|
|
Multihop Virtual Private Dialup Network (VPDN) solves two problems for users. They are described below.
Multihop VPDN allows packets to pass through multiple tunnels using both L2F and L2TP protocols in a VPDN environment.
The following terms are useful in understanding Multihop VPDN functionality.
Basic Rate Interface (BRI). An ISDN interface that contains two B links and one D link of circuit switched communication of voice, video, and data.
bundle owner---Typically, the device that terminates the PPP connection of the call from the remote client. Once this device has terminated the connection, then it owns all connections generated by the client. As soon as the client hangs up, the terminating device is no longer the bundle owner.
hop---Term describing the passage of a packet between two network nodes (for example, two routers).
home gateway---A router which terminates an L2F/L2TP tunnel orginating from a network access server.
L2F---A tunneling protocol that allows an Internet service provider (ISP) or other access service to create a virtual tunnel to link a customer's remote site or remote users with corporate home networks.
L2TP---An extension to PPP merges features of two tunneling protocols: Layer 2 Forwarding (L2F) from Cisco Systems and Point-to-Point Tunneling (PPTP) from Microsoft. L2TP is an Internet Engineering Task Force (IETF) emerging standard, currently under codevelopment and endorsed by Cisco Systems, and other networking industry leaders.
L2TP Access Concentrator (LAC)---A device attached to a switched network fabric (such as, PSTN or ISDN) or colocated with a PPP end system capable of handling the L2TP protocol. A LAC device implements the media, over which L2TP passes traffic to one or more LNSs. The LAC may tunnel any protocol carried within PPP. LAC is the initiator of incoming calls and the receiver of outgoing calls. LAC is also known as NAS in Layer 2 Forwarding (L2F) terminology.
L2TP Network Server (LNS)---A device operating on any platform capable of PPP termination that handles the server side of the L2TP protocol. Since L2TP relies on the single media over which L2TP tunnels arrive, an LNS may have only a single LAN or WAN interface, yet still be able to terminate calls arriving at any of the LACs' full range of PPP interfaces. LNS is the initiator of outgoing calls and the receiver of incoming calls.
Multilink PPP---A protocol that provides the capability of fragmenting and reassembling packets to a single end-system across a logical pipe (also called a bundle) formed by multiple links. Multilink PPP provides bandwidth on demand.
Multichassis Multilink PPP---Multilink PPP with the additional capability for links to terminate at multiple routers with different remote addresses. This protocol is intended for situations with large pools of dial-in users, where a single chassis cannot provide enough dial-in ports.
Network Access Server (NAS)---A communications processor that connects asynchronous devices to a LAN or WAN through network and terminal emulation software. Performs both synchronous and asynchronous routing of supported protocols.
Primary Rate Interface (PRI)---An ISDN interface that contains 23 B links and one D link of circuit switched communication of voice, video, and data. Also, it can be an E1 interface with 30 data channels.
stack group---A group of peer routers comprising a home gateway stack.
Stack Group Bidding Protocol (SGBP)---A protocol that determines the proper bundle owner for a packet after the packet is received from another home gateway.
stack group peer---Any router in a given home gateway stack. Stack groups do not need a lead router.
tunneling---Architecture that is designed to provide the services necessary to implement any standard point-to-point encapsulation scheme.
Virtual Private Dialup Network (VPDN)---A network that allows separate and autonomous protocol domains to share common access infrastructure, including modems, access servers, and ISDN routers. A VPDN enables users to configure secure networks that take advantage of ISPs that tunnel the company's remote access traffic through the ISP cloud.
This feature is supported on the following routers and access servers:
To use the VPDN Multihop feature, you need to configure the following entities on your network:
There are no new MIBs or RFCs supported for this feature.
