[cisco-bba] VPDN session stuck in wiccn state ?

Andy Saykao andy.saykao at staff.netspace.net.au
Wed May 20 20:43:10 EDT 2009 

For those interested, Cisco has been able to replicate and come up with
a fix for this issue.
 
When you do a 'sh vpdn tunnel all' on the ASR, you see this in the
tunnel output:

'Control channel Congestion Control is enabled'

On the 7201/7301 platform (which doesn't have the problem), you see:

'Control channel Congestion Control is disabled'

It's enabled by default on the ASR and Cisco believe this is causing the
issue.
 
To disable congestion control:
 
"no l2tp congestion-control"
 
Looks good so far...
 
--

Regards,
 
Andy Saykao
Systems Administrator
Netspace Online Systems Pty Ltd
Phone : 03 9811 0049
Mobile : 0401 422 406
Fax     : 03 9811 0044
E-Mail : andy.saykao at staff.netspace.net.au
<mailto:andy.saykao at staff.netspace.net.au> 
 
----
 
 Hi Andy, 
I think you need to configure lcp reneg always and clear the tunnel. 
Even if this doesnt work, try setting ppp mrru in the template. 
And even if this doesnt work raise case as suggested by Tony :) 

Thanks 
Raghu 
SAVE TREES..GO GREEN 

On Fri, Mar 27, 2009 at 5:24 AM, Andy Saykao < 
andy.saykao[at]staff.netspace.net.au> wrote: 

> Hi Raghu, 
> 
> Yes we are using lcp renegotiation in the VPDN config (see below). 
> 
> vpdn-group <Provider_Name> 
> accept-dialin 
> protocol l2tp 
> virtual-template 2 
> terminate-from hostname <Provider_Name> 
> source-ip 203.17.x.x 
> lcp renegotiation on-mismatch 
> l2tp tunnel password <password> 
> l2tp tunnel receive-window 100 
> l2tp tunnel retransmit timeout min 2 
> This is the same VPDN config we use for a few other Providers which we

> aren't seeing the same problem with. 
> 
> -- 
> 
> Regards, 
> 
> Andy Saykao 
> Systems Administrator 
> Netspace Online Systems Pty Ltd 
> Phone : 03 9811 0049 
> Mobile : 0401 422 406 
> Fax : 03 9811 0044 
> E-Mail : andy.saykao[at]staff.netspace.net.au 
> 
> 
> ------------------------------ 
> *From:* raghuram chary [mailto:raghujindia[at]gmail.com] 
> *Sent:* Thursday, 26 March 2009 8:05 PM 
> *To:* Andy Saykao 
> *Cc:* cisco-bba[at]puck.nether.net; Tony 
> *Subject:* Re: [cisco-bba] VPDN session stuck in wiccn state ? 
> 
> Hi Andy, 
> WICCN is a WAIT ICCN state ,its one of the state in l2tp negotiations.

