3G Over L2TP

Associate Member

3G Over L2TP Since 1998

Previously our partners only source of revenue was in the form of commission generated from the Mobile Networks offering their pre-built bundles, meaning the network operator took the lions share of the revenue and margin, more so when end level users under-utilised bundles.

With consumer usage profiles evolving at a faster pace than the bundles available from the mobile networks the aql solution empowers you to create your own bespoke bundles or pay-as-you-go, with or without minimum usage charges and variable contract durations giving you the flexibility to create your own mobile data bundles to suit a particular customer, usage profile or vertical market.

aql wholesale mobile broadband allows the partners to aggregate all 3G data usage over their total reseller-base, thus maximising profits and retaining ownership of the customer base. The aql APIs enable partners to connect, disconnect and monitor usage in real-time.

aql’s white-label solutions give you the ability to brand the sims with your logos and even create your own branded (personalised) Access Point Name (APN) which means you no longer need to introduce 3rd party brands into your customer base, thus retaining ownership and ensuring a stickier customer base plus drastically increase the value of your company / base.

Our global solution has a roaming agreement with all the UK Mobile Networks so the sim will search for the strongest available signal at that location and has the ability to seamlessly switch between alternative networks for scenarios where an ‘always on’ connectivity is required and more impor-tant than the most cost effective Routine.

Why Use aql’s 3G Over L2TP Offering?

aql wholesale mobile broadband uses the cellular 3G mobile networks as a simple cost effective way to get communication with remote devices which can be stationary or moving, below are some verticals the solution is being utilised for:

Broadband/ADSL Failover/Backup: By overlaying your IP on a Fixed IP, data sim partners can seamless failover to the 3G solution when connectivity fails and with low cost monthly sim rental and aggregated data models it’s a great residual income stream aswell as providing always on connectivity solution.

Where there is an existing ADSL/Broadband customer base, utilising the solution as a failover generates huge residual income as statistically only a small percentage of the base will need to connect that month and therefore only a fraction of the sims would incur actual data charges, generating a greater profit margin.

Temporary locations, ‘Business in a Box’ enables units to be deployed at short notice or in emer-gency for data connectivity, voice or WiFi.

Asset Management – the ability to track vehicles and cargo containers within the UK or Globally in real-time from the beginning to the end with the ability to monitor speed, temperature, humidity and other environmental factors.

Digital Signage – Utilising L2TP Fixed IP data sims in screens means they can be remotely moni-tored, managed and updated in real-time creating a powerful digital marketing signage solu-tions, ideal for retail, healthcare and many other verticals.

Healthcare – A combination of reduced costs and the overall endorsement of medicare devices within the NHS and private health sector utilising L2TP Fixed IP data Sims as a secure, low cost reli-able solution to monitor blood pressure, glucose levels or diabetes whilst provided real time data for medical staff based remotely.

Wireless Devices – Utilise L2TP Fixed IP Sims in POS Terminals, Vending machines, Parking Meters, EPDQ Terminals, Access controls within alarm management systems - all managed, monitored and controlled remotely which is ideal when fixed line connectivity is not practical or possible.

Smart Metering Solutions/Telemetry allow for the collection of data about energy consumption to reduce carbon footprint and minimise wastage and adhere to companies Green Policies.

Embedded Sims - When selling IT hardware by simply inserting a high security mobile connection, it will ensures residual income and stronger sales proposition, which differentiates against traditional hardware only providers, ideal for utility meter manufactures, security devices, laptops/ipads.

Lone Worker - With new legislation employers are increasingly aware of their legal duty to care for lone worker staff, and with fixed IP data secure sims available in Standard, Micro and Nano sims options it is an ideal solution for Lone worker devices and application that need to cater for “Man Down” scenarios.

Examples of Opportunities & Current Verticles

Technical Overview & Options

aql has designed, built and operates a transparent Layer 2 Tunnelling Protocol (L2TP) network interface into the H3G UK mobile network for 3G data services to enable partners to provide a virtual private network (VPN). Also a Global Roaming Solution which roams to 81 destinations with aggregated data usage plans across the whole partner customer base.

L2TP is an industry standard protocol used by many partners to manage their estate of Customer Premises Equipment (CPE) and other subscriber devices. Fixed IP data sim cards for Machine to Machine (M2M) solutions are designed to allow secure communications to your device over wire-less networks.

The advantages of an L2TP interface allows the partner control of the SIMs attributes such as the IP address, DNS servers and Gateway amongst others. IP addresses can be assigned from an ISPs existing range, creating the ideal seamless backup solution to existing services.

A prerequisite of interfacing with aql’s L2TP service is the ability to create an L2TP tunnel into aql’s core LNS infrastructure. This requires the partner to operate RADIUS and L2TP Network Server plat-forms in addition to normal IP routing infrastructure.

