[cisco-bba] LNS with 7200 with NPE-G1
Christian Schmit
cschmit at vo.lu
Wed Oct 19 05:03:12 EDT 2005
> L2X Data Daemon would indicate that stuff is getting process
> switched. Separate vpdn-groups won't help in this case. What do your
> RADIUS profiles look like? RADIUS can pass down configurations which
> can cause problems (like Framed-Compression). Can you do a "show
> derived-config interface Virtual-Access X"?
We set the following attributes in radius for DSL accounts:
Framed-Protocol = PPP
User-Service-Type = Framed-User
Framed-Routing = none
Port-Limit = 2
Framed-Netmask = 255.255.255.255
7206VXRL#sh derived-config interface virtual-access 2.3
Building configuration...
Derived configuration : 197 bytes
!
interface Virtual-Access2.3
ip unnumbered Loopback1
ip mtu 1460
ip tcp adjust-mss 1420
ip mroute-cache
peer default ip address pool VODSL
ppp mtu adaptive
ppp authentication pap chap
end
Christian
> Christian Schmit [cschmit at vo.lu] wrote:
>>
>> Current IP traffic is as follows:
>>
>> 5 minute input rate 29094000 bits/sec, 6718 packets/sec
>> 5 minute output rate 29254000 bits/sec, 6702 packets/sec
>>
>> I noticed that in and out traffic are nearly the same
>> which is not what I expected for ADSL connections where
>> the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.
>>
>> Regarding the CPU the "L2X Data Daemon" uses most. No other
>> process shown any significant CPU usage.
>>
>> sh proc cpu:
>> ------------
>> CPU utilization for five seconds: 13%/9%; one minute: 12%; five minutes: 12%
>> .
>> .
>> 14 4.55% 3.93% 3.96% 0 L2X Data Daemon
>>
>>
>> Regarding the L2TP setup I terminated the 4 LAC devices
>> from the telco in "vpdn-group 1". Would creating a
>> separate vpdn-group for each LAC be of any benefit?
>>
>> Currently I have:
>>
>> 7206VXR#sh vpdn tunnel
>>
>> L2TP Tunnel Information Total tunnels 4 sessions 207
>> LocID RemID Remote Name State Remote Address Port Sessions VPDN Group
>> 2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
>> 55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
>> 29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
>> 18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
>> %No active L2F tunnels
>> %No active PPTP tunnels
>>
>>
>> Is there an IOS image supporting MPF that can be recommended in
>> a production environment for an LNS?
>>
>> Christian
>>
>>
>> DP> Your config is very basic, I don't see anything that would cause
>> DP> process switching or something detrimental to the CPU. How much
>> DP> traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
>> DP> sessions is a control-plane limitation, but if you have broadband
>> DP> traffic, you'll hit the data-plane limit much faster (16k is really
>> DP> for narrowband). MPF can greatly help improve data-plane performance.
>>
>> DP> Dennis
>>
>> DP> Christian Schmit [cschmit at vo.lu] wrote:
>> >>
>> >> We are currently running a test setup using a 7200/G1
>> >> device as LNS. The telco operates as LAC Juniper ERX
>> >> devices.
>> >>
>> >> Everything is working as expected but the CPU load
>> >> on the G1 is quite high. Having around 200 PPP sessions
>> >> on the LNS the CPU load is already at 11%. In other
>> >> words this would mean that around 2000 users would put
>> >> the box to 100% CPU usage which is very far away from
>> >> the advertised 16 000 broadband sessions for the G1.
>> >>
>> >> Running IP-Plus 12.3(16).
>> >>
>> >> Do I have a CPU killer in my config?
>> >>
>> >> Christian
>> >>
>> >>
>> >> My config:
>> >> -----------
>> >> version 12.3
>> >> service timestamps debug datetime msec
>> >> service timestamps log datetime msec
>> >> service password-encryption
>> >> no service dhcp
>> >> !
