Internet-Drafts | 3 Mar 00:50 2006

I-D ACTION:draft-ietf-l2tpext-l2vpn-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Layer Two Tunneling Protocol Extensions Working Group of the IETF.

	Title		: L2VPN Extensions for L2TP
	Author(s)	: W. Luo
	Filename	: draft-ietf-l2tpext-l2vpn-07.txt
	Pages		: 15
	Date		: 2006-3-2
The Layer 2 Tunneling Protocol (L2TP) provides a standard method for
   setting up and managing L2TP sessions to tunnel a variety of L2
   protocols.  One of the reference models supported by L2TP describes
   the use of an L2TP session to connect two Layer 2 circuits attached
   to a pair of peering LACs, which is a basic form of Layer 2 Virtual
   Private Network (L2VPN).  This document defines the protocol
   extensions for L2TP to set up different types of L2VPN in a unified

A URL for this Internet-Draft is:

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> with the word unsubscribe in the body of the message.  
You can also visit 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-l2tpext-l2vpn-07.txt".
(Continue reading)

Ricky Charlet | 3 Mar 01:40 2006

seeking info on security model


  I am wondering about security in the l2tpext-l2vpn and/or pseudowires
world. I'm new here in l2tpext and have not really done my homework in
terms of searching the archives or documents. But perhaps some here
would be kind enough to get me pointed in the right directions...

  So my question is: which form of IPsec processing is anticipated to be
the fit with l2tpext-l2vpn... plain old IPsec or rfc3193 style dynamic
session establishment IPsec?

  In plain old IPsec, the administrators must know the IP addresses of
both peers to configure the policies. That seems likely to be true in
most l2vpn cases except perhaps for places where there is an intervening

  In rfc3193 style IPsec, the administrator need not know the IP address
of the peer to configure policy. This was intended for use with remote
access clients (typically behind NATs) making connections to a remote
access gateway.

  Have these options for securing l2tpext-l2vpn / pseudowires been
discussed here before?

Ricky Charlet
W: 408.754.1733
rcharlet <at>
--- _
   ( )  ASCII ribbon campaign 
(Continue reading)

Ignacio Goyret | 3 Mar 03:10 2006

Re: seeking info on security model

>  Have these options for securing l2tpext-l2vpn / pseudowires been
>discussed here before?

No, they haven't - at least not with respect to these details.

>  So my question is: which form of IPsec processing is anticipated to be
>the fit with l2tpext-l2vpn... plain old IPsec or rfc3193 style dynamic
>session establishment IPsec?

Whichever form your customers want. :-)
Carlos Pignataro | 6 Mar 19:32 2006

Re: WG Last Call for draft-ietf-l2tpext-pwe3-ethernet-05.txt

This LC ended with the comment from Stewart Bryant on missing congestion
avoidance procedures (per RFC3985 Section 6.5.) Authors, please update
and repost the draft incorporating a congestion considerations section.



Circa 2/15/2006 11:31 PM, Carlos Pignataro said the following:
> This is the start of the two week WG last call for the Ethernet over
> L2TPv3 specification [draft-ietf-l2tpext-pwe3-ethernet-05.txt].
> Please review and send comments to this list.
> Transport of Ethernet Frames over L2TPv3
> Last call will end Thursday, March 2, 2006.
> Thanks,


Escalation RTP - cisco Systems