without receiving any message (data or + control) from the peer. + + HELLO messages are global to the tunnel. The Session ID in a HELLO + message MUST be 0. + + The Following AVP MUST be present in the HELLO message: + + Message Type + +6.6 Incoming-Call-Request (ICRQ) + + Incoming-Call-Request (ICRQ) is a control message sent by the LAC to + the LNS when an incoming call is detected. It is the first in a three + message exchange used for establishing a session within an L2TP + tunnel. + + ICRQ is used to indicate that a session is to be established between + the LAC and LNS for this call and provides the LNS with parameter + information for the session. The LAC may defer answering the call + until it has received an ICRP from the LNS indicating that the + session should be established. This mechanism allows the LNS to + obtain sufficient information about the call before determining + whether it should be answered or not. Alternatively, the LAC may + answer the call, negotiate LCP and PPP authentication, and use the + information gained to choose the LNS. In this case, the call has + already been answered by the time the ICRP message is received; the + LAC simply spoofs the "call indication" and "call answer" steps in + this case. + + + + + + + +Townsley, et al. Standards Track [Page 50] + +RFC 2661 L2TP August 1999 + + + The following AVPs MUST be present in the ICRQ: + + Message Type + Assigned Session ID + Call Serial Number + + The following AVPs MAY be present in the ICRQ: + + Bearer Type + Physical Channel ID + Calling Number + Called Number + Sub-Address + +6.7 Incoming-Call-Reply (ICRP) + + Incoming-Call-Reply (ICRP) is a control message sent by the LNS to + the LAC in response to a received ICRQ message. It is the second in + the three message exchange used for establishing sessions within an + L2TP tunnel. + + ICRP is used to indicate that the ICRQ was successful and for the LAC + to answer the call if it has not already done so. It also allows the + LNS to indicate necessary parameters for the L2TP session. + + The following AVPs MUST be present in the ICRP: + + Message Type + Assigned Session ID + +6.8 Incoming-Call-Connected (ICCN) + + Incoming-Call-Connected (ICCN) is a control message sent by the LAC + to the LNS in response to a received ICRP message. It is the third + message in the three message exchange used for establishing sessions + within an L2TP tunnel. + + ICCN is used to indicate that the ICRP was accepted, the call has + been answered, and that the L2TP session should move to the + established state. It also provides additional information to the + LNS about parameters used for the answered call (parameters that may + not always available at the time the ICRQ is issued). + + The following AVPs MUST be present in the ICCN: + + Message Type + (Tx) Connect Speed + Framing Type + + + +Townsley, et al. Standards Track [Page 51] + +RFC 2661 L2TP August 1999 + + + The following AVPs MAY be present in the ICCN: + + Initial Received LCP CONFREQ + Last Sent LCP CONFREQ + Last Received LCP CONFREQ + Proxy Authen Type + Proxy Authen Name + Proxy Authen Challenge + Proxy Authen ID + Proxy Authen Response + Private Group ID + Rx Connect Speed + Sequencing Required + +6.9 Outgoing-Call-Request (OCRQ) + + Outgoing-Call-Request (OCRQ) is a control message sent by the LNS to + the LAC to indicate that an outbound call from the LAC is to be + established. It is the first in a three message exchange used for + establishing a session within an L2TP tunnel. + + OCRQ is used to indicate that a session is to be established between + the LNS and LAC for this call and provides the LAC with parameter + information for both the L2TP session, and the call that is to be + placed + + An LNS MUST have received a Bearer Capabilities AVP during tunnel + establishment from an LAC in order to request an outgoing call to + that LAC. + + The following AVPs MUST be present in the OCRQ: + + Message Type + Assigned Session ID + Call Serial Number + Minimum BPS + Maximum BPS + Bearer Type + Framing Type + Called Number + + The following AVPs MAY be present in the OCRQ: + + Sub-Address + + + + + + + +Townsley, et al. Standards Track [Page 52] + +RFC 2661 L2TP August 1999 + + +6.10 Outgoing-Call-Reply (OCRP) + + Outgoing-Call-Reply (OCRP) is a control message sent by the LAC to + the LNS in response to a received OCRQ message. It is the second in a + three message exchange used for establishing a session within an L2TP + tunnel. + + OCRP is used to indicate that the LAC is able to attempt the outbound + call and returns certain parameters regarding the call attempt. + + The following AVPs MUST be present in the OCRP: + + Message Type + Assigned Session ID + + The following AVPs MAY be present in the OCRP: + + Physical Channel ID + +6.11 Outgoing-Call-Connected (OCCN) + + Outgoing-Call-Connected (OCCN) is a control message sent by the LAC + to the LNS following the OCRP and after the outgoing call has been + completed. It is the final message in a three message exchange used + for establishing a session within an L2TP tunnel. + + OCCN is used to indicate that the result of a requested outgoing call + was successful. It also provides information to the LNS about the + particular parameters obtained after the call was established. + + The following AVPs MUST be present in the OCCN: + + Message Type + (Tx) Connect Speed + Framing Type + + The following AVPs MAY be present in the OCCN: + + Rx Connect Speed + Sequencing Required + +6.12 Call-Disconnect-Notify (CDN) + + The Call-Disconnect-Notify (CDN) message is an L2TP control message + sent by either the LAC or LNS to request disconnection of a specific + call within the tunnel. Its purpose is to inform the peer of the + + + + + +Townsley, et al. Standards Track [Page 53] + +RFC 2661 L2TP August 1999 + + + disconnection and the reason why the disconnection occurred. The peer + MUST clean up any resources, and does not send back any indication of + success or failure for such