The Layer 2 Forwarding (L2F) protocol is a media-independent technology developed at Cisco Systems. It’s a media-independent tunneling protocol that came to life at the first Virtual Private Networks development stages. It allows for VPNs to exist over a public network (such as the Internet) by turning data-link layer packets into web protocols like SLIP (Serial Line Internet Protocol) or PPP (Point-to-Point Protocol).
Servers can use L2F for things such as user authentication through dynamic address allocation, Remote Authentication Dial-In User Service (RADIUS), and Quality of Service (QoS). Cisco’s Internetwork operating system implements L2F in routers as well.
The tunneling approach to creating private networks is independent of the Internet Protocol (IP). Hence, the same technology can create secure tunnels in other network contexts like ATMs or Frame Relay.
The L2F protocol: How does it work?
Let’s take the PPP protocol. It connects a dial-up client with the NAS (short form of network access server) when it receives the call using Layer 2 Forwarding (L2F).
Client-triggered PPP connections get terminated at a PPP service vendor’s NAS (Network Access Server) — this is typically an ISP (Internet Service Provider). L2F enables the client to connect beyond the Network Access Server to a remote node. That mechanism allows the client to act as if it was directly connected to that remote node instead of connecting to the NAS. Within the L2F world, the NAS only has one job: to exchange forward (Point-to-Point Protocol) frames from the client to the distant node. That remote node in Cisco Speak is known as the home gateway.