[c-nsp] l2tpv3

Ross Halliday ross.halliday at wtccommunications.ca
Thu Aug 30 14:32:39 EDT 2012

In my travels I've played with L2TPv3 for this same reason on the 1721, 1800, and 2800 routers. Short answer is "not worth the effort". I've found support to be unpredictable across different platforms and odd bugs in different IOS loads.

To be honest there are not a whole lot of reasons left to get a TLS service unless multiple VLANs are actually required. A lot of our customers would be fine with L3VPN if they designed for it. In one case I managed to sell a customer an MPLS L3VPN service where we couldn't do QinQ: I worked with their network admin and helped him come up with a plan that properly segregated broadcast domains between sites and supported encrypted traffic between all of them. This design ended up being a huge bonus for them for Internet Access too as they collocated a firewall with us, which was a nice centralization of access controls and bandwidth.

If you're going to do L2TPv3 it is vital to run hardware that can push at least 1600 byte frames out the "uplink" side. Same goes for the full path. Some platforms can sorta do fragmentation, but obviously take a severe performance hit. I actually had a 1721 able to do this: 3.5 Mbps symmetric and synchronous maxed out the CPU with 1500 byte packets with VLAN tags. 1800 series won't do it, and the MTU is not adjustable on the fixed interfaces (not sure about WICs). The 2800 wouldn't establish a two-way tunnel with any other device I had on hand.

For what it's worth an EoMPLS VC is way easier to deal with than L2TPv3 once you get your core set up. 


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aaron
Sent: August-30-12 11:27 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] l2tpv3

What is the smallest/cheapest cisco router that supports L2TPv3?


I work at an isp and have small/medium sized businesses that occasionally
want transparent lan connectivity between their sites (which are connected
via FTTH, DSL, Cable Modem).


Is L2TPv3 tunneling the way to go for something like that ?


I don't really want to set up all kinds of qinq or mpls l2vpn's in my core
if I can avoid it.


Also, tunneling endpoints at the customer premise seems that the
dslam/olt/cmts would not have to be wise at all about the tunneling


Lemme know your thoughts/suggestions please




cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list