Deployment Checklist

This section may be useful to aid planning and deploying ProL2TP installations.

Prior to deploying ProL2TP, we recommended testing in a separate test network, using equipment that matches the actual equipment to be used in the deployed network as closely as possible. In particular it is important to test against third-party vendor equipment to catch any interoperability issues.

  1. Review tunnel parameter settings (tunnel and tunnel profile config blocks).

    Default values are suitable for most networks, but requirements may vary depending on third party equipment. L2TP control message retry and timeout parameters allow some tuning of link failure detection characteristics.

  2. Review session parameter settings (session, session profile, and pseudowire profile blocks).

    Session settings must match those expected by the peer. Check pseudowire_type, l2spec_type, cookie_length, and data_sequencing parameters. Use pseudowire profiles to define how the network interfaces of established L2TP sessions are to be configured.

  3. Review how L2TP connection events are indicated to external systems (e.g. billing, logging).

    Use L2TP session event scripts to communicate with external systems, or custom applications built using the ProL2TP SDK.

  4. Review how L2TP connection events are handled by third-party Linux applications.

    Several standard Linux applications (e.g. udev, quagga, snmpd) listen for system events indicating network state changes and may invoke unexpected actions. Check that any actions performed by any such applications are required for L2TP network interfaces.

  5. Check that L2TP peers can connect and establish sessions successfully.

    Use prol2tp and prol2tpwatch commands to display and validate information about L2TP connections.

  6. Check data paths.

    Check that data flows through the L2TP tunnel between the traffic source and sink. Validate the L2TP tunnel and session parameters (cookies, sequencing, timeouts etc) which will be used in the deployed network. If using IPsec, check that L2TP data packets are encrypted using a packet capture tool (e.g. wireshark).

    Check MTU settings and fragmentation. Ensure that large packets are correctly fragmented and reassembled over the L2TP network. Ideally test all valid frame sizes using a traffic generation tool.

  7. Check performance.

    Using a network traffic generator tool, generate traffic to stress the data path. The characteristics of this traffic will depend on the deployment scenario. Consider measuring data throughput and packet rates. Also test fragmentation and reassembly overheads, if appropriate.

    If possible, create as many L2TP tunnels and sessions in the test network as will be used in the deployed network. Check that tunnel and session setup rates meet requirements. Check CPU usage during stress tests. We recommend rerunning data path, fragmentation, performance and failure tests when many sessions are established. Fragmentation can significantly affect data throughput so should be avoided by tuning MTU parameters if possible.

  8. Check security.

    Check that unauthorized L2TP clients cannot connect. If using IPsec, check that L2TP control packets are encrypted using a packet capture tool (e.g. wireshark).

  9. Check failure scenarios.

    Check behaviour when the physical link between the L2TP client and server fails. Check that sessions are torn down and will reestablish when the link recovers. Tune L2TP control channel (tunnel) settings for desired behaviour. If using custom ProL2TP event scripts, check that they work as expected when L2TP tunnels and sessions are created and deleted or change state.

You are reading the manual of ProL2TP: enterprise class L2TP software for Linux systems

Learn more about ProL2TP and register for a free trial