Re: GRE and L2TP

Stewart Bryant wrote:

> W. Mark Townsley wrote:
>
> > Rohit Gupta wrote:
> >
> > > Hi,
> > >
> > > What is it in L2TP that i cant do with a simple GRE tunneling when 
> > > implementing a remote access
> > > VPN for a mobile client to connect to the corporate network. In L2TP, 
> > > since it uses PPP
> > > end-to-end, the LNS is able to supply dynamic IP address using IPCP 
> > > to the remote client. LNS
> > > takes this IP address from a pool of IP addresses it has. If one were 
> > > to use GRE, then the same
> > > can be done by using some out-of-band mechanism (or even have a fixed 
> > > IP address which the mobile
> > > client is instructed to use). GRE will tunnel the data packet 
> > > originated from the mobile client,
> > > the inner IP header will have the ip addresses as assigned by the 
> > > corporate network. The outer IP
> > > header will contain the IP address of teh ISP and the gateway to 
> > > reach the corporate network.
> >
> >
> > GRE is an encapsulation. If you can manually provision or have some 
> > other "out of band" mechanism that does everything L2TP and PPP would 
> > otherwise do for you, then by all means use GRE - or IP in IP for that 
> > matter as your scenario with fixed IP addresses for all mobile clients 
> > (which I would think is a showstopper from the start) does not obviate 
> > the need for a GRE shim either.
> > L2TP is an encapsulation that allows multiplexing of multiple PPP 
> > sessions between two IP-connected endpoints, and a control protocol 
> > for dynamically establishing and maintaining the emulation of these 
> > PPP sessions. This is very different than GRE (though there are some 
> > ways to deploy L2TP between two routers to make it look like it is 
> > doing what GRE typically does in a bit more of a dynamic manner, 
> > though this is really a subset of L2TP's overall functionality).
> > Since you indicate that this is for a mobile environment, you might 
> > want to look at using Mobile IP.
> > > My whole point is that i want to know as to what is the burning need 
> > > to have L2TP!
> >
> >
> > This question probably has more to do with whether you need PPP. If 
> > you do, L2TP could work for you to transport that PPP session (or many 
> > PPP sessions) over an IP network. If not, I see no reason for you to 
> > be burning with need for L2TP!
> > - Mark
> Mark
>
> I think that the correct comparison in Rohit's case is not
> between L2TP and GRE, but between L2TPv3 and GRE. As we both
> know L2TPv3 is better suited to VPN apps than GRE because of
> its highly functional control plane, and mild security
> enhancements.
I was under the impression during this thread that Rohit was referring to L2TP 
as defined in RFC2661, not L2TPv3 (currently 
draft-ietf-l2tpext-l2tp-base-11.txt) which is certainly not so closely tied to PPP.
Thanks,

- Mark

> - Stewart
>
> > > Regards,
> > > Rohit
> > >
> > > P.S.
> > >
> > > Am not sure if this is indeed the right place to ask this question. 
> > > But since there will be a lot
> > > of experienced people on this list who would have worked on both 
> > > these protocols, replying to this
> > > one should be very easy.
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail - More reliable, more storage, less spam
> > > http://mail.yahoo.com