Ciscos, BGP, L2TPV3 pseudowires and loopback IPs

Jeff Saxe jsaxe at
Thu Nov 11 06:29:07 CST 2010

Agreed: We used to use L2TPv3 tunnels fairly often to provide nailed-up private VLAN services to clients when we could only procure a Layer 3 circuit from another provider. They're pretty simple to set up and work reliably, although you may need to maintain both ends of the L2TPv3 at approximately matching IOS versions... at one point we had a perfectly working customer, then I upgraded a router at one end of the tunnel, and they suddenly had major, unexplainable packet loss all through the day. After I upgraded the other end, it returned to working fine.

But yeah, you don't really need a loopback. We routinely terminated the tunnels on the WAN address closest to the Internet. I think the only time I had to introduce a loopback was when one router was a tunnel terminator for two far-end locations, and when I tried to configure the second peer it complained at me. Also one time I wanted to have two parallel tunnels between the same source and destination routers (which is perfectly fine, because it has a tunnel discriminator number that keeps the two customers' traffic separate), except I also wanted to do some fancy QoS prioritization on one of them. By the time the traffic hits the WAN interface, the tunnel discriminator is buried too far down in the packet to use any "match" statements in the QoS, so I made one of the tunnels have a separate L2TPv3 endpoint on each router, and then I could just match on destination IP address.

But that was a weird edge case. Most of the time we just used the outside Internet address, either T1 or Ethernet. Email me back privately if you want me to dig up the configs out of our CatTools archive.

-- Jeff Saxe
Blue Ridge InternetWorks
Charlottesville, VA

From: David Freedman [david.freedman at]
Sent: Wednesday, November 10, 2010 1:22 PM
To: nanog at
Subject: Re: Ciscos, BGP, L2TPV3 pseudowires and loopback IPs

> We will need to set up a L2TPV3 tunnel to their old location (single
> homed, no BGP on that side).  Upon initial reading of Cisco docs to do
> this, we will need a routable IP on a loopback interface for starters.

I'm pretty sure this is just a recommendation based on good practise
(routeability to endpoints), I'm sure since you are not multihomed you
can just use "ip local interface WAN1" and be done with it, I seem to
remember doing something similar in an l2tpv3 pw class and it working.

> Using one from the /24 LAN is out unless we subnet it, which we don't
> want to do.
> So the question is, can I just "move" the PTP IP address x.x.129.174
> from the WAN interface to the loopback like this?
>  interface Loopback0
>   ip address x.x.129.174  (that's the mask we're using on
>             the WAN- Cisco's loopback examples show .255)
>  interface WAN1 (actually a gigether)
>   ip unnumbered loopback0  (or no ip addr?)
>  neighbor x.x.128.173 update-source Loopback0

No, if you were to do this you should get a new transfer network, you
can't have the same address on two interfaces (and in fact, you should
really be stealing an address from your internal /24 which doesn't
require any re-subnetting (if you are happy for this address to be
unreachable) and it should have a /32 mask...


David Freedman
Group Network Engineering
Claranet Group

More information about the NANOG mailing list