Excessive L2TP Traffic

Unanswered Question
Mar 14th, 2008


We have a standard L2TP LNS configuration using Cisco's VPDN. Although everything is working, there's an issue that we've noted - UDP traffic on port 1701 between LAC and LNS is huge.

Compared to bandwidth consumed by users (cumulative tx/rx rate on virtual-access), this UDP traffic is almost equal - it doubles link consumption?! Is this normal, or we're missing something?

Any feedback would be appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
htarra Thu, 03/20/2008 - 14:32

The solution for this would be setting Traffic Rule that will bypass all

IP traffic between the LAC and LNS IPs,

Since the SCE set to skip L2TP traffic it will attempt to skip the L2TP

layer based on UDP port (defult is 1701) so for 1st fragment packets the

UDP port information is there and therefore those 1st fragments will not

hit that Traffic Rule since the SCE will skip the L2TP layer and will

treat internal packet only, for the non-first fragments, the SCE will

not identify the packet as L2TP and will therefore consider the external

L3 as a regular packet, this packets will have the LAC and LNS IPs and

therefore will hit that Traffic Rule and will be bypassed.


markopastric Sun, 03/23/2008 - 09:17


Thanks for the input!

One thing, are you implying that we should implement this rule based filtering on the LAC side that will DROP all UDP/1701 traffic AFTER the 1st segment passes thru?

Also, by SCE you're considering Cisco's Service Control Engine (http://www.cisco.com/en/US/products/ps6151/)? I'm almost sure that our telco (which owns the LAC's) does not have anything similar, so we can ask for solution that is close to either Policy Based Routing or standard ACLs.




This Discussion