[cisco-bba] 7204vxr as LNS - provider is LAC
Sarpreet Basi
sar at knowledgecomputers.net
Wed Aug 19 16:20:06 EDT 2015
I believe the CISCO7600 series can do that as well with a firewall service module or a NAM service module.
Sarpreet
-----Original Message-----
From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Nathan Downes
Sent: Wednesday, August 19, 2015 1:14 PM
To: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
I may not be able to avoid doing it, as I read deeper in the meta data laws, I may need to not only keep track of who has what IP in the CGNAT but all the translations as well, I think the ASR can do this via NEL. I have found the less I touch things the better reliability is :)
I was figuring if we got a request to say who from (CGNAT external) connected to DST IP x.x.x.x at port y I could look it up in the netflow from the LNS but I don't think that contains the translation part. Might be lucky and only one peron attempted to DST IP in that specific timeframe but could be tricky if more did.
-----Original Message-----
From: Gary T. Giesen [mailto:ggiesen at giesen.me] On Behalf Of Gary T. Giesen
Sent: Wednesday, 19 August 2015 11:56 PM
To: 'Nathan Downes' <nathandownes at hotmail.com>
Subject: RE: [cisco-bba] 7204vxr as LNS - provider is LAC
If you have a G2 already, I would stick with it. It's still well-supported with software, and will easily handle your session count.
Having everyone on one device can be nice, but in general I prefer different devices for different roles. If a device goes down you lose everything on that device, so the more you have on a single device, the more vulnerable you can be. Also, it limits the impact of provisioning errors, as if you use multiple devices you can limit the amount of changes to your core and hopefully improve reliability.
Cheers,
GTG
> -----Original Message-----
> From: Nathan Downes [mailto:nathandownes at hotmail.com]
> Sent: August 19, 2015 4:29 AM
> To: 'Gary T. Giesen'
> Subject: RE: [cisco-bba] 7204vxr as LNS - provider is LAC
>
> It has a G2 in it, only terminating about 200 sessions now, but
> growing
each
> day. Don't do anything fancy with attributes. I guess as long as it
doesn't
> start smoking it won't matter. Sessions range in speed from 25/5 to
> 100/40 so not sure of the mileage I will have.
>
> I think I liked the idea of moving everything from 3 devices to 1!
>
> Only being forced into upgrade because of new laws here requiring 2
> years of retention, so need netflow on the core. G2 already does
> netflow for
the
> CGNAT and software we use to manage users/radius stores it.
>
> -----Original Message-----
> From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf
> Of Gary T. Giesen
> Sent: Wednesday, 19 August 2015 6:04 AM
> To: 'Mike' <mike-ciscobba at tiedyenetworks.com>; cisco-
> bba at puck.nether.net
> Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
>
> Take a look at this doc as well:
>
> http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/gui
> d
> e/cha
> ssis/asrswcfg/scaling.html#pgfId-1125595
>
> > -----Original Message-----
> > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf
> > Of Gary T. Giesen
> > Sent: August 18, 2015 4:01 PM
> > To: 'Mike'; cisco-bba at puck.nether.net
> > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> >
> > Nothing I wasn't able to work around in the end.
> >
> > Framed-Compression, and qos pre-classify come to mind (qos
> > pre-classify is not needed anyways). We had both enabled
> > (Framed-Compression in RADIUS users file, qos pre-classify on the
> > Virtual-Template) and drove me nuts till I figured out what it was.
> > There
> may be others.
> >
> > > -----Original Message-----
> > > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On
> > > Behalf Of Mike
> > > Sent: August 18, 2015 2:51 PM
> > > To: cisco-bba at puck.nether.net
> > > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> > >
> > >
> > > On 8/18/15, 8:06 AM, Gary T. Giesen wrote:
> > > > What kind of NPE in the 7204? I've used 7206 NPE-G1's and they
> > > > work
> > fairly
> > > well at small scale (less than 1000 subs), the G2 is better as it
> > > supports
> > more
> > > features (particularly things like QoS).
> > > >
> > > > ASR1k's are great LNS boxes, just have to be careful when
> > > > migrating from
> > > 7200's to ASRs as they are a lot more strict about what RADIUS
> > > attributes
> > you
> > > can use and may cause you lots of frustration trying to figure it out.
> > > In particular they don't support full Virtual-Access interfaces
> > > (only
> > > sub-
> > > interfaces) so any attribute that requires a full Virtual-Access
> > > interface
> > will
> > > not work.
> > > >
> > > > GTG
> > > >
> > > This is the situation I have too - a 7201 terminating pppoe
> > > subscribers
> > > - about 1100 - and am now migrating to an Asr1000. What features
> > > exactly cause the requirement for full virtual-access interface? I
> > > know my ASR has the horsepower to do the job but it's got more
> > > features and things I plan
> > on
> > > experimenting with in the future, including making much more
> > > extensive use of the QoS features per-subscriber which is somthing
> > > I am not doing today
> > on
> > > the 7201.
> > >
> > > Mike-
> > > _______________________________________________
> > > cisco-bba mailing list
> > > cisco-bba at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list