[cisco-bba] Single L2TP VPDN group and static IP's

Mark Tohill Mark at u.tv
Fri Dec 1 07:27:13 EST 2006


OB: Well, how did you plan on measuring the bandwidth of the users? Do
you need to do this invidually or one aggregate for the whole user
"group"?

>> Oliver, just figures for that group of users, no individual stats
needed.

OB: If you need an aggregate figure, you need to use two tunnels and you
can watch the packet/byte counters in the "show vpdn tunnel .." output
(I think this is also available via SNMP, not sure). In order to create
two tunnels, you need support from the LAC who is responsible to build
the tunnels, i.e. they need to use different tunnel names, and you
terminate each in a different vpdn-group.

>> Would that mean something like below? For the telco to do this, they
would require parameter to distinguish users on, eg. DNIS? Our users are
all within 2 or 3 realms, the users we want spread over those. 


vpdn-group 1
 description VPDN-GROUP-1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC-VPDN-1
 source-ip aaa.bbb.ccc.ddd
 lcp renegotiation on-mismatch
 l2tp tunnel password VPDN1-PW
!

vpdn-group 2
 description VPDN-GROUP-2
 accept-dialin
  protocol l2tp
  virtual-template 1(or 2)
 terminate-from hostname LAC-VPDN-1
 source-ip aaa.bbb.ccc.ddd(+1)
 lcp renegotiation on-mismatch
 l2tp tunnel password VPDN2-PW
!

OB:Either way is not a trivial task, I guess.. AAA accounting is
probably the easiest as it saves you all the interface/user
correlation..

>> We do have start/stop Radius records for users, may be able to trawl
thru those based on distinct gateways/subnets given to those users.

Thanks for reply,
Mark

-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: 01 December 2006 11:56
To: Mark Tohill; cisco-bba at puck.nether.net
Subject: RE: [cisco-bba] Single L2TP VPDN group and static IP's

cisco-bba-bounces at puck.nether.net <> wrote on Friday, December 01, 2006
11:58 AM:

> Hi,
> 
> We have an LNS terminating L2TP tunnels on a single VPDN group and 
> Virtaul template as below:
> 
> All our users are authenticated via RADIUS, some just use the dynamic 
> pool configured on the LNS while others have static /32's. /29's etc. 
> configured on RADIUS.
> 
> Is there a way of isolating a subset of static users on particualr 
> subnets and move them to a different VPDN Group/virtual template, with

> a view to measuring bandwidth for those particular static users?

Well, how did you plan on measuring the bandwidth of the users? Do you
need to do this invidually or one aggregate for the whole user "group"?
If you need to do it individually, you can just poll the virtual-access
interfaces (bearing in mind that they change when users log in and out,
so you need to do some sophisticated correlation). Another option could
be the use of AAA accounting data (which also shows input/output bytes),
possibly along with periodic AAA accounting so you'll get an accounting
update every 5 minutes or so and can feed in this information into
MRTG/RRD (could be challening as the acct update interval can be
jittered).

If you need an aggregate figure, you need to use two tunnels and you can
watch the packet/byte counters in the "show vpdn tunnel .." output (I
think this is also available via SNMP, not sure). In order to create two
tunnels, you need support from the LAC who is responsible to build the
tunnels, i.e. they need to use different tunnel names, and you terminate
each in a different vpdn-group.

There is no aggregate data per virtual-template, so you might actually
use the same vtemplate in each of the two groups.

Either way is not a trivial task, I guess.. AAA accounting is probably
the easiest as it saves you all the interface/user correlation..

	oli



More information about the cisco-bba mailing list