[cisco-nas] SGBP and multihop vpdn offload to multiple L2TP LNS

David Mommsen davezenith at gmail.com
Thu Apr 5 10:24:41 EDT 2012 

Hi,

We have 2 devices 7401 (LNS1) and 7401 (LNS2) and want to offload PPP
between both LNSs using L2TP.

When calls are received,

- best case scenario:  we want to offload the PPP between the two LNSs
(load Balance), which means both devices are acting as an LNS and offload
server. We have 2 active  vpdn tunnels, account1 and account2 both being
handled by LNS1. We want LNS1 to offload the account2 PPP using LT2P to
LNS2.

- at least scenario: We will designate LNS2 with seed-bid offload. When
calls are received by LNS1, LNS2 should win the bid.

 We see the SGBP process is working. The problem is the L2TP tunnel between
LNS1 and LNS2 is not being built and as such LNS1 stays the call master.

Has anyone got a working example?


Below is our config:



#sh vpdn

%No active L2F tunnels



L2TP Tunnel and Session Information Total tunnels 2 sessions 2



LocID RemID Remote Name   State  Remote Address  Port  Sessions L2TP Class/
                                                                VPDN Group
38462 61897 bipac         est    aaa.aaa.aaa.aaa 1701  1
1



LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq
ID
                                 Vcid,
Circuit
13         1          38462      account1, Vi2.2 est    23:21:05 10



LocID RemID Remote Name   State  Remote Address  Port  Sessions L2TP Class/
                                                                VPDN Group
16641 13836 bipac         est    bbb.bbb.bbb.bbb   1701  1
1



LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq
ID
                                 Vcid,
Circuit
14         1          16641      account2, Vi2.3 est    15:21:49 11




SGBP  isn't succeeding in load balancing L2TP yet but I have some more
debugging logs (below).  I believe the most interesting lines are as
follows:



========================================================================
Feb  6 16:13:53.319: uid:9 Tnl/Sn 60283/12 L2TP: Result code(2): 2: Call
disconnected, refer to error msg
Feb  6 16:13:53.319:      Error code(4): Insufficient resources
Feb  6 16:13:53.319:      Optional msg: No virtual-template specified
========================================================================



If I've interpreted that correctly it means we don't have the LNS<->LNS
offload set up correctly for account2 at isp.net.  Agreed?







Logging output:


Feb  6 16:13:53.111: %SGBP-7-SENT: MQ Open to 196.1.56.36 for query 9:0,
bundle account1 at isp.net, bid 4999, prot l2tp, len 90
Feb  6 16:13:53.211: %SGBP-7-MQ: Bid (0x11) for query 9:8, bundle
account1 at isp.net, bid 5000, len 91
Feb  6 16:13:53.211: %SGBP-7-RCVD: MQ Bid from 196.1.56.36 for query 9:0,
bundle account1 at isp.net, bid 5000, prot l2tp
Feb  6 16:13:53.311: SGBP: Sending protocol 0x2 in MQ Accept
Feb  6 16:13:53.311: %SGBP-7-SENT: MQ Accept to 196.1.56.36 for query 9:0,
bundle account1 at isp.net, bid 4999, prot l2tp, len 90
Feb  6 16:13:53.311: %SGBP-7-DONE: Query #9 for bundle account1 at isp.net,
count 1, master is 196.1.56.36
Feb  6 16:13:53.311: %SGBP-7-MQB:     Bundle: account1 at isp.net    State:
Done    OurBid: 4999
Feb  6 16:13:53.311:  Tnl/Sn 60283/12 L2TP: Session state change from idle
to wait-for-tunnel
Feb  6 16:13:53.311: uid:9 Tnl/Sn 60283/12 L2TP: Create session
Feb  6 16:13:53.311:  Tnl 60283 L2TP: SM State idle
Feb  6 16:13:53.311:  Tnl 60283 L2TP: O SCCRQ
Feb  6 16:13:53.311:  Tnl 60283 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:13:53.311:  Tnl 60283 L2TP: Tunnel state change from idle to
wait-ctl-reply
Feb  6 16:13:53.311:  Tnl 60283 L2TP: SM State wait-ctl-reply
Feb  6 16:13:53.315:  Tnl 60283 L2TP: I SCCRP from TEST
Feb  6 16:13:53.315:  Tnl 60283 L2TP: Got a challenge from remote peer, TEST
Feb  6 16:13:53.315:  Tnl 60283 L2TP: Got a response from remote peer, TEST
Feb  6 16:13:53.315:  Tnl 60283 L2TP: Tunnel Authentication success
Feb  6 16:13:53.315:  Tnl 60283 L2TP: Tunnel state change from
wait-ctl-reply to established
Feb  6 16:13:53.315:  Tnl 60283 L2TP: O SCCCN  to TEST tnlid 21254
Feb  6 16:13:53.315:  Tnl 60283 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:13:53.315:  Tnl 60283 L2TP: SM State established
Feb  6 16:13:53.315: uid:9 Tnl/Sn 60283/12 L2TP: O ICRQ to TEST 21254/0
Feb  6 16:13:53.315: uid:9 Tnl/Sn 60283/12 L2TP: Session state change from
wait-for-tunnel to wait-reply
Feb  6 16:13:53.315: uid:9 Tnl/Sn 60283/12 L2TP: Session state change from
wait-reply to established
Feb  6 16:13:53.315: uid:9 Tnl/Sn 60283/12 L2TP: VPDN session up
Feb  6 16:13:53.315: uid:9 Tnl/Sn 60283/12 L2TP: O ICCN to TEST 21254/3
Feb  6 16:13:53.315:  Tnl 60283 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: Session state change from
wait-for-service-selection-iccn to established
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: VPDN session up
Feb  6 16:13:53.319: uid:9 Tnl/Sn 60283/12 L2TP: Result code(2): 2: Call
disconnected, refer to error msg
Feb  6 16:13:53.319:      Error code(4): Insufficient resources
Feb  6 16:13:53.319:      Optional msg: No virtual-template specified
Feb  6 16:13:53.319: uid:9 Tnl/Sn 60283/12 L2TP: I CDN from TEST tnl 21254,
cl 3
Feb  6 16:13:53.319: uid:9 Tnl/Sn 60283/12 L2TP: disconnect (L2X) IETF:
9/nas-error Ascend: 62/VPDN No Resources
Feb  6 16:13:53.319: uid:9 Tnl/Sn 60283/12 L2TP: Destroying session
Feb  6 16:13:53.319: uid:9 Tnl/Sn 60283/12 L2TP: Session state change from
established to idle
Feb  6 16:13:53.319:  Tnl 60283 L2TP: Tunnel state change from established
to no-sessions-left
Feb  6 16:13:53.319:  Tnl 60283 L2TP: No more sessions in tunnel, shutdown
(likely) in 15 seconds
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: disconnect (AAA) IETF:
9/nas-error Ascend: 62/VPDN No Resources
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: O CDN to bipac 58877/1
Feb