cleanup. + + The following AVPs MUST be present in the CDN: + + Message Type + Result Code + Assigned Session ID + + The following AVPs MAY be present in the CDN: + + Q.931 Cause Code + +6.13 WAN-Error-Notify (WEN) + + The WAN-Error-Notify message is an L2TP control message sent by the + LAC to the LNS to indicate WAN error conditions (conditions that + occur on the interface supporting PPP). The counters in this message + are cumulative. This message should only be sent when an error + occurs, and not more than once every 60 seconds. The counters are + reset when a new call is established. + + The following AVPs MUST be present in the WEN: + + Message Type + Call Errors + +6.14 Set-Link-Info (SLI) + + The Set-Link-Info message is an L2TP control message sent by the LNS + to the LAC to set PPP-negotiated options. These options can change + at any time during the life of the call, thus the LAC MUST be able to + update its internal call information and behavior on an active PPP + session. + + The following AVPs MUST be present in the SLI: + + Message Type + ACCM + +7.0 Control Connection State Machines + + The control messages defined in section 6 are exchanged by way of + state tables defined in this section. Tables are defined for incoming + call placement, outgoing call placement, as well as for initiation of + + + + + +Townsley, et al. Standards Track [Page 54] + +RFC 2661 L2TP August 1999 + + + the tunnel itself. The state tables do not encode timeout and + retransmission behavior, as this is handled in the underlying + semantics defined in Section 5.8. + +7.1 Control Connection Protocol Operation + + This section describes the operation of various L2TP control + connection functions and the Control Connection messages which are + used to support them. + + Receipt of an invalid or unrecoverable malformed control message + should be logged appropriately and the control connection cleared to + ensure recovery to a known state. The control connection may then be + restarted by the initiator. + + An invalid control message is defined as a message which contains a + Message Type that is marked mandatory (see Section 4.4.1) and is + unknown to the implementation, or a control message that is received + in an improper sequence (e.g. an SCCCN sent in reply to an SCCRQ). + + Examples of a malformed control message include one that has an + invalid value in its header, contains an AVP that is formatted + incorrectly or whose value is out of range, or a message that is + missing a required AVP. A control message with a malformed header + should be discarded. A control message with an invalid AVP should + look to the M-bit for that AVP to determine whether the error is + recoverable or not. + + A malformed yet recoverable non-mandatory (M-bit is not set) AVP + within a control message should be treated in a similar manner as an + unrecognized non-mandatory AVP. Thus, if a malformed AVP is received + with the M-bit set, the session or tunnel should be terminated with a + proper Result or Error Code sent. If the M-bit is not set, the AVP + should be ignored (with the exception of logging a local error + message) and the message accepted. + + This MUST NOT be considered a license to send malformed AVPs, but + simply a guide towards how to handle an improperly formatted message + if one is received. It is impossible to list all potential + malformations of a given message and give advice for each. That said, + one example of a recoverable, malformed AVP might be if the Rx + Connect Speed AVP, attribute 38, is received with a length of 8 + rather than 10 and the BPS given in 2 octets rather than 4. Since the + Rx Connect Speed is non-mandatory, this condition should not be + considered catastrophic. As such, the control message should be + accepted as if the AVP had not been received (with the exception of a + local error message being logged). + + + + +Townsley, et al. Standards Track [Page 55] + +RFC 2661 L2TP August 1999 + + + In several cases in the following tables, a protocol message is sent, + and then a "clean up" occurs. Note that regardless of the initiator + of the tunnel destruction, the reliable delivery mechanism must be + allowed to run (see Section 5.8) before destroying the tunnel. This + permits the tunnel management messages to be reliably delivered to + the peer. + + Appendix B.1 contains an example of lock-step tunnel establishment. + +7.2 Control Connection States + + The L2TP control connection protocol is not distinguishable between + the LNS and LAC, but is distinguishable between the originator and + receiver. The originating peer is the one which first initiates + establishment of the tunnel (in a tie breaker situation, this is the + winner of the tie). Since either LAC or LNS can be the originator, a + collision can occur. See the Tie Breaker AVP in Section 4.4.3 for a + description of this and its resolution. + +7.2.1 Control Connection Establishment + + State Event Action New State + ----- ----- ------ --------- + idle Local Send SCCRQ wait-ctl-reply + Open request + + idle Receive SCCRQ, Send SCCRP wait-ctl-conn + acceptable + + idle Receive SCCRQ, Send StopCCN, idle + not acceptable Clean up + + idle Receive SCCRP Send StopCCN idle + Clean up + + idle Receive SCCCN Clean up idle + + wait-ctl-reply Receive SCCRP, Send SCCCN, established + acceptable Send tunnel-open + event to waiting + sessions + + wait-ctl-reply Receive SCCRP, Send StopCCN, idle + not acceptable Clean up + + wait-ctl-reply Receive SCCRQ, Clean up, idle + lose tie-breaker Re-queue SCCRQ + for idle state + + + +Townsley, et al. Standards Track [Page 56] + +RFC 2661 L2TP August 1999 + + + wait-ctl-reply Receive SCCCN Send StopCCN idle + Clean up + + wait-ctl-conn Receive SCCCN, Send tunnel-open established + acceptable event to waiting + sessions + + wait-ctl-conn Receive SCCCN, Send StopCCN, idle + not acceptable Clean up + + wait-ctl-conn Receive SCCRP, Send StopCCN, idle + SCCRQ Clean up + + established Local Send tunnel-open