[cisco-bba] 7204vxr as LNS - provider is LAC

Nathan Downes nathandownes at hotmail.com
Wed Aug 19 16:13:46 EDT 2015


I may not be able to avoid doing it, as I read deeper in the meta data laws,
I may need to not only keep track of who has what IP in the CGNAT but all
the translations as well, I think the ASR can do this via NEL.  I have found
the less I touch things the better reliability is :)  

I was figuring if we got a request to say who from (CGNAT external)
connected to DST IP x.x.x.x at port y I could look it up in the netflow from
the LNS but I don't think that contains the translation part.  Might be
lucky and only one peron attempted to DST IP in that specific timeframe but
could be tricky if more did.

-----Original Message-----
From: Gary T. Giesen [mailto:ggiesen at giesen.me] On Behalf Of Gary T. Giesen
Sent: Wednesday, 19 August 2015 11:56 PM
To: 'Nathan Downes' <nathandownes at hotmail.com>
Subject: RE: [cisco-bba] 7204vxr as LNS - provider is LAC

If you have a G2 already, I would stick with it. It's still well-supported
with software, and will easily handle your session count.

Having everyone on one device can be nice, but in general I prefer different
devices for different roles. If a device goes down you lose everything on
that device, so the more you have on a single device, the more vulnerable
you can be. Also, it limits the impact of provisioning errors, as if you use
multiple devices you can limit the amount of changes to your core and
hopefully improve reliability.

Cheers,

GTG

> -----Original Message-----
> From: Nathan Downes [mailto:nathandownes at hotmail.com]
> Sent: August 19, 2015 4:29 AM
> To: 'Gary T. Giesen'
> Subject: RE: [cisco-bba] 7204vxr as LNS - provider is LAC
> 
> It has a G2 in it, only terminating about 200 sessions now, but 
> growing
each
> day.  Don't do anything fancy with attributes.  I guess as long as it
doesn't
> start smoking it won't matter.  Sessions range in speed from 25/5 to
> 100/40 so not sure of the mileage I will have.
> 
> I think I liked the idea of moving everything from 3 devices to 1!
> 
> Only being forced into upgrade because of new laws here requiring 2 
> years of retention, so need netflow on the core.  G2 already does 
> netflow for
the
> CGNAT and software we use to manage users/radius stores it.
> 
> -----Original Message-----
> From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf 
> Of Gary T. Giesen
> Sent: Wednesday, 19 August 2015 6:04 AM
> To: 'Mike' <mike-ciscobba at tiedyenetworks.com>; cisco- 
> bba at puck.nether.net
> Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> 
> Take a look at this doc as well:
> 
> http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/gui
> d
> e/cha
> ssis/asrswcfg/scaling.html#pgfId-1125595
> 
> > -----Original Message-----
> > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf 
> > Of Gary T. Giesen
> > Sent: August 18, 2015 4:01 PM
> > To: 'Mike'; cisco-bba at puck.nether.net
> > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> >
> > Nothing I wasn't able to work around in the end.
> >
> > Framed-Compression, and qos pre-classify come to mind (qos 
> > pre-classify is not needed anyways). We had both enabled 
> > (Framed-Compression in RADIUS users file, qos pre-classify on the
> > Virtual-Template) and drove me nuts till I figured out what it was.
> > There
> may be others.
> >
> > > -----Original Message-----
> > > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On 
> > > Behalf Of Mike
> > > Sent: August 18, 2015 2:51 PM
> > > To: cisco-bba at puck.nether.net
> > > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> > >
> > >
> > > On 8/18/15, 8:06 AM, Gary T. Giesen wrote:
> > > > What kind of NPE in the 7204? I've used 7206 NPE-G1's and they 
> > > > work
> > fairly
> > > well at small scale (less than 1000 subs), the G2 is better as it 
> > > supports
> > more
> > > features (particularly things like QoS).
> > > >
> > > > ASR1k's are great LNS boxes, just have to be careful when 
> > > > migrating from
> > > 7200's to ASRs as they are a lot more strict about what RADIUS 
> > > attributes
> > you
> > > can use and may cause you lots of frustration trying to figure it out.
> > > In particular they don't support full Virtual-Access interfaces 
> > > (only
> > > sub-
> > > interfaces) so any attribute that requires a full Virtual-Access 
> > > interface
> > will
> > > not work.
> > > >
> > > > GTG
> > > >
> > > This is the situation I have too - a 7201 terminating pppoe 
> > > subscribers
> > > - about 1100 - and am now migrating to an Asr1000. What features 
> > > exactly cause the requirement for full virtual-access interface? I 
> > > know my ASR has the horsepower to do the job but it's got more 
> > > features and things I plan
> > on
> > > experimenting with in the future, including making much more 
> > > extensive use of the QoS features per-subscriber which is somthing 
> > > I am not doing today
> > on
> > > the 7201.
> > >
> > > Mike-
> > > _______________________________________________
> > > cisco-bba mailing list
> > > cisco-bba at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba



More information about the cisco-bba mailing list