>> >> hostname LNS
>> >> !
>> >> boot-start-marker
>> >> boot-end-marker
>> >> !
>> >> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> clock timezone GMT 1
>> >> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
>> >> aaa new-model
>> >> !
>> >> !
>> >> aaa authentication login default enable
>> >> aaa authentication ppp default group radius
>> >> aaa authorization network default group radius
>> >> aaa accounting delay-start
>> >> aaa accounting update periodic 240
>> >> aaa accounting network default start-stop group radius
>> >> aaa session-id common
>> >> ip subnet-zero
>> >> no ip source-route
>> >> !
>> >> !
>> >> ip cef
>> >> no ip domain lookup
>> >> ip name-server xxxxxxxxxxxx
>> >> ip name-server xxxxxxxxxxxx
>> >> !
>> >> vpdn enable
>> >> vpdn ip udp ignore checksum
>> >> !
>> >> vpdn-group 1
>> >> accept-dialin
>> >> protocol l2tp
>> >> virtual-template 1
>> >> terminate-from hostname LAC
>> >> lcp renegotiation on-mismatch
>> >> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> interface Loopback0
>> >> ip address xxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> interface Loopback1
>> >> ip address xxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> interface GigabitEthernet0/1
>> >> description Connection to Vlan 13
>> >> ip address xxxxxxxxxxxxxxxxxxxx
>> >> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
>> >> duplex full
>> >> speed 1000
>> >> media-type rj45
>> >> no negotiation auto
>> >> !
>> >> interface GigabitEthernet0/2
>> >> no ip address
>> >> shutdown
>> >> duplex auto
>> >> speed auto
>> >> media-type rj45
>> >> negotiation auto
>> >> !
>> >> interface GigabitEthernet0/3
>> >> no ip address
>> >> shutdown
>> >> duplex auto
>> >> speed auto
>> >> media-type rj45
>> >> negotiation auto
>> >> !
>> >> interface Virtual-Template1
>> >> ip unnumbered Loopback1
>> >> ip tcp adjust-mss 1420
>> >> ip mroute-cache
>> >> peer default ip address pool VODSL
>> >> ppp mtu adaptive
>> >> ppp authentication pap chap
>> >> !
>> >> router ospf 101
>> >> log-adjacency-changes
>> >> area 0 authentication message-digest
>> >> summary-address xxxxxxxxxxxxxxxxxxxx
>> >> summary-address xxxxxxxxxxxxxxxxxxxxx
>> >> redistribute connected subnets
>> >> redistribute static subnets
>> >> passive-interface Virtual-Template1
>> >> network xxxxxxxxxxxxxxxxxxx area 0
>> >> network xxxxxxxxxxxxxxxxxxx area 0
>> >> !
>> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>> >> ip classless
>> >> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
>> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> >> no ip http server
>> >> !
>> >> !
>> >> access-list 1 permit xxxxxxxxxxxxxxxxx
>> >> access-list 1 deny any
>> >> access-list 50 permit xxxxxxxxxxxxxxxx
>> >> access-list 50 deny any
>> >> no cdp run
>> >> !
>> >> snmp-server community xxxxxxxxxxxxxxxxx RW 1
>> >> !
>> >> radius-server attribute nas-port format d
>> >> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>> >>
>> >> radius-server domain-stripping
>> >> radius-server unique-ident 3
>> >> radius-server vsa send accounting
>> >> !
>> >> !
>> >> gatekeeper
>> >> shutdown
>> >> !
>> >> line con 0
>> >> stopbits 1
>> >> line aux 0
>> >> stopbits 1
>> >> line vty 0 4
>> >> access-class 50 in
>> >> !
>> >> ntp clock-period 17180061
>> >> ntp server xxxxxxxxxxxx
>> >> ntp server xxxxxxxxxxxx
>> >> !
>> >> end
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> cisco-bba mailing list
>> >> cisco-bba at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list