established + Open request event to waiting + (new call) sessions + + established Admin Send StopCCN idle + Tunnel Close Clean up + + established Receive SCCRQ, Send StopCCN idle + SCCRP, SCCCN Clean up + + idle Receive StopCCN Clean up idle + wait-ctl-reply, + wait-ctl-conn, + established + + The states associated with the LNS or LAC for control connection + establishment are: + + idle + Both initiator and recipient start from this state. An initiator + transmits an SCCRQ, while a recipient remains in the idle state + until receiving an SCCRQ. + + wait-ctl-reply + The originator checks to see if another connection has been + requested from the same peer, and if so, handles the collision + situation described in Section 5.8. + + When an SCCRP is received, it is examined for a compatible + version. If the version of the reply is lower than the version + sent in the request, the older (lower) version should be used + provided it is supported. If the version in the reply is earlier + and supported, the originator moves to the established state. If + + + + + +Townsley, et al. Standards Track [Page 57] + +RFC 2661 L2TP August 1999 + + + the version is earlier and not supported, a StopCCN MUST be sent + to the peer and the originator cleans up and terminates the + tunnel. + + wait-ctl-conn + This is where an SCCCN is awaited; upon receipt, the challenge + response is checked. The tunnel either is established, or is torn + down if an authorization failure is detected. + + established + An established connection may be terminated by either a local + condition or the receipt of a Stop-Control-Connection- + Notification. In the event of a local termination, the originator + MUST send a Stop-Control-Connection-Notification and clean up the + tunnel. + + If the originator receives a Stop-Control-Connection-Notification + it MUST also clean up the tunnel. + +7.3 Timing considerations + + Due to the real-time nature of telephone signaling, both the LNS and + LAC should be implemented with multi-threaded architectures such that + messages related to multiple calls are not serialized and blocked. + The call and connection state figures do not specify exceptions + caused by timers. These are addressed in Section 5.8. + +7.4 Incoming calls + + An Incoming-Call-Request message is generated by the LAC when an + incoming call is detected (for example, an associated telephone line + rings). The LAC selects a Session ID and serial number and indicates + the call bearer type. Modems should always indicate analog call type. + ISDN calls should indicate digital when unrestricted digital service + or rate adaption is used and analog if digital modems are involved. + Calling Number, Called Number, and Subaddress may be included in the + message if they are available from the telephone network. + + Once the LAC sends the Incoming-Call-Request, it waits for a response + from the LNS but it does not necessarily answer the call from the + telephone network yet. The LNS may choose not to accept the call if: + + - No resources are available to handle more sessions + - The dialed, dialing, or subaddress fields do not correspond to + an authorized user + - The bearer service is not authorized or supported + + + + + +Townsley, et al. Standards Track [Page 58] + +RFC 2661 L2TP August 1999 + + + If the LNS chooses to accept the call, it responds with an Incoming- + Call-Reply. When the LAC receives the Incoming-Call-Reply, it + attempts to connect the call. A final call connected message from + the LAC to the LNS indicates that the call states for both the LAC + and the LNS should enter the established state. If the call + terminated before the LNS could accept it, a Call-Disconnect-Notify + is sent by the LAC to indicate this condition. + + When the dialed-in client hangs up, the call is cleared normally and + the LAC sends a Call-Disconnect-Notify message. If the LNS wishes to + clear a call, it sends a Call-Disconnect-Notify message and cleans up + its session. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 59] + +RFC 2661 L2TP August 1999 + + +7.4.1 LAC Incoming Call States + + State Event Action New State + ----- ----- ------ --------- + idle Bearer Ring or Initiate local wait-tunnel + Ready to indicate tunnel open + incoming conn. + + idle Receive ICCN, Clean up idle + ICRP, CDN + + wait-tunnel Bearer line drop Clean up idle + or local close + request + + wait-tunnel tunnel-open Send ICRQ wait-reply + + wait-reply Receive ICRP, Send ICCN established + acceptable + + wait-reply Receive ICRP, Send CDN, idle + Not acceptable Clean up + + wait-reply Receive ICRQ Send CDN idle + Clean up + + wait-reply Receive CDN Clean up idle + ICCN + + wait-reply Local Send CDN, idle + close request or Clean up + Bearer line drop + + established Receive CDN Clean up idle + + established Receive ICRQ, Send CDN, idle + ICRP, ICCN Clean up + + established Bearer line Send CDN, idle + drop or local Clean up + close request + + + + + + + + + + +Townsley, et al. Standards Track [Page 60] + +RFC 2661 L2TP August 1999 + + + The states associated with the LAC for incoming calls are: + + idle + The LAC detects an incoming call on one of its interfaces. + Typically this means an analog line is ringing or an ISDN TE has + detected an incoming Q.931 SETUP message. The LAC initiates its + tunnel establishment state machine, and moves to a state waiting + for confirmation of the existence of a tunnel. + + wait-tunnel + In this state the session is waiting for either the control + connection to be opened or for verification that the tunnel is + already open. Once an indication that the tunnel has/was opened, + session control messages may be exchanged. The first of these is + the Incoming-Call-Request. + + wait-reply + The LAC receives either a CDN message indicating the LNS is not + willing to accept the call (general error or don't accept) and + moves back into the idle state, or an Incoming-Call-Reply message + indicating the call is accepted, the LAC sends an