The partner would create a single L2TP tunnel between their infrastructure and aql’s infrastructure. As SIMs are activated on the 3G network, the partner receives an authentication request from aql via RADIUS. The ISP nominates their LNS as the endpoint and initiates the PPP session with their own defined IP address.

The partner has full control of authentication, IP assignment and routing. This allows applications such as DSL 3G fall-back with routed blocks of IPv4 and IPv6 address space.

Partners can easily provide closed user groups, virtual routing tables, and further L2TP handover to corporate users or other such services using their own LNS.

Options:

There are three configuration options that will provide our partners with different offerings.

• layer-3 (public Interconnect/Internet aql service);• layer-3 (private interconnect/Internet);• layer-2 (also known as L2TP).

Note: these configuration options currently only apply to aql data SIMs.

Technical Overview, Three Options Available With Pro’s & Con’s

Option 1 - Layer 3 (Using Public Interconnect / Internet aql Service)

• aql allocate and assign IP addresses to SIMs.• H3g terminates and manages the L2TP session.• Data from the device is sent to the internet via the aql NATting gateway.• The device is presented on the internet as a single internet-routable IP address. This is the external IP address of the NATting gateway. (aql have a NATting gateway hot fail-over pair. Therefore, should the primary gateway fail, the secondary gateway will continue the service and will present the data with a second internet-routable IP address.)• The device uses aql’s caching DNS servers.

Advantages:

• No partner equipment or infrastructure is required (excluding provisioning and billing).• Very little technical knowledge is required.• No technical management of the service is required.• Almost immediate activation and deployment.• A truly plug-and-play solution (similar to a standard 3G internet service).• A caching proxy service increases the speed of the web browsing experience.

Disadvantages:

• The partner has no control over IP address assignment.• All devices are presented on the internet as a single IP address on the internet (a many-to-one map-ping: all devices are presented on the internet with a single and shared IP address).• NATting at the internet gateway prevents the establishment of new inbound connections to devices (i.e. it is not possible to initiate a new connection to a device).• The partner has no control over the DNS servers used by the devices.

Option 2 - Layer 3 (Using Private Interconnect)

• Each SIM has two IP address in the reserved 10.0.0.0/8 range. aql allocate and assign IP addresses to SIMs within a range pre-agreed with the partner.• The IP addresses assigned to SIMs are static and unique (i.e. when assigned to a SIM they are not then assigned to any other SIMs).• Either of the two assigned IP addresses may be used by the SIM at any given time (at random, IP address assignment takes place when the session established and continues until the session is terminated).• The two assigned IP addresses are identical with the exception of the second octet. The second octet of the second IP address will be 10 greater than the first IP address, i.e. a SIM may be assigned IP addresses 10.1.2.3 and 10.11.2.3.• H3g terminates and manages the L2TP session.• The data passes from the device into the partner’s network via a private interconnect.• The data is presented with the reserved 10.0.0.0/8 IP address of the SIM (there is no NAT-ting between the device and the partner’s network) and is routed to the partner based on decisions made by aql’s routers (source IP address based policy routing, setting the next-hop per assigned IP address range).• The partner has complete control of the routing of the traffic, once it has entered their network via the private interconnect. This can then be routed as required, i.e. direct to the internet or onwards to private networks.• The device may use DNS servers provided by the partner.

Advantages:

• More simple than layer-2 with lower technical knowledge and infrastructure require-ments.• Data is delivered direct to the partner and does not traverse the internet.• Unfiltered two-way communications between the partner and the device.• No NAT prior to the delivery of the data to the partner.• Provides a private and secure enclave 3G mobile broadband network.• The partner may provide their devices with specific DNS server IP addresses (two DNS server IP addresses per private interconnect).• The partner can capture traffic before it is routed to the internet, which will support the deployment of value-added services.

Disadvantages:

• The partner has no control over IP address assignment, although they do know the two IP address range associated with the SIMs that will enter their network via the private inter-connect.• Each device has two IP address in the reserved 10.0.0.0/8 range and may use either of these IP addresses at any given time.• The partner must have a private interconnect with aql (at a suitable point-of presence) that can be connected into aql’s internal routers.• The partner must provide a gateway into their network from the private interconnect (i.e. a ‘next-hop’, which may be the VRRP IP address of a pair of routers).• The partner must have an infrastructure capable of receiving and routing the data.

