[cisco-bba] L2TP on dynamic IP

John Fitzgerald john.fitzgerald at internet.de
Thu Jan 20 10:42:18 EST 2011


Hi Arie,


I definitely would like to define a fixed IP to the customer, but on the WAN
side the CPE is configured by a third party provider (an access provider).


So in fact, I can't get my hands on the CPE. So the idea was to place an
L2TP Client behind the CPE (on LAN side) which makes the connection outbound
to my Router. My router terminates the L2TP Tunnel.


When my router recognizes the L2TP Connect, my router provides an IP address
statically of my pool to the client's interface.


Furthermore, my router will insert a somewhat static route to the client in
his routing table, so the customer will be reachable through this IP. In
detail, the customer L2TP Server has 2 NICs, one points to the CPE and has
masked IP Adresses (e.g. 192.168.X.X) and the other one should route the
ofically routed net, my router is sending (like AAA.BBB.CCC.DDD).


With this tunnel, I would be able to tunnel other data packets to the client
as well as speak bgp to the client though still use my IP space.


At last, the customers computers would be reachable through the L2TP tunnel
and the IP addresses would be from my nets.


The only trick is: The client as a access network from another provider and
I can't get hands on the configuration of his CPE. Furthermore, the external
IP address of the customer might change from day to day.   

For reliability, I would prefer fiber, of course. But the next fiber is
approx. 2 miles away and digging is approx. 40k EUROS (!). 

So, I am looking for a solution to provide BGP redundancy to smaller
customers (e.g. 50 Users) even at locations, where I can not do what I want.
This would make it possible for customers with provider independent address
space to have bgp with 2 neigbors (e.g. one is thier standard ISP with a
fast line (100Mbps), one is the backup ISP (e.g. 20 Mbps via G.SHDSL .).





From: arievayner at gmail.com [mailto:arievayner at gmail.com] On Behalf Of Arie
Sent: Wednesday, January 19, 2011 8:58 PM
To: John Fitzgerald
Cc: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] L2TP on dynamic IP



What would most likely be a better solution for both solutions is to assign
the customer a fixed IP allocated from RADIUS when they connect over L2TP (I
assume PPP...)
This will allow you to have a static BGP session with the statically
allocated IP address.

Another option is to look at the BGP dynamic neighbors feature:

For IPSec there are quite a few solutions for IPSec sessions with dynamic
I think this could be a good starting point:


On Wed, Jan 19, 2011 at 8:23 PM, John Fitzgerald
<john.fitzgerald at internet.de> wrote:


I've got two design questions:

1. Is it possible to map a net via L2TP (IPv4 PI Space) to a client, which
comes from a dynamic IP Address? E.g he has RIPE PI Space AAA.BBB.CCC.DDD
and as he connects, routers will allow traffic to his network
AAA.BBB.CCC.DDD and BGPv4 will recognize an will aloe route servers to be

2. Is it possible to have the IPSec with (1.)?



cisco-bba mailing list
cisco-bba at puck.nether.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20110120/b5017d47/attachment.html>

More information about the cisco-bba mailing list