Incoming-Call- + Connected message and enters the established state. + + established + Data is exchanged over the tunnel. The call may be cleared + following: + + An event on the connected interface: The LAC sends a Call- + Disconnect-Notify message + + Receipt of a Call-Disconnect-Notify message: The LAC cleans + up, disconnecting the call. + + A local reason: The LAC sends a Call-Disconnect-Notify + message. + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 61] + +RFC 2661 L2TP August 1999 + + +7.4.2 LNS Incoming Call States + + State Event Action New State + ----- ----- ------ --------- + idle Receive ICRQ, Send ICRP wait-connect + acceptable + + idle Receive ICRQ, Send CDN, idle + not acceptable Clean up + + idle Receive ICRP Send CDN idle + Clean up + + idle Receive ICCN Clean up idle + + wait-connect Receive ICCN Prepare for established + acceptable data + + wait-connect Receive ICCN Send CDN, idle + not acceptable Clean up + + wait-connect Receive ICRQ, Send CDN idle + ICRP Clean up + + idle, Receive CDN Clean up idle + wait-connect, + established + + wait-connect Local Send CDN, idle + established Close request Clean up + + established Receive ICRQ, Send CDN idle + ICRP, ICCN Clean up + + The states associated with the LNS for incoming calls are: + + idle + An Incoming-Call-Request message is received. If the request is + not acceptable, a Call-Disconnect-Notify is sent back to the LAC + and the LNS remains in the idle state. If the Incoming-Call- + Request message is acceptable, an Incoming-Call-Reply is sent. The + session moves to the wait-connect state. + + wait-connect + If the session is still connected on the LAC, the LAC sends an + Incoming-Call-Connected message to the LNS which then moves into + established state. The LAC may send a Call-Disconnect-Notify to + indicate that the incoming caller could not be connected. This + + + +Townsley, et al. Standards Track [Page 62] + +RFC 2661 L2TP August 1999 + + + could happen, for example, if a telephone user accidentally places + a standard voice call to an LAC resulting in a handshake failure + on the called modem. + + established + The session is terminated either by receipt of a Call-Disconnect- + Notify message from the LAC or by sending a Call-Disconnect- + Notify. Clean up follows on both sides regardless of the + initiator. + +7.5 Outgoing calls + + Outgoing calls are initiated by an LNS and instruct an LAC to place a + call. There are three messages for outgoing calls: Outgoing-Call- + Request, Outgoing-Call-Reply, and Outgoing-Call-Connected. The LNS + sends an Outgoing-Call-Request specifying the dialed party phone + number, subaddress and other parameters. The LAC MUST respond to the + Outgoing-Call-Request message with an Outgoing-Call-Reply message + once the LAC determines that the proper facilities exist to place the + call and the call is administratively authorized. For example, is + this LNS allowed to dial an international call? Once the outbound + call is connected, the LAC sends an Outgoing-Call-Connected message + to the LNS indicating the final result of the call attempt: + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 63] + +RFC 2661 L2TP August 1999 + + +7.5.1 LAC Outgoing Call States + + State Event Action New State + ----- ----- ------ --------- + idle Receive OCRQ, Send OCRP, wait-cs-answer + acceptable Open bearer + + idle Receive OCRQ, Send CDN, idle + not acceptable Clean up + + idle Receive OCRP Send CDN idle + Clean up + + idle Receive OCCN, Clean up idle + CDN + + wait-cs-answer Bearer answer, Send OCCN established + framing detected + + wait-cs-answer Bearer failure Send CDN, idle + Clean up + + wait-cs-answer Receive OCRQ, Send CDN idle + OCRP, OCCN Clean up + + established Receive OCRQ, Send CDN idle + OCRP, OCCN Clean up + + wait-cs-answer, Receive CDN Clean up idle + established + + established Bearer line drop, Send CDN, idle + Local close Clean up + request + + The states associated with the LAC for outgoing calls are: + + idle + If Outgoing-Call-Request is received in error, respond with a + Call-Disconnect-Notify. Otherwise, allocate a physical channel and + send an Outgoing-Call-Reply. Place the outbound call and move to + the wait-cs-answer state. + + wait-cs-answer + If the call is not completed or a timer expires waiting for the + call to complete, send a Call-Disconnect-Notify with the + appropriate error condition set and go to idle state. If a circuit + + + + +Townsley, et al. Standards Track [Page 64] + +RFC 2661 L2TP August 1999 + + + switched connection is established and framing is detected, send + an Outgoing-Call-Connected indicating success and go to + established state. + + established + If a Call-Disconnect-Notify is received by the LAC, the telco call + MUST be released via appropriate mechanisms and the session + cleaned up. If the call is disconnected by the client or the + called interface, a Call-Disconnect-Notify message MUST be sent to + the LNS. The sender of the Call-Disconnect-Notify message returns + to the idle state after sending of the message is complete. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 65] + +RFC 2661 L2TP August 1999 + + +7.5.2 LNS Outgoing Call States + + State Event Action New State + ----- ----- ------ --------- + idle Local Initiate local wait-tunnel + open request tunnel-open + + idle Receive OCCN, Clean up idle + OCRP, CDN + + wait-tunnel tunnel-open Send OCRQ wait-reply + + wait-reply Receive OCRP, none wait-connect + acceptable + + wait-reply Receive OCRP, Send CDN idle + not acceptable Clean up + + wait-reply Receive OCCN, Send CDN idle + OCRQ Clean up + + wait-connect Receive OCCN none established + + wait-connect Receive OCRQ, Send CDN idle + OCRP Clean up + + idle, Receive CDN, Clean up idle + wait-reply, + wait-connect, + established + + established Receive OCRQ, Send CDN idle + OCRP, OCCN Clean up + + wait-reply, Local Send CDN idle + wait-connect, Close request Clean up + established + + wait-tunnel Local Clean up idle + Close request + + The states associated with the LNS for outgoing calls are: + + idle, wait-tunnel + When an outgoing call is initiated, a tunnel is first created, + much as the idle and wait-tunnel states for an LAC incoming call. + Once a tunnel is established, an Outgoing-Call-Request message is + sent to the LAC and the session moves into the wait-reply state. + + + +Townsley, et al. Standards Track [Page 66] + +RFC 2661 L2TP August 1999 + + + wait-reply + If a Call-Disconnect-Notify is received, an error occurred, and + the session is cleaned up and returns to idle. If an Outgoing- + Call-Reply is received, the call is in progress and the session + moves to the wait-connect state. + + wait-connect + If a Call-Disconnect-Notify is received, the call failed; the + session is cleaned up and returns to idle. If an Outgoing-Call- + Connected is received, the call has succeeded and the session may + now exchange data. + + established + If a Call-Disconnect-Notify is received, the call has been + terminated for the reason indicated in the Result and Cause Codes; + the session moves back to the idle state. If the LNS chooses to + terminate the session, it sends a Call-Disconnect-Notify to the + LAC and then cleans up and idles its session. + +7.6 Tunnel Disconnection + + The disconnection of a tunnel consists of either peer issuing a + Stop-Control-Connection-Notification. The sender of this Notification + should wait a finite period of time for the acknowledgment of this + message before releasing the control information associated with the + tunnel. The recipient of this Notification should send an + acknowledgment of the Notification and then release the associated + control information. + + When to release a tunnel is an implementation issue and is not + specified in this document. A particular implementation may use + whatever policy is appropriate for determining when to release a + control connection. Some implementations may leave a tunnel open for + a period of time or perhaps indefinitely after the last session for + that tunnel is cleared. Others may choose to disconnect the tunnel + immediately after the last user connection on the tunnel disconnects. + +8.0 L2TP Over Specific Media + + L2TP is self-describing, operating at a level above the media over + which it is carried. However, some details of its connection to media + are required to permit interoperable implementations. The following + sections describe details needed to permit interoperability over + specific media. + + + + + + + +Townsley, et al. Standards Track [Page 67] + +RFC 2661 L2TP August 1999 + + +8.1 L2TP over UDP/IP + + L2TP uses the registered UDP port 1701 [RFC1700]. The entire L2TP + packet, including payload and L2TP header, is sent within a UDP + datagram. The initiator of an L2TP tunnel picks an available source + UDP port (which may or may not be 1701), and sends to the desired + destination address at port 1701. The recipient picks a free port on + its own system (which may or may not be 1701), and sends its reply to + the initiator's UDP port and address, setting its own source port to + the free port it found. Once the source and destination ports and + addresses are established, they MUST remain static for the life of + the tunnel. + + It has been suggested that having the recipient choose an arbitrary + source port (as opposed to using the destination port in the packet + initiating the tunnel, i.e., 1701) may make it more difficult for + L2TP to traverse some NAT devices. Implementors should consider the + potential implication of this before before choosing an arbitrary + source port. + + IP fragmentation may occur as the L2TP packet travels over the IP + substrate. L2TP makes no special efforts to optimize this. A LAC + implementation MAY cause its LCP to negotiate for a specific MRU, + which could optimize for LAC environments in which the MTU's of the + path over which the L2TP packets are likely to travel have a + consistent value. + + The default for any L2TP implementation is that UDP checksums MUST be + enabled for both control and data messages. An L2TP implementation + MAY provide an option to disable UDP checksums for data messages. It + is recommended that UDP checksums always be enabled on control + packets. + + Port 1701 is used for both L2F [RFC2341] and L2TP packets. The + Version field in each header may be used to discriminate between the + two packet types (L2F uses a value of 1, and the L2TP version + described in this document uses a value of 2). An L2TP implementation + running on a system which does not support L2F MUST silently discard + all L2F packets. + + To the PPP clients using an L2TP-over-UDP/IP tunnel, the PPP link has + the characteristic of being able to reorder or silently drop packets. + The former may break non-IP protocols being carried by PPP, + especially LAN-centric ones such as bridging. The latter may break + protocols which assume per-packet indication of error, such as TCP + header compression. Sequencing may be handled by using L2TP data + message sequence numbers if any protocol being transported by the PPP + + + + +Townsley, et al. Standards Track [Page 68] + +RFC 2661 L2TP August 1999 + + + tunnel cannot tolerate reordering. The sequence dependency + characteristics of individual protocols are outside the scope of this + document. + + Allowing packets to be dropped silently is perhaps more problematic + with some protocols. If PPP reliable delivery [RFC1663] is enabled, + no upper PPP protocol will encounter lost packets. If L2TP sequence + numbers are enabled, L2TP can detect the packet loss. In the case of + an LNS, the PPP and L2TP stacks are both present within the LNS, and + packet loss signaling may occur precisely as if a packet was received + with a CRC error. Where the LAC and PPP stack are co-resident, this + technique also applies. Where the LAC and PPP client are physically + distinct, the analogous signaling MAY be accomplished by sending a + packet with a CRC error to the PPP