No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E-M2 V800R010C10SPC500 Feature Description - User Access 01

This is NE40E-M2 V800R010C10SPC500 Feature Description - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
L2TP Tunnel Establishment Process

L2TP Tunnel Establishment Process

The establishment of an L2TP tunnel involves the following messages:

  • Start-Control-Connection-Request (SCCRQ) message: is a request sent to the remote end for establishing a control connection.

  • SCCRP (Start-Control-Connection-Reply) message: is a reply to the remote end to notify that the SCCRQ message is received and the control connection can be established.

  • Stop-Control-Connection-Notification (StopCCN) message: informs the remote end that all session connections are torn down on the local end and the tunnel interface is to be shut down. A StopCCN message carries the reason for tearing down the control connection on the local end.

  • Start-Control-Connection-Connected (SCCCN) message: is a reply to the remote end to indicate that the SCCRP message is received and the L2TP tunnel has been established on the local end.

  • Hello message: detects connectivity of an L2TP tunnel.

  • Zero-Length Body (ZLB) message: is sent to the remote end when no messages in the queue of the local end are to be sent. In addition, during the teardown of the session connection and the control connection, sending a ZLB message indicates that a StopCCN or CDN message is received. The ZLB message only contains an L2TP header and has no payload.

Establishing a control connection

A session connection can be established only after a control connection is set up. Figure 8-5 shows the process of establishing an L2TP control connection.

Figure 8-5 Diagram of the three-way handshake during the establishment of a control connection

  • After routes between the LAC and the LNS are reachable, the corresponding Attribute Value Pairs (AVP) are set on the LAC. The LAC then sends an SCCRQ message carrying the AVPs to the LNS to request for the establishment of a control connection.

  • The LNS receives the SCCRQ message from the LAC. According to the AVPs carried in the message, if the request is accepted, the LNS sends an SCCRP message to the LAC.

  • After receiving the SCCRP message, the LAC checks the message and extracts the tunnel information, and then sends an SCCCN message to the LNS, indicating that the control connection is successfully set up.

  • When no messages exist in the queue of the LNS, the LNS sends a ZLB message to the LAC.

On the device, you can run the command to view the control connections that are successfully established.

Process of tunnel authentication

Tunnel authentication is performed in parallel with the establishment of a tunnel.

The process of tunnel authentication is as follows:

  1. The LAC sends an SCCRQ message to the LNS, carrying a randomly-generated character string as the local CHAP Challenge.

  2. After receiving the SCCRQ message, the LNS uses the carried CHAP Challenge and the locally-configured password to generate a new character string and then calculates a 16-byte Response through the MD5 algorithm. In addition, a character string is randomly generated as the LNS Challenge. Then, the LNS sends an SCCRP message carrying the Response and the LNS Challenge to the LAC.

  3. After receiving the LAC authenticates information sent by the LNS as follows:

    • Uses the local CHAP Challenge, locally configured password, and information carried in the SCCRP message to generate a new character string.

    • Calculates a 16-byte character string through the MD5 algorithm.

    • Compares the string with the CHAP Response carried in the SCCRP message sent by the LNS. If the information is the same, tunnel authentication succeeds; otherwise, tunnel authentication fails, and the tunnel is disconnected.

  4. If tunnel authentication is successful, the LAC sends an SCCCN message carrying the local CHAP Response to the LNS.

  5. After receiving the LNS authenticates information sent by the LAC as follows:

    • Uses the local CHAP Challenge, locally configured password, and information carried in the SCCCN message to generate a new character string.

    • Calculates a 16-byte character string through the MD5 algorithm.

    • Compares the string with the CHAP Response carried in the SCCCN message sent by the LAC. If the information is the same, tunnel authentication succeeds; otherwise, tunnel authentication fails, and the tunnel is disconnected.

Maintaining a control connection

L2TP uses Hello messages to detect connectivity of a tunnel. The LAC and the LNS periodically send Hello messages to each other. If no replies to the Hello messages are received within a specified period, Hello messages are resent. If Hello messages are resent for five times, the L2TP tunnel is regarded as disconnected, and the PPP session is therefore deleted. In this case, a new L2TP tunnel needs to be established.

The interval for sending Hello messages can be manually set. By default, the interval for sending Hello messages is 60 seconds. The intervals for sending Hello messages set on the LNS and the LAC can be different.

Teardown of a control connection

Both the LNS and the LAC can initiate the teardown of a control connection. The initiator sends a StopCCN message to inform the remote end to tear down the control connection. The remote end replies the received StopCCN message with a ZLB ACK message. The remote end, however, maintains the control connection for a certain period to avoid the loss of the ZLB ACK message. Figure 8-6 shows the process of tearing down a control connection on the LAC.

Figure 8-6 Diagram of tearing down an L2TP control connection

Download
Updated: 2019-01-02

Document ID: EDOC1100058415

Views: 11877

Downloads: 8

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next