Problem solve Get help with specific problems with your technologies, process and projects.

Install L2TP multihop for better scaling

By using L2TP multihop protocol, you can improve the scalability of your VPN.

Scalability is always a requirement with anything having to do with networking. This tip offers a protocol that can improve the scalability of your VPN.

If you are considering implementing a very large, secure dialup network using L2TP, (Layer two tunneling protocol) you should consider enhancing your scalability by using a layered approach to your L2TP Access Clients (LAC) and L2TP Network Servers (LNS). This can be accomplished using "L2TP Multihop".

Generally, when a remote user dials into the network, his phone call is terminated at the LAC, which then establishes a L2TP session between itself and the LNS. The LNS terminates the L2TP tunnel. In other words, the LNS connects the tunnel with the private network. With L2TP Multihop, the LAC will establish a session with the LNS and that LNS will itself then act as a LAC and establish another session with another LNS.

By redirecting tunnels on behalf of the client LAC to many other LNS, a set of devices acting as LNS and LAC can aggregate a number of access devices (LAC) so that the total tunnels aren't constrained by the ability of one LNS.

The configuration of a Cisco router performing L2TP Multihop might look something like this:

vpdn enable
vpdn multihop
vpdn-group 1
accept dialin l2tp virtual-template 1 remote xyz
local name abc
vpdn-group 2
request dialin l2tp ip domain
local name abc

If a client wants to access the domain, the router automatically creates a L2TP tunnel between itself and (unless one already exists) and redirects the client's traffic from the first tunnel to the new tunnel. You can create vpdn-groups for multiple domains.

Thomas Alexander Lancaster IV is a consultant and author with over 15 years experience in the networking industry, focused on Internet infrastructure.

This was last published in September 2005

Dig Deeper on WAN technologies and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.