client. Note that this would + greatly increase the complexity of debugging client line problems, + since the client statistics could not distinguish between true media + errors and LAC-initiated ones. Further, this technique is not + possible on all hardware. + + If VJ compression is used, and neither PPP reliable delivery nor + sequence numbers are enabled, each lost packet results in a 1 in + 2**16 chance of a TCP segment being forwarded with incorrect contents + [RFC1144]. Where the combination of the packet loss rate with this + statistical exposure is unacceptable, TCP header compression SHOULD + NOT be used. + + In general, it is wise to remember that the L2TP/UDP/IP transport is + an unreliable transport. As with any PPP media that is subject to + loss, care should be taken when using protocols that are particularly + loss-sensitive. Such protocols include compression and encryption + protocols that employ history. + +8.2 IP + + When operating in IP environments, L2TP MUST offer the UDP + encapsulation described in 8.1 as its default configuration for IP + operation. Other configurations (perhaps corresponding to a + compressed header format) MAY be defined and made available as a + configurable option. + +9.0 Security Considerations + + L2TP encounters several security issues in its operation. The + general approach of L2TP to these issues is documented here. + + + + + + + +Townsley, et al. Standards Track [Page 69] + +RFC 2661 L2TP August 1999 + + +9.1 Tunnel Endpoint Security + + The tunnel endpoints may optionally perform an authentication + procedure of one another during tunnel establishment. This + authentication has the same security attributes as CHAP, and has + reasonable protection against replay and snooping during the tunnel + establishment process. This mechanism is not designed to provide any + authentication beyond tunnel establishment; it is fairly simple for a + malicious user who can snoop the tunnel stream to inject packets once + an authenticated tunnel establishment has been completed + successfully. + + For authentication to occur, the LAC and LNS MUST share a single + secret. Each side uses this same secret when acting as authenticatee + as well as authenticator. Since a single secret is used, the tunnel + authentication AVPs include differentiating values in the CHAP ID + fields for each message digest calculation to guard against replay + attacks. + + The Assigned Tunnel ID and Assigned Session ID (See Section 4.4.3) + SHOULD be selected in an unpredictable manner rather than + sequentially or otherwise. Doing so will help deter hijacking of a + session by a malicious user who does not have access to packet traces + between the LAC and LNS. + +9.2 Packet Level Security + + Securing L2TP requires that the underlying transport make available + encryption, integrity and authentication services for all L2TP + traffic. This secure transport operates on the entire L2TP packet + and is functionally independent of PPP and the protocol being carried + by PPP. As such, L2TP is only concerned with confidentiality, + authenticity, and integrity of the L2TP packets between its tunnel + + endpoints (the LAC and LNS), not unlike link-layer encryption being + concerned only about protecting the confidentiality of traffic + between its physical endpoints. + +9.3 End to End Security + + Protecting the L2TP packet stream via a secure transport does, in + turn, also protect the data within the tunneled PPP packets while + transported from the LAC to the LNS. Such protection should not be + considered a substitution for end-to-end security between + communicating hosts or applications. + + + + + + +Townsley, et al. Standards Track [Page 70] + +RFC 2661 L2TP August 1999 + + +9.4 L2TP and IPsec + + When running over IP, IPsec provides packet-level security via ESP + and/or AH. All L2TP control and data packets for a particular tunnel + appear as homogeneous UDP/IP data packets to the IPsec system. + + In addition to IP transport security, IPsec defines a mode of + operation that allows tunneling of IP packets. The packet level + encryption and authentication provided by IPsec tunnel mode and that + provided by L2TP secured with IPsec provide an equivalent level of + security for these requirements. + + IPsec also defines access control features that are required of a + compliant IPsec implementation. These features allow filtering of + packets based upon network and transport layer characteristics such + as IP address, ports, etc. In the L2TP tunneling model, analogous + filtering is logically performed at the PPP layer or network layer + above L2TP. These network layer access control features may be + handled at the LNS via vendor-specific authorization features based + upon the authenticated PPP user, or at the network layer itself by + using IPsec transport mode end-to-end between the communicating + hosts. The requirements for access control mechanisms are not a part + of the L2TP specification and as such are outside the scope of this + document. + +9.5 Proxy PPP Authentication + + L2TP defines AVPs that MAY be exchanged during session establishment + to provide forwarding of PPP authentication information obtained at + the LAC to the LNS for validation (see Section 4.4.5). This implies a + direct trust relationship of the LAC on behalf of the LNS. If the + LNS chooses to implement proxy authentication, it MUST be able to be + configured off, requiring a new round a PPP authentication initiated + by the LNS (which may or may not include a new round of LCP + negotiation). + +10.0 IANA Considerations + + This document defines a number of "magic" numbers to be maintained by + the IANA. This section explains the criteria to be used by the IANA + to assign additional numbers in each of these lists. The following + subsections describe the assignment policy for the namespaces defined + elsewhere in this document. + +10.1 AVP Attributes + + As defined in Section 4.1, AVPs contain vendor ID, Attribute