> Have you tried configuring lcp renegotiation ? 
> Which router are you using? 
> As you have shifted to more power LNS,I believe there is a
configuration 
> problem. 
> 
> Thanks 
> Raghu 
> SAVE TREES..GO GREEN 
> 
> On Thu, Mar 26, 2009 at 7:13 AM, Tony <td_miles[at]yahoo.com> wrote: 
> 
>> 
>> No problems, althought I don't think I actually helped any. 
>> 
>> I'd appreciate if you could let us (list) know what the solution is
when 
>> you get it sorted. 
>> 
>> 
>> Thanks, 
>> Tony. 
>> 
>> 
>> --- On Thu, 26/3/09, Andy Saykao
<andy.saykao[at]staff.netspace.net.au> 
>> wrote: 
>> 
>> > From: Andy Saykao <andy.saykao[at]staff.netspace.net.au> 
>> > Subject: RE: [cisco-bba] VPDN session stuck in wiccn state ? 
>> > To: "Tony" <td_miles[at]yahoo.com>, cisco-bba[at]puck.nether.net 
>> > Date: Thursday, 26 March, 2009, 12:24 PM 
>> > Much appreciate your help Tony. 
>> > 
>> > Not sure if it's from all their LAC's or a subset, but will 
>> > keep this in 
>> > mind. 
>> > 
>> > Thanks. 
>> > 
>> > 
>> > -- 
>> > 
>> > Regards, 
>> > 
>> > Andy Saykao 
>> > Systems Administrator 
>> > Netspace Online Systems Pty Ltd 
>> > Phone : 03 9811 0049 
>> > Mobile : 0401 422 406 
>> > Fax : 03 9811 0044 
>> > E-Mail : andy.saykao[at]staff.netspace.net.au 
>> > 
>> > -----Original Message----- 
>> > From: Tony [mailto:td_miles[at]yahoo.com] 
>> > 
>> > Sent: Thursday, 26 March 2009 12:18 PM 
>> > To: cisco-bba[at]puck.nether.net; 
>> > Andy Saykao 
>> > Subject: RE: [cisco-bba] VPDN session stuck in wiccn state 
>> > ? 
>> > 
>> > 
>> > Hi Andy, 
>> > 
>> > I've pretty much out of ideas now then, sorry :( 
>> > 
>> > If you've opened a case with TAC, you may just have to wait 
>> > for them to 
>> > sort it out with you. I would press them to find out what 
>> > that state of 
>> > "wiccn" means.. If it's not a valid state, then it's coming 
>> > from within 
>> > the IOS code somewhere and they should be able to trace it 
>> > and find 
>> > where. Keep requesting escalations on your case until it 
>> > gets to someone 
>> > who knows/cares. 
>> > 
>> > You could try downgrading to a different IOS, unless you 
>> > definitely need 
>> > something in the special release you are using to make it 
>> > work. 
>> > 
>> > If it's only tunnels from one provider, is it from all of 
>> > their LAC, or 
>> > a subset of their LAC ? 
>> > 
>> > 
>> > regards, 
>> > Tony. 
>> > 
>> > 
>> > 
>> > --- On Thu, 26/3/09, Andy Saykao
<andy.saykao[at]staff.netspace.net.au> 
>> > wrote: 
>> > 
>> > > From: Andy Saykao <andy.saykao[at]staff.netspace.net.au> 
>> > > Subject: RE: [cisco-bba] VPDN session stuck in 
>> > wiccn state ? 
>> > > To: "Tony" <td_miles[at]yahoo.com>, 
>> > cisco-bba[at]puck.nether.net 
>> > > Date: Thursday, 26 March, 2009, 11:56 AM 
>> > > 
>> > > Hi Tony, 
>> > > 
>> > > Thank you for your reply. 
>> > > 
>> > > > One thing I can see from your output is that all 
>> > of 
>> > > the sessions with 
>> > > this state are on the same tunnel (TunID: 21116). Do 
>> > you have any 
>> > > other sessions that are working on this same tunnel ? 
>> > > 
>> > > Yes there are valid sessions on the tunnel. 
>> > > 
>> > > > Is it happening across all of your LNS, or just 
>> > one ? 
>> > > When you 
>> > > upgraded did you change IOS ? What IOS version are you 
>> > running ? Have 
>> > > you tried a different IOS ? Does a reboot fix the 
>> > problem ? 
>> > > 
>> > > It's happening across all of our LNS's. We've been 
>> > working extensively 
>> > 
>> > > with Cisco to get these LNS's up and running and using 
>> > a special 
>> > > engineering release from the 12.2(33) train. No, we 
>> > have not tried a 
>> > > different IOS given that we've been working with Cisco 
>> > on getting this 
>> > 
>> > > far already. 
>> > > 
>> > > A reboot fixes the problem temporarily but when we 
>> > arrive the next 
>> > > day, there's a whole bunch of sessions waiting for us 
>> > stuck in this 
>> > > "wiccn" 
>> > > state. 
>> > > 
>> > > > Did the LAC provider ("T" or "O" ?) have to 
>> > change 
>> > > anything on their 
>> > > > end as part of the changes ? They will always say 
>> > that 
>> > > everything is 
>> > > > ok, doesn't mean it is :) 
>> > > 
>> > > We terminate a few tunnels from a variety of Service 
>> > Providers on 
>> > > these LNS's and are currently only having issues with 
>> > one provider 
>> > > where we encounter this problem. 
>> > > 
>> > > Cheers. 
>> > > 
>> > > Andy 
>> > > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> >
______________________________________________________________________ 
>> > This email has been scanned by the MessageLabs Email 
>> > Security System. 
>> > For more information please visit http://www.messagelabs.com/email
<http://www.messagelabs.com/email>  
>> >
______________________________________________________________________ 
>> > 
>> > This email and any files transmitted with it are 
>> > confidential and intended 
>> > solely for the use of the individual or entity to whom 
>> > they are addressed. 
>> > Please notify the sender immediately by email if you have 
>> > received this 
>> > email by mistake and delete this email from your system. 
>> > Please note that 
>> > any views or opinions presented in this email are solely 
>> > those of the 
>> > author and do not necessarily represent those of the 
>> > organisation. 
>> > Finally, the recipient should check this email and any 
>> > attachments for 
>> > the presence of viruses. The organisation accepts no 
>> > liability for any 
>> > damage caused by any virus transmitted by this email. 
>> > 
>> > 
>> 
>> 
>> 
>> _______________________________________________ 
>> cisco-bba mailing list 
>> cisco-bba[at]puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-bba
<https://puck.nether.net/mailman/listinfo/cisco-bba>  
>> 
> 
> 
> 
> -- 
> Thanks 
> Raghu 
> 
> ______________________________________________________________________

> This email has been scanned by the MessageLabs Email Security System. 
> For more information please visit http://www.messagelabs.com/email
<http://www.messagelabs.com/email>  
> ______________________________________________________________________

> 
> This email and any files transmitted with it are confidential and
intended 
> solely for the use of the individual or entity to whom they are
addressed. 
> Please notify the sender immediately by email if you have received
this 
> email by mistake and delete this email from your system. Please note
that 
> any views or opinions presented in this email are solely those of the
author 
> and do not necessarily represent those of the organisation. Finally,
the 
> recipient should check this email and any attachments for the presence
of 
> viruses. The organisation accepts no liability for any damage caused
by any 
> virus transmitted by this email. 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20090521/b1adae5c/attachment-0001.html>

More information about the cisco-bba mailing list