• aql hand over the entire L2TP session to the partner (one session per MSISDN).• The partner terminates and manages the L2TP session.• The partner may assign any IP address to connecting devices using their own equipment.• The equipment typically required by a layer-2 partner would include a Layer-2 Network Server (LNS) with associated RADIUS server to manage L2TP tunnel attributes and IP address assignment (a database would also be required).• IP addresses assigned by the partner do not have to be pre-registered with aql and can be allocated dynamically and as required.• The partner has complete control of the routing between the device, their network and any onward connections.• The same IP address can be assigned to multiple devices. This is useful if a partner has two customers that require identical IP addresses (e.g. MPLS, business broadband back-up).• The partner controls DNS server IP address assignment.

Advantages:

• The premier 3G mobile broadband solution.• The partner controls all IP address assignment and routing, including DNS.• 1-to-1 static IP address mappings, including internet-routable IP addresses.• A device can be assigned a single IP address.• The same IP address can be assigned to multiple devices.• No Network Address Translation (NAT) prior to the delivery of the data to the partner.• Direct two-way communications between the partner and the device.

Disadvantages:

• The partner must have an infrastructure and equipment capable of terminating the L2TP sessions (LNS, RADIUS server, database), managing IP addresses and routing the data.• Resources required to develop, manage and configure the infrastructure and equip-ment.• A greater level of technical knowledge is required.

Option 3 - Layer 2 (L2TP)

Interconnect

The service requires a private peering interconnect to aql. This can be achieved by a number of means including:-

• In building cat5 handover at aql data centre(s). • Dedicated fibre install to any aql interconnect points. • Private VLAN interconnect over datahop • Private VLAN interconnect over IXLeeds

In all cases the interconnect must support 1600 MTU jumbo frames. Full meshed BGP is provided announcing prefixes necessary to contact aqls RADIUS and L2TP endpoints. The partner shall announce only globally routable public IP address space, providing prefixes necessary to allow aql to access RADIUS and L2TP handover to the partner. The same inter-connect can be used for voice services.

Demo/Test

For proof of concept, demonstration and initial testing it is possible to interconnect via the public interconnect. In such cases the partners should ensure an MRU is negotiated at PPP level of at most 1464 (for IPv4 L2TP handover) to avoid fragmentation of L2TP packets. As usual with a reduced MTU, it will be necessary for the ISP to also fix-up TCP MTU negotiation to avoid issues with many web sites and internet services that do no honour ICMP traffic correctly.

DC1 DC2 DC3

Salford

Telehouse East

Telehouse East

Telehouse East

Telehouse Metro

HEXResilient MPLS Core

aql POP

Direct Partner LinksInternet

National Network

Leeds Leeds Leeds

Other fields such as Acct-Session-Id, NAS-Identifier, NAS-IP-Address, NAS-IPv6-Address, NAS-Port may be included.

The partner shall response with either an Access-Reject to reject the connection, of an Access-Accept which must include at least Tunnel-Server-Endpoint.

All of the tunnel fields can use tags (0-31). Tag 0 (unused) is a default, so you could specify all attributes apart from Tunnel-Server-Endpoint and Tunnel-Preference as tag 0 but provide a list of Tunnel-Server- Endpoint with Tunnel-Preference if you have multiple LNSs. Please keep total response length under 1500 bytes.

You may include Framed-IP-Address, etc, if you wish (as some RADIUS servers expect to always send these). Additional attributes such as these are ignored if sent. Note: If you do not wish to use platform RADIUS you can provide a list of IP addresses for primary and fall-back L2TP handover instead.

Radius

Note: At present the platform RADIUS handover is not available but we hope to have this for launch. Until then a list of IP addresses for primary and fall-back L2TP handover must be provide to aql rather than a list of RADIUS servers.

The partner provides one or more RADIUS servers for the initial (platform) RADIUS request from aql for each new connection. The access request includes:-

Authentication

The main authentication method for a data SIM is the assigned MSISDN. This cannot be spoofed by the end user and is passed through on RADIUS and L2TP by aql from the mobile network.

ISPs may require and check user-name and password as provided by the mobile device. These are typically blank but most mobile devices so allow them to be set by some means.

ICRQ

ICCN

PPP

The initial PPP LCP and CHAP are handled by the mobile network and aql. Details sent in the L2TP ICCN. Your LNS should response with the CHAP response once connected and continue with IPCP and IPV6CP as required to complete the initial PPP negotiation.

Note that the mobile network handles much of the PPP negotiation by proxy as to mobile dongles communication to a PC. As a result PPP options available may be restricted. We recommend you negotiate simple IPCP and IPV6CP details only (IP addresses and DNS server addresses). The service is not PPP transparent end to end.

IP

Once PPP negotiation is established, you can pass packets both ways to the mobile de-vice. See limitations.

L2TP

Having received a RADIUS response, or by use of a static list of LNS addresses, aql will at-tempt to connect via L2TP to the partners LNS.