and + Value fields. For vendor ID value of 0, IANA will maintain a registry + + + +Townsley, et al. Standards Track [Page 71] + +RFC 2661 L2TP August 1999 + + + of assigned Attributes and in some case also values. Attributes 0-39 + are assigned as defined in Section 4.4. The remaining values are + available for assignment through IETF Consensus [RFC 2434]. + +10.2 Message Type AVP Values + + As defined in Section 4.4.1, Message Type AVPs (Attribute Type 0) + have an associated value maintained by IANA. Values 0-16 are defined + in Section 3.2, the remaining values are available for assignment via + IETF Consensus [RFC 2434] + +10.3 Result Code AVP Values + + As defined in Section 4.4.2, Result Code AVPs (Attribute Type 1) + contain three fields. Two of these fields (the Result Code and Error + Code fields) have associated values maintained by IANA. + +10.3.1 Result Code Field Values + + The Result Code AVP may be included in CDN and StopCCN messages. The + allowable values for the Result Code field of the AVP differ + depending upon the value of the Message Type AVP. For the StopCCN + message, values 0-7 are defined in Section 4.4.2; for the StopCCN + message, values 0-11 are defined in the same section. The remaining + values of the Result Code field for both messages are available for + assignment via IETF Consensus [RFC 2434]. + +10.3.2 Error Code Field Values + + Values 0-7 are defined in Section 4.4.2. Values 8-32767 are + available for assignment via IETF Consensus [RFC 2434]. The remaining + values of the Error Code field are available for assignment via First + Come First Served [RFC 2434]. + +10.4 Framing Capabilities & Bearer Capabilities + + The Framing Capabilities AVP and Bearer Capabilities AVPs (defined in + Section 4.4.3) both contain 32-bit bitmasks. Additional bits should + only be defined via a Standards Action [RFC 2434]. + +10.5 Proxy Authen Type AVP Values + + The Proxy Authen Type AVP (Attribute Type 29) has an associated value + maintained by IANA. Values 0-5 are defined in Section 4.4.5, the + remaining values are available for assignment via First Come First + Served [RFC 2434]. + + + + + +Townsley, et al. Standards Track [Page 72] + +RFC 2661 L2TP August 1999 + + +10.6 AVP Header Bits + + There are four remaining reserved bits in the AVP header. Additional + bits should only be assigned via a Standards Action [RFC 2434]. + +11.0 References + + [DSS1] ITU-T Recommendation, "Digital subscriber Signaling System + No. 1 (DSS 1) - ISDN user-network interface layer 3 + specification for basic call control", Rec. Q.931(I.451), + May 1998 + + [KPS] Kaufman, C., Perlman, R., and Speciner, M., "Network + Security: Private Communications in a Public World", + Prentice Hall, March 1995, ISBN 0-13-061466-1 + + [RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791, September + 1981. + + [RFC1034] Mockapetris, P., "Domain Names - Concepts and Facilities", + STD 13, RFC 1034, November 1987. + + [RFC1144] Jacobson, V., "Compressing TCP/IP Headers for Low-Speed + Serial Links", RFC 1144, February 1990. + + [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, + RFC 1661, July 1994. + + [RFC1662] Simpson, W., "PPP in HDLC-like Framing", STD 51, RFC 1662, + July 1994. + + [RFC1663] Rand, D., "PPP Reliable Transmission", RFC 1663, July 1994. + + [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC + 1700, October 1994. See also: + http://www.iana.org/numbers.html + [RFC1990] Sklower, K., Lloyd, B., McGregor, G., Carr, D. and T. + Coradetti, "The PPP Multilink Protocol (MP)", RFC 1990, + August 1996. + + [RFC1994] Simpson, W., "PPP Challenge Handshake Authentication + Protocol (CHAP)", RFC 1994, August 1996. + + [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. + and E. Lear, "Address Allocation for Private Internets", + BCP 5, RFC 1918, February 1996. + + + + + +Townsley, et al. Standards Track [Page 73] + +RFC 2661 L2TP August 1999 + + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2138] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote + Authentication Dial In User Service (RADIUS)", RFC 2138, + April 1997. + + [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and + Languages", BCP 18, RFC 2277, January 1998. + + [RFC2341] Valencia, A., Littlewood, M. and T. Kolar, "Cisco Layer Two + Forwarding (Protocol) L2F", RFC 2341, May 1998. + + [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for the + Internet Protocol", RFC 2401, November 1998. + + [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations Section in RFCs", BCP 26, RFC 2434, + October 1998. + + [RFC2637] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. + and G. Zorn, "Point-to-Point Tunneling Protocol (PPTP)", + RFC 2637, July 1999. + + [STEVENS] Stevens, W. Richard, "TCP/IP Illustrated, Volume I The + Protocols", Addison-Wesley Publishing Company, Inc., March + 1996, ISBN 0-201-63346-9 + +12.0 Acknowledgments + + The basic concept for L2TP and many of its protocol constructs were + adopted from L2F [RFC2341] and PPTP [PPTP]. Authors of these are A. + Valencia, M. Littlewood, T. Kolar, K. Hamzeh, G. Pall, W. Verthein, + J. Taarud, W. Little, and G. Zorn. + + Dory Leifer made valuable refinements to the protocol definition of + L2TP and contributed to the editing of this document. + + Steve Cobb and Evan Caves redesigned the state machine tables. + + Barney Wolff provided a great deal of design input on the endpoint + authentication mechanism. + + John Bray, Greg Burns, Rich Garrett, Don Grosser, Matt Holdrege, + Terry Johnson, Dory Leifer, and Rich Shea provided valuable input and + review at the 43rd IETF in Orlando, FL., which led to improvement of + the overall readability and clarity of this document. + + + + +Townsley, et al. Standards Track [Page 74] + +RFC 2661 L2TP August 1999 + + +13.0 Authors' Addresses + + Gurdeep Singh Pall + Microsoft Corporation + Redmond, WA + + EMail: gurdeep@microsoft.com + + + Bill Palter + RedBack Networks, Inc + 1389 Moffett Park Drive + Sunnyvale, CA 94089 + + EMail: palter@zev.net + + + Allan Rubens + Ascend Communications + 1701 Harbor Bay Parkway + Alameda, CA 94502 + + EMail: acr@del.com + + + W. Mark Townsley + cisco Systems + 7025 Kit Creek Road + PO Box 14987 + Research Triangle Park, NC 27709 + + EMail: townsley@cisco.com + + + Andrew J. Valencia + cisco Systems + 170 West Tasman Drive + San Jose CA 95134-1706 + + EMail: vandys@cisco.com + + + Glen Zorn + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052 + + EMail: gwz@acm.org + + + +Townsley, et al. Standards Track [Page 75] + +RFC 2661 L2TP August 1999 + + +Appendix A: Control Channel Slow Start and Congestion Avoidance + + Although each side has indicated the maximum size of its receive + window, it is recommended that a slow start and congestion avoidance + method be used to transmit control packets. The methods described + here are based upon the TCP congestion avoidance algorithm as + described in section 21.6 of TCP/IP Illustrated, Volume I, by W. + Richard Stevens [STEVENS]. + + Slow start and congestion avoidance make use of several variables. + The congestion window (CWND) defines the number of packets a sender + may send before waiting for an acknowledgment. The size of CWND + expands and contracts as described below. Note however, that CWND is + never allowed to exceed the size of the advertised window obtained + from the Receive Window AVP (in the text below, it is assumed any + increase will be limited by the Receive Window Size). The variable + SSTHRESH determines when the sender switches from slow start to + congestion avoidance. Slow start is used while CWND is less than + SSHTRESH. + + A sender starts out in the slow start phase. CWND is initialized to + one packet, and SSHTRESH is initialized to the advertised window + (obtained from the Receive Window AVP). The sender then transmits + one packet and waits for its acknowledgement (either explicit or + piggybacked). When the acknowledgement is received, the congestion + window is incremented from one to two. During slow start, CWND is + increased by one packet each time an ACK (explicit ZLB or + piggybacked) is received. Increasing CWND by one on each ACK has the + effect of doubling CWND with each round trip, resulting in an + exponential increase. When the value of CWND reaches SSHTRESH, the + slow start phase ends and the congestion avoidance phase begins. + + During congestion avoidance, CWND expands more slowly. Specifically, + it increases by 1/CWND for every new ACK received. That is, CWND is + increased by one packet after CWND new ACKs have been received. + Window expansion during the congestion avoidance phase is effectively + linear, with CWND increasing by one packet each round trip. + + When congestion occurs (indicated by the triggering of a + retransmission) one half of the CWND is saved in SSTHRESH, and CWND + is set to one. The sender then reenters the slow start phase. + + + + + + + + + + +Townsley, et al. Standards Track [Page 76] + +RFC 2661 L2TP August 1999 + + +Appendix B: Control Message Examples + +B.1: Lock-step tunnel establishment + + In this example, an LAC establishes a tunnel, with the exchange + involving each side alternating in sending messages. This example + shows the final acknowledgment explicitly sent within a ZLB ACK + message. An alternative would be to piggyback the acknowledgement + within a message sent as a reply to the ICRQ or OCRQ that will likely + follow from the side that initiated the tunnel. + + LAC or LNS LNS or LAC + ---------- ---------- + + SCCRQ -> + Nr: 0, Ns: 0 + <- SCCRP + Nr: 1, Ns: 0 + SCCCN -> + Nr: 1, Ns: 1 + <- ZLB + Nr: 2, Ns: 1 + +B.2: Lost packet with retransmission + + An existing tunnel has a new session requested by the LAC. The ICRP + is lost and must be retransmitted by the LNS. Note that loss of the + ICRP has two impacts: not only does it keep the upper level state + machine from progressing, but it also keeps the LAC from seeing a + timely lower level acknowledgment of its ICRQ. + + LAC LNS + --- --- + + ICRQ -> + Nr: 1, Ns: 2 + + (packet lost) <- ICRP + Nr: 3, Ns: 1 + + (pause; LAC's timer started first, so fires first) + + ICRQ -> + Nr: 1, Ns: 2 + + (Realizing that it has already seen this packet, + the LNS discards the packet and sends a ZLB) + + + + +Townsley, et al. Standards Track [Page 77] + +RFC 2661 L2TP August 1999 + + + <- ZLB + Nr: 3, Ns: 2 + + (LNS's retransmit timer fires) + + <- ICRP + Nr: 3, Ns: 1 + ICCN -> + Nr: 2, Ns: 3 + + <- ZLB + Nr: 4, Ns: 2 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 78] + +RFC 2661 L2TP August 1999 + + +Appendix C: Intellectual Property Notice + + The IETF takes no position regarding the validity or scope of any + intellectual property or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; neither does it represent that it + has made any effort to identify any such rights. Information on the + IETF's procedures with respect to rights in standards-track and + standards-related documentation can be found in BCP-11. Copies of + claims of rights made available for publication and any assurances of + licenses to be made available, or the result of an attempt made to + obtain a general license or permission for the use of such + proprietary rights by implementers or users of this specification can + be obtained from the IETF Secretariat." + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights which may cover technology that may be required to practice + this standard. Please address the information to the IETF Executive + Director. + + The IETF has been notified of intellectual property rights claimed in + regard to some or all of the specification contained in this + document. For more information consult the online list of claimed + rights. + + + + + + + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 79] + +RFC 2661 L2TP August 1999 + + +Full Copyright Statement + + Copyright (C) The Internet Society (1999). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Townsley, et al. Standards Track [Page 80] + |