[cisco-bba] 7204vxr as LNS - provider is LAC

Gary T. Giesen ggiesen+cisco-bba at giesen.me
Thu Aug 20 12:37:39 EDT 2015 

My suggestion would be to avoid CGNAT if at all possible. There are IP
addresses available on the transfer market.

> -----Original Message-----
> From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
> Nathan Downes
> Sent: August 19, 2015 4:14 PM
> To: cisco-bba at puck.nether.net
> Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> 
> I may not be able to avoid doing it, as I read deeper in the meta data
laws, I
> may need to not only keep track of who has what IP in the CGNAT but all
the
> translations as well, I think the ASR can do this via NEL.  I have found
the less I
> touch things the better reliability is :)
> 
> I was figuring if we got a request to say who from (CGNAT external)
> connected to DST IP x.x.x.x at port y I could look it up in the netflow
from the
> LNS but I don't think that contains the translation part.  Might be lucky
and
> only one peron attempted to DST IP in that specific timeframe but could be
> tricky if more did.
> 
> -----Original Message-----
> From: Gary T. Giesen [mailto:ggiesen at giesen.me] On Behalf Of Gary T.
> Giesen
> Sent: Wednesday, 19 August 2015 11:56 PM
> To: 'Nathan Downes' <nathandownes at hotmail.com>
> Subject: RE: [cisco-bba] 7204vxr as LNS - provider is LAC
> 
> If you have a G2 already, I would stick with it. It's still well-supported
with
> software, and will easily handle your session count.
> 
> Having everyone on one device can be nice, but in general I prefer
different
> devices for different roles. If a device goes down you lose everything on
that
> device, so the more you have on a single device, the more vulnerable you
> can be. Also, it limits the impact of provisioning errors, as if you use
multiple
> devices you can limit the amount of changes to your core and hopefully
> improve reliability.
> 
> Cheers,
> 
> GTG
> 
> > -----Original Message-----
> > From: Nathan Downes [mailto:nathandownes at hotmail.com]
> > Sent: August 19, 2015 4:29 AM
> > To: 'Gary T. Giesen'
> > Subject: RE: [cisco-bba] 7204vxr as LNS - provider is LAC
> >
> > It has a G2 in it, only terminating about 200 sessions now, but
> > growing
> each
> > day.  Don't do anything fancy with attributes.  I guess as long as it
> doesn't
> > start smoking it won't matter.  Sessions range in speed from 25/5 to
> > 100/40 so not sure of the mileage I will have.
> >
> > I think I liked the idea of moving everything from 3 devices to 1!
> >
> > Only being forced into upgrade because of new laws here requiring 2
> > years of retention, so need netflow on the core.  G2 already does
> > netflow for
> the
> > CGNAT and software we use to manage users/radius stores it.
> >
> > -----Original Message-----
> > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf
> > Of Gary T. Giesen
> > Sent: Wednesday, 19 August 2015 6:04 AM
> > To: 'Mike' <mike-ciscobba at tiedyenetworks.com>; cisco-
> > bba at puck.nether.net
> > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> >
> > Take a look at this doc as well:
> >
> > http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/gui
> > d
> > e/cha
> > ssis/asrswcfg/scaling.html#pgfId-1125595
> >
> > > -----Original Message-----
> > > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf
> > > Of Gary T. Giesen
> > > Sent: August 18, 2015 4:01 PM
> > > To: 'Mike'; cisco-bba at puck.nether.net
> > > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> > >
> > > Nothing I wasn't able to work around in the end.
> > >
> > > Framed-Compression, and qos pre-classify come to mind (qos
> > > pre-classify is not needed anyways). We had both enabled
> > > (Framed-Compression in RADIUS users file, qos pre-classify on the
> > > Virtual-Template) and drove me nuts till I figured out what it was.
> > > There
> > may be others.
> > >
> > > > -----Original Message-----
> > > > From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On
> > > > Behalf Of Mike
> > > > Sent: August 18, 2015 2:51 PM
> > > > To: cisco-bba at puck.nether.net
> > > > Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC
> > > >
> > > >
> > > > On 8/18/15, 8:06 AM, Gary T. Giesen wrote:
> > > > > What kind of NPE in the 7204? I've used 7206 NPE-G1's and they
> > > > > work
> > > fairly
> > > > well at small scale (less than 1000 subs), the G2 is better as it
> > > > supports
> > > more
> > > > features (particularly things like QoS).
> > > > >
> > > > > ASR1k's are great LNS boxes, just have to be careful when
> > > > > migrating from
> > > > 7200's to ASRs as they are a lot more strict about what RADIUS
> > > > attributes
> > > you
> > > > can use and may cause you lots of frustration trying to figure it
out.
> > > > In particular they don't support full Virtual-Access interfaces
> > > > (only
> > > > sub-
> > > > interfaces) so any attribute that requires a full Virtual-Access
> > > > interface
> > > will
> > > > not work.
> > > > >
> > > > > GTG
> > > > >
> > > > This is the situation I have too - a 7201 terminating pppoe
> > > > subscribers
> > > > - about 1100 - and am now migrating to an Asr1000. What features
> > > > exactly cause the requirement for full virtual-access interface? I
> > > > know my ASR has the horsepower to do the job but it's got more
> > > > features and things I plan
> > > on
> > > > experimenting with in the future, including making much more
> > > > extensive use of the QoS features per-subscriber which is somthing
> > > > I am not doing today
> > > on
> > > > the 7201.
> > > >
> > > > Mike-
> > > > _______________________________________________
> > > > cisco-bba mailing list
> > > > cisco-bba at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-bba
> > >
> > > _______________________________________________
> > > cisco-bba mailing list
> > > cisco-bba at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-bba
> >
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> 
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba

More information about the cisco-bba mailing list