An L2TP tunnel is established using either the pre-agreed hostname and shared secret or details returned by platform RADIUS. Note that if your LNS rejects the tunnel connection, or fails to respond to the SCCRQ or a subsequent HELLO, then it will be black listed for 5 minutes allowing further connections to go to the fall-back LNSs.

Once the tunnel is established, a session is established for each connecting data SIM.

Options

You can opt for the Calling-Station-Id to be the MSISDN or ICCID. Default is ICCID.

You can opt that an otherwise blank user name is filled in with something (the ICCID) rather than send blank.

You can provide a shared secret, client hostname and up to three IP addresses for LNSs at present. We plan to do RADIUS proxy at some point in the future.

Limitations / Notes

At present only IPv4 traffic that has source (from mobile) or destination (to mobile) match-ing the IP negotiated by IPCP is possible. The limitation should be lifted in the future to allow any IPv4 once we have resolved the issue with the mobile network.

At present IPv6 cannot be passed, but this is being worked on.

As a mobile device we recommend a reasonably long time-out on LCP echos. The LCP response is faked in the mobile network. The LCP replies are faked in the network.

Regardsless of the username and password entered on the device, you will always receive this as the MSISDN and ‘password’. This is currently being investigated by H3G.

To proceed with your order / trial, please provide us the following information:

•For Option 1 – Layer 3 (Public Interconnect/Internet aql Service) Proof of Concept Trial

Technical Contact Name....................................................................................................................................................................Technical Contact Telephone.............................................................................................................................................................Technical Contact Email Address.......................................................................................................................................................aql manages the technical infrastructure.

Number of Trial H3G SIM(s) Required.................................................................................................................................................Number of Global Roaming L2TP SIM(s) Required............................................................................................................................Delivery Address for Trial Sims..............................................................................................................................................................

•For Option 2 – Layer 3 (Private Interconnect)

Technical Contact Name....................................................................................................................................................................Technical Contact Telephone.............................................................................................................................................................Technical Contact Email Address.......................................................................................................................................................

Layer 3 Next Hop IP and mask:

aql will handle the IP allocation to the SIM (based on a range or list of ranges agreed in advance) and will route that to your next hop. You must arrange for the reply traffic to be routed back to us.

Number of Trial H3G SIM(s) Required................................................................................................................................................Number of Roaming L2TP SIM(s) Required.......................................................................................................................................Delivery Address for Trial Sims.............................................................................................................................................................

•Two Peering Options

In order to relay the L2TP traffic to you in the most optimal way, you should arrange to peer with us so that you can use jumbo frames with an MTU of at least 1600.

Private Peering in Telehouse East (directly or via LINX PI) or DC3 Leeds

DC Name.............................................................................................................................................................................................Rack Reference..................................................................................................................................................................................Interconnect Details...........................................................................................................................................................................Peering Contact..................................................................................................................................................................................

Peering Networks

The following networks offer Jumbo Frames and we are available to peer on either:

IXLeedsDatahop

For Option 3 – L2TP

Technical Contact Name...................................................................................................................................................................Technical Contact Telephone............................................................................................................................................................Technical Contact Email Address......................................................................................................................................................Number of Trial H3G SIM(s) Required................................................................................................................................................Number of Global Roaming L2TP SIM(s) Required...........................................................................................................................Delivery Address for Trial Sims..............................................................................................................................................................

The IP(s) of your LNS(s) or Radius(s)

Hostname/Secret details for aql to Authenticate against

•Two Peering Options

In order to relay the L2TP traffic to you in the most optimal way, you should arrange to peer with us so that you can use jumbo frames with an MTU of at least 1600.

Option A – Private Peering in Telehouse East (directly or via LINX PI) or DC3 Leeds

DC Name............................................................................................................................................................................................Rack Reference.................................................................................................................................................................................Interconnect Details..........................................................................................................................................................................Peering Contact................................................................................................................................................................................

Option B – Peering Networks

The following networks offer Jumbo Frames and we are available to peer on either:

• IXLeeds• Datahop

Please specify:

aql LNS Details Our LNSs are within the 109.239.97.128/27 range. We can tunnel the traffic to up to 9 different LNS IPs (three levels of failover with three load-balanced IPs in each), or 3 RADIUS hosts equally loadbalanced. More information on the technical details of the connection including the parameters we pass are available in the attached boarding document.

To discuss your order, contact Paul Greaves on +44 (0) 777 44 52 008 or email paul.greaves@uk.aql.com.

11-15 Hunslet Road, Leeds, W. Yorks, LS10 1JQ

Contact Us

To discuss your order, contact Paul Greaves on +44 (0) 777 44 52 008 or email paul.greaves@uk.aql.com.