[cisco-bba] LNS issues on a 7301

Clayton Zekelman clayton at mnsi.net
Fri Dec 3 04:01:35 EST 2004 


It may have indirectly been MTU issues.

Somewhere along the way, IOS started treating the RADIUS Framed-Compression=Van-Jacobsen-TCP-IP attribute differently.

Users who had that attribute set in the RADIUS users file were failing.  Everyone without it (our DEFAULT entry) was fine. It was one of those things we always set during the dialup days, and it never appeared to cause a problem on DSL until we went to 12.3(11)T.

I suspect that somehow when the TCP/IP header was decompressed with VJ, it grew larger and broke things due to the PPPoE packet size limitations.  

Either way:
12.3(9) - VJ "on" causes no problems.
12.3(11)T - VJ "on" breaks things.

I'd rather avoid using ip tcp adjust-mss.  From what I remember in earlier releases, it blocked creation of Virtual-Access Subinterfaces, and caused some performance hits.  I don't know if this is still true. Since my L2TP tunnels come in on an ATM interface, I don't hit the maximum L2TP packet size over Ethernet issue.

I opened a TAC case, but the front line guy is still stuck on having me make sure I have "enable vpdn" turned on (despite the fact that the syntax is "vpdn enable" - which of course I must have on to even be able to encounter this problem...<sigh>).

I'll send him what I found in the morning.


----- Original Message ---------------

Subject: RE: [cisco-bba] LNS issues on a 7301
   From: "Arie Vayner" <ariev at netvision.net.il>
   Date: Fri, 3 Dec 2004 10:17:00 +0200
     To: "Clayton Zekelman" <clayton at MNSi.Net>,
          <cisco-bba at puck.nether.net>

>You may be hitting some MTU issues?
>Try using tcp mss-adjust 
>
>Arie
>
>-----Original Message-----
>From: cisco-bba-bounces at puck.nether.net
>[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Clayton Zekelman
>Sent: Thursday, December 02, 2004 5:19 PM
>To: cisco-bba at puck.nether.net
>Subject: [cisco-bba] LNS issues on a 7301
>
>
>
>We just purchased a new 7301 running 12.3(11)T as an LNS.
>
>Customers are coming in via L2TP tunnels from a Juniper ERX-1400 on an
>ATM OC3c interface.
>
>We just cut over from a 6400 NRP-1 running 12.2(15)T1, and now some
>customers who terminate in PTA's are having connectivity issues.  These
>customers were also working fine on a 6400 NRP-1 running 12.3(9) a few
>weeks back.
>
>Currently, it looks as if the customers we tunnel THROUGH the 7301 work
>just fine.  Customers terminating are reporting various issues.
>Interesting to note that we can ping most of the users from outside our
>network just fine.  The ones we can't ping I suspect have ping responses
>turned off on their CPE routers.
>
>As a quick fix, I'm tunneling the users through to another LNS.  Any
>suggestions?
>
>Here's our Virtual Template:
>
>interface Virtual-Template1
>  mtu 1492
>  ip unnumbered GigabitEthernet0/0
>  no logging event link-status
>  load-interval 30
>  peer default ip address pool dynamic1
>  ppp authentication pap ppp_local
>  ppp authorization ppp_local
>  ppp ipcp dns 216.8.137.204 216.8.137.203
>
>
>
>---
>Clayton Zekelman
>Managed Network Systems Inc. (MNSi)
>344-300 Tecumseh Rd. E.
>Windsor, Ontario
>N8X 5E8
>
>tel. 519-985-8410
>fax. 519-258-3009 
>
>_______________________________________________
>cisco-bba mailing list
>cisco-bba at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-bba
> 
>
>

More information about the cisco-bba mailing list