[cisco-nas] Packet loss with VPDN

Walter De Smedt wdesmedt at telenet.be
Thu Dec 8 18:30:50 EST 2005 

Hi,

in our setup, we have a Cisco 836 as CE, a AS5850 as LAC and a Juniper 
E-710 as LNS. Control-plane wise, everything seems ok: the tunnel is 
properly established between LAC and LNS and the session is also 
established. However, when we do a ping from the 836 to the LNS over the 
BRI interface (on which the PPP session to the LNS is established), we 
get 50% packet loss:

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 213.224.248.1, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 56/56/56 ms

The corresponding 'debug vpdn packets' on the A5850:
*Jan  1 10:48:18.545: VPDN FS Interface to tunnel: Received 104 byte pak
*Jan  1 10:48:18.545: Se0/1:17 VPDN FS/CEF Into tunnel: Sending 144 byte pak
*Jan  1 10:48:18.545: Se0/1:17 VPDN FS Interface to tunnel: Pak send 
successful
*Jan  1 10:48:18.545: VPDN CEF From tunnel: Received 156 byte pak
*Jan  1 10:48:18.545: Se0/1:17 VPDN FS/CEF Tunnel to interface: Sending 
104 byte pak
*Jan  1 10:48:18.545: Se0/1:17 VPDN CEF From tunnel: Pak send successful
*Jan  1 10:48:20.601: VPDN FS Interface to tunnel: Received 104 byte pak
*Jan  1 10:48:20.601: Se0/1:17 VPDN FS/CEF Into tunnel: Sending 144 byte pak
*Jan  1 10:48:20.601: Se0/1:17 VPDN FS Interface to tunnel: Pak send 
successful
*Jan  1 10:48:20.605: VPDN CEF From tunnel: Received 156 byte pak
*Jan  1 10:48:20.605: Se0/1:17 VPDN FS/CEF Tunnel to interface: Sending 
104 byte pak
*Jan  1 10:48:20.605: Se0/1:17 VPDN CEF From tunnel: Pak send successful
*Jan  1 10:48:22.657: VPDN FS Interface to tunnel: Received 104 byte pak
*Jan  1 10:48:22.657: Se0/1:17 VPDN FS/CEF Into tunnel: Sending 144 byte pak
*Jan  1 10:48:22.657: Se0/1:17 VPDN FS Interface to tunnel: Pak send 
successful
*Jan  1 10:48:22.661: VPDN CEF From tunnel: Received 156 byte pak
*Jan  1 10:48:22.661: Se0/1:17 VPDN FS/CEF Tunnel to interface: Sending 
104 byte pak
*Jan  1 10:48:22.661: Se0/1:17 VPDN CEF From tunnel: Pak send successful

As you can see, there are only 3 packets sent into the tunnel towards 
the LNS (the icmp requests that are successful).
The config of the 836 is straightforward:
interface BRI0
 bandwidth 64
 ip address negotiated
 encapsulation ppp
 dialer idle-timeout 170
 dialer enable-timeout 5
 dialer string xxxxxxxxx
 dialer-group 1
 isdn switch-type basic-net3
 isdn point-to-point-setup
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username test at abc password 0 dummy
 ppp multilink
end

The config on the 5850:

interface Serial0/1:15
 no ip address
 encapsulation ppp
 dialer idle-timeout 0
 no peer default ip address
 isdn switch-type primary-net5
 isdn incoming-voice modem
 ppp authentication pap chap
 ppp multilink
end
!
vpdn enable
vpdn source-ip x.x.x.x
vpdn ip udp ignore checksum
!
vpdn-group abc
 request-dialin
  protocol l2tp
  domain abc
 initiate-to ip x.x.x.x
 local name LAC-ABC
 l2tp sequencing
 l2tp tunnel password 7 xxxxxxxx
!

We're running 12.3(14)T5 on the 5850 and 12.3(11)T3 on the 836.

Anybody any ideas? I've included more output below.

thanks,

-walter

===========

5850#show vpdn tunnel all


L2TP Tunnel Information Total tunnels 1 sessions 1

Tunnel id 30801 is up, remote id is 53, 1 active sessions
  Tunnel state is established, time since change 00:00:08
  Tunnel transport is UDP (17)
  Remote tunnel name is LNS_ABC
    Internet Address x.x.x.x, port 1701
  Local tunnel name is LAC-ABC
    Internet Address xxxxxx, port 1701
  Tunnel domain is abc
  VPDN group for tunnel is abc
  L2TP class for tunnel is
  8 packets sent, 8 received
  232 bytes sent, 208 received
  Last clearing of "show vpdn" counters never
  Control Ns 4, Nr 2
  Local RWS 14752 (default), Remote RWS 4
  Tunnel PMTU checking disabled
  Retransmission time 1, max 1 seconds
  Unsent queuesize 0, max 0
  Resend queuesize 0, max 2
  Total resends 0, ZLB ACKs sent 0
  Current nosession queue check 0 of 5
  Retransmit time distribution: 0 0 0 0 0 0 0 0 0
  Sessions disconnected due to lack of resources 0

5850#show vpdn session all

%No active L2F tunnels

L2TP Session Information Total tunnels 1 sessions 1

Session id 45 is up, tunnel id 30801
Call serial number is 1241500029
Remote tunnel name is LNS_ABC
  Internet address is xxxxxxxx
  Session is L2TP signalled
  Session state is established, time since change 00:01:59
    18 Packets sent, 18 received
    392 Bytes sent, 368 received
  Last clearing of "show vpdn" counters never
    Receive packets dropped:
      out-of-order:             0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      total:                    0
  Session username is test at abc
    Interface Se0/1:19
    Remote session id is 77, remote tunnel id 53
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  No session cookie information available
  UDP checksums are disabled
  IDB switching enabled
  FS cached header information:
    encap size = 40 bytes
    4500001C 00000000 FF119B9F D5E07F0C
    D5E0F563 06A506A5 00080000 0A020035
    004D0000 00000000
  Sequencing is on
    Ns 18, Nr 18, 0 out of order packets received
  Unique ID is 53

More information about the cisco-nas mailing list