[cisco-bba] LNS with 7200 with NPE-G1
Dennis Peng
dpeng at cisco.com
Fri Oct 28 20:20:52 EDT 2005
Just to close on this issue on the alias, the high CPU in L2X Data
Daemon was resolved by removing the configuration "l2tp ip udp
checksum" and re-initiating the tunnels (necessary for the
configuration to take effect). Sending or receiving UDP checksums for
L2TP traffic will cause packets to be punted to process switching
where it is handled by the L2X Data Daemon process.
Dennis
Dennis Peng [dpeng at cisco.com] wrote:
> L2X Data Daemon would indicate that stuff is getting process
> switched. Separate vpdn-groups won't help in this case. What do your
> RADIUS profiles look like? RADIUS can pass down configurations which
> can cause problems (like Framed-Compression). Can you do a "show
> derived-config interface Virtual-Access X"?
>
> Dennis
>
> Christian Schmit [cschmit at vo.lu] wrote:
> >
> > Current IP traffic is as follows:
> >
> > 5 minute input rate 29094000 bits/sec, 6718 packets/sec
> > 5 minute output rate 29254000 bits/sec, 6702 packets/sec
> >
> > I noticed that in and out traffic are nearly the same
> > which is not what I expected for ADSL connections where
> > the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.
> >
> > Regarding the CPU the "L2X Data Daemon" uses most. No other
> > process shown any significant CPU usage.
> >
> > sh proc cpu:
> > ------------
> > CPU utilization for five seconds: 13%/9%; one minute: 12%; five minutes: 12%
> > .
> > .
> > 14 4.55% 3.93% 3.96% 0 L2X Data Daemon
> >
> >
> > Regarding the L2TP setup I terminated the 4 LAC devices
> > from the telco in "vpdn-group 1". Would creating a
> > separate vpdn-group for each LAC be of any benefit?
> >
> > Currently I have:
> >
> > 7206VXR#sh vpdn tunnel
> >
> > L2TP Tunnel Information Total tunnels 4 sessions 207
> > LocID RemID Remote Name State Remote Address Port Sessions VPDN Group
> > 2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
> > 55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
> > 29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
> > 18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
> > %No active L2F tunnels
> > %No active PPTP tunnels
> >
> >
> > Is there an IOS image supporting MPF that can be recommended in
> > a production environment for an LNS?
> >
> > Christian
> >
> >
> > DP> Your config is very basic, I don't see anything that would cause
> > DP> process switching or something detrimental to the CPU. How much
> > DP> traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
> > DP> sessions is a control-plane limitation, but if you have broadband
> > DP> traffic, you'll hit the data-plane limit much faster (16k is really
> > DP> for narrowband). MPF can greatly help improve data-plane performance.
> >
> > DP> Dennis
> >
> > DP> Christian Schmit [cschmit at vo.lu] wrote:
> > >>
> > >> We are currently running a test setup using a 7200/G1
> > >> device as LNS. The telco operates as LAC Juniper ERX
> > >> devices.
> > >>
> > >> Everything is working as expected but the CPU load
> > >> on the G1 is quite high. Having around 200 PPP sessions
> > >> on the LNS the CPU load is already at 11%. In other
> > >> words this would mean that around 2000 users would put
> > >> the box to 100% CPU usage which is very far away from
> > >> the advertised 16 000 broadband sessions for the G1.
> > >>
> > >> Running IP-Plus 12.3(16).
> > >>
> > >> Do I have a CPU killer in my config?
> > >>
> > >> Christian
> > >>
> > >>
> > >> My config:
> > >> -----------
> > >> version 12.3
> > >> service timestamps debug datetime msec
> > >> service timestamps log datetime msec
> > >> service password-encryption
> > >> no service dhcp
> > >> !
> > >> hostname LNS
> > >> !
> > >> boot-start-marker
> > >> boot-end-marker
> > >> !