The following process describes a common Multihop VPDN scenario where packets need to traverse multiple home gateways at a corporate network:
1. When the home gateways are set up, they are configured with Multihop VPDN enabled.
2. As a remote user, you contact your corporate network by dialing up a stack of home gateways, each containing a bank of devices that will receive a call, for example, Cisco 7200 routers. The call is made through a Network Access Server (NAS) created by a service provider. The connection between the NAS and the corporate network is created through a VPDN tunnel. Typically, the connection comprises the following entities:
3. Using a round-robin technique, members of the stack group contend to field the dialup session from the call.
4. One of the stack group members in a home gateway fields the dialup connection and becomes the receiver or bundle owner for the session and the session is established.
5. Because you are sending a large file (for example, an elaborate graphic) performance is a concern. To enhance performance, the Multilink PPP technique is deployed on the connection line, splitting each packet into fragments, each of which will flow through both the two B channels on the BRI and the 23 B channels on the PRI. This creates bandwidth on demand and reduces transmission latency across WAN links.
6. The packet fragments arrive at the corporate network and are reassembled.
7. Sometimes, multiple calls are established in cases when the file is too large to be handled by one call. This calls made after the first call may not initially be received by the bundle owner or even by a router in the home gateway where the bundle owner resides.
9. If the router that receives the packets from the second call resides on a different home gateway, it establishes a tunnel and forwards all packets belonging to the call to the router that owns the call in its proper home gateway. This technique is called Multichassis Multilink PPP because more than one home gateway is deployed in the receipt of packets. Note that this bundle owner packet forwarding session creates a second tunnel and that only one tunnel is allowed per session. By issuing the vpdn multihop command when the network administrator has initially set up your home gateway, you have enabled two tunnels to occur.
10. After arriving at the bundle owner in the proper home gateway, the packets are reassembled.
Figure 1 illustrates the Multihop VPDN process for traversing multiple home gateways. Figure 2 illustrates the Multihop VPDN process for traversing two consecutive home gateways (wholesale dial service).
Connect your remote host to a service provider via either an ISDN line or pair of asynchronous lines. Make sure the service provider connects you to the destination network you are interested in reaching.
Use the following commands in Interface Configuration Mode:
| Command | Purpose |
|---|---|
vpdn incoming remote-name local-name virtual-template number | Specify the local nume to use for authenticating and the virtual template to use for building interfaces for incoming connections when an L2F or L2TP tunnel connection is required from a remote host. |
vpdn multihop
| Enable the Multihop VPDN feature so that packets can be recombined at the target router. |
vpdn multihop username stack password hellothere multilink virtual-template 1 sgbp group stack sgbp member Home-Gateway2 1.1.1.2 interface virtual-template 1 ip unnum e0 ppp multilink ppp auth chap
Stack Group Bidding Protocol (SGBP) is initiated using the SGBP commands. SGBP identifies the proper bundle owner of the packets from a second call. Challenge Handshake Authentication Protocol (CHAP) is initiated using the command line ppp auth chap. CHAP is an authentication protocol that validates receipt of packets and ensures they are reassembled correctly upon receipt at a corporate network.
The following example shows code that specifies the home gateway as the next hop to another home gateway as shown in Figure 2:
vpdn incoming isp hp-gw virtual-template 1 vpdn outgoing hp.com hp-gw ip 1.1.1.4
This section documents the new vpdn multihop command.
To enable Multihop VPDN, use the vpdn multihop interface configuration command.
vpdn multihopThis command has no arguments or keywords.
Multihop is not enabled
Global configuration
This command first appeared in Cisco IOS Release 11.3(5)T.
Before using the vpdn multihop command, refer to the Dial Solutions Configuration Guide to learn more about Multilink PPP and Multichassis Multilink PPP.
The following example enables Multihop VPDN:
vpdn multihop
For more information, see sections on Multilink PPP and Multichassis Multilink PPP in the Dial Solutions Configuration Guide.
Posted: Tue Feb 23 15:46:14 PST 1999
Copyright 1989-1999©Cisco Systems Inc.