[c-nsp] L2TPv3 and VLANs

Ge Moua moua0100 at umn.edu
Thu Jun 18 11:39:52 EDT 2009


I"ve also seen "out-of-order" packets get discarded (essentially 
dropped); if fragmentation is clean and in correct order, L2TPv3 as 
implemeted by Cisco seems  to work better; we've open a case with Cisco 
about this re: VTP traffic and their response essentially was to do 
nothing about it and not use VTP (so we are now using VTP transparent 
mode with no VTP updates) and thus no VTP being transmitted over the 
l2tpv3 pseudowire.

I've been meaning to do pseudowire testing using AToM/EoMPLS tunnled 
inside of GRE to see if this works better; Cisco TAC seems to be more 
recpetive in supporting MPLS issues rather than L2TPv3 over native IP.

Let me know if you run into different conclusions as I've been 
struggling with this issue for a few years now.

Good luck.

Regards,
Ge Moua | Email: moua0100 at umn.edu

Network Design Engineer
University of Minnesota | Networking & Telecommunications Services



Ge Moua wrote:
> Yep, ran into  that to; on the upstream layer-3 hop from hosts do 
> something like "tcp-mss adjust 1300" which will ensure tcp packets 
> haver enough head-room for l2tpv3 headers.  With UDP traffic, this get 
> more tricky; I haven't done this yet but one can adjust max segment 
> size on end-station hosts to something like 1300 (which of course 
> would affect all protocol types); there are open source tools to do 
> this, but downside is that all the end-station hosts need to touched 
> for consistency; i suppose I'm too lazy : - (
>
> Regards,
> Ge Moua | Email: moua0100 at umn.edu
>
> Network Design Engineer
> University of Minnesota | Networking & Telecommunications Services
>
>
>
> Paul Stewart wrote:
>> How did you deal with MTU issues from l2tpv3?  In our testing we 
>> would see
>> packets drop instead of fragmenting where they should... I've been 
>> meaning
>> to followup on this as we have some great l2tpv3 deployments waiting 
>> in the
>> wings...
>>
>> Paul
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ge Moua
>> Sent: Thursday, June 18, 2009 10:44 AM
>> To: Ziv Leyes
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] L2TPv3 and VLANs
>>
>>
>>  > How do I make this happen on the HQ router?
>>
>> Each l2tp tunnel will have its own vc:  "sh l2tun all"
>>
>> You obviously have thoughts this all out as your logic for how it 
>> will and should work is sound.
>>
>> We are doing a very similar setup over here at the UofMn and this is 
>> working well for us.
>>
>>
>> Regards,
>> Ge Moua | Email: moua0100 at umn.edu
>>
>> Network Design Engineer
>> University of Minnesota | Networking & Telecommunications Services
>>
>>
>>
>> Ziv Leyes wrote:
>>  
>>> Hi,
>>> I'm trying to make sure this following scenario can work.
>>> 3 remote sites, one is the HQ which has a switch that handles 2 vlans,
>>>     
>> let's say vlan 10 and vlan 20.
>>  
>>> The other two branches needs to be connected to the HQ and have a 
>>> flat LAN
>>>     
>> between them and the HQ, but each branch to it's own vlan, branch 1 
>> to vlan
>> 10 and branch 2 to vlan 20. They must NOT see each other's traffic.
>>  
>>> Every site has a switch and a router (C2801 I think) Is it possible 
>>> to do?
>>> If yes, then I was thinking about L2TPv3, but in this case I'd need to
>>>     
>> make two different xconnections between HQ-->Branch 1 and HQ-->Branch 2.
>>  
>>> How do I make this happen on the HQ router? I was thinking to bring the
>>>     
>> vlans via a trunk from the switch and then finishing them on 
>> sub-interfaces
>> with dot1q and then xconnecting the sob-interface to each l2tp tunnel to
>> each respective branch. Is it correct or there is a better way?
>>  
>>> Will this work?
>>>
>>> Thanks in advance for your help
>>> Ziv
>>>
>>>
>>>  
>>>  
>>>
>>>     
>> **************************************************************************** 
>>
>> ********
>>  
>>> This footnote confirms that this email message has been scanned by
>>> PineApp Mail-SeCure for the presence of malicious code, vandals & 
>>> computer
>>>     
>> viruses.
>>   
>> **************************************************************************** 
>>
>> ********
>>  
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>       
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>   
>


More information about the cisco-nsp mailing list