> > >> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> clock timezone GMT 1
> > >> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> > >> aaa new-model
> > >> !
> > >> !
> > >> aaa authentication login default enable
> > >> aaa authentication ppp default group radius
> > >> aaa authorization network default group radius
> > >> aaa accounting delay-start
> > >> aaa accounting update periodic 240
> > >> aaa accounting network default start-stop group radius
> > >> aaa session-id common
> > >> ip subnet-zero
> > >> no ip source-route
> > >> !
> > >> !
> > >> ip cef
> > >> no ip domain lookup
> > >> ip name-server xxxxxxxxxxxx
> > >> ip name-server xxxxxxxxxxxx
> > >> !
> > >> vpdn enable
> > >> vpdn ip udp ignore checksum
> > >> !
> > >> vpdn-group 1
> > >> accept-dialin
> > >> protocol l2tp
> > >> virtual-template 1
> > >> terminate-from hostname LAC
> > >> lcp renegotiation on-mismatch
> > >> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> interface Loopback0
> > >> ip address xxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> interface Loopback1
> > >> ip address xxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> interface GigabitEthernet0/1
> > >> description Connection to Vlan 13
> > >> ip address xxxxxxxxxxxxxxxxxxxx
> > >> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> > >> duplex full
> > >> speed 1000
> > >> media-type rj45
> > >> no negotiation auto
> > >> !
> > >> interface GigabitEthernet0/2
> > >> no ip address
> > >> shutdown
> > >> duplex auto
> > >> speed auto
> > >> media-type rj45
> > >> negotiation auto
> > >> !
> > >> interface GigabitEthernet0/3
> > >> no ip address
> > >> shutdown
> > >> duplex auto
> > >> speed auto
> > >> media-type rj45
> > >> negotiation auto
> > >> !
> > >> interface Virtual-Template1
> > >> ip unnumbered Loopback1
> > >> ip tcp adjust-mss 1420
> > >> ip mroute-cache
> > >> peer default ip address pool VODSL
> > >> ppp mtu adaptive
> > >> ppp authentication pap chap
> > >> !
> > >> router ospf 101
> > >> log-adjacency-changes
> > >> area 0 authentication message-digest
> > >> summary-address xxxxxxxxxxxxxxxxxxxx
> > >> summary-address xxxxxxxxxxxxxxxxxxxxx
> > >> redistribute connected subnets
> > >> redistribute static subnets
> > >> passive-interface Virtual-Template1
> > >> network xxxxxxxxxxxxxxxxxxx area 0
> > >> network xxxxxxxxxxxxxxxxxxx area 0
> > >> !
> > >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> > >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> > >> ip classless
> > >> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
> > >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> > >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> > >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> > >> no ip http server
> > >> !
> > >> !
> > >> access-list 1 permit xxxxxxxxxxxxxxxxx
> > >> access-list 1 deny any
> > >> access-list 50 permit xxxxxxxxxxxxxxxx
> > >> access-list 50 deny any
> > >> no cdp run
> > >> !
> > >> snmp-server community xxxxxxxxxxxxxxxxx RW 1
> > >> !
> > >> radius-server attribute nas-port format d
> > >> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
> > >>
> > >> radius-server domain-stripping
> > >> radius-server unique-ident 3
> > >> radius-server vsa send accounting
> > >> !
> > >> !
> > >> gatekeeper
> > >> shutdown
> > >> !
> > >> line con 0
> > >> stopbits 1
> > >> line aux 0
> > >> stopbits 1
> > >> line vty 0 4
> > >> access-class 50 in
> > >> !
> > >> ntp clock-period 17180061
> > >> ntp server xxxxxxxxxxxx
> > >> ntp server xxxxxxxxxxxx
> > >> !
> > >> end
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> cisco-bba mailing list
> > >> cisco-bba at puck.nether.net
> > >> https://puck.nether.net/mailman/listinfo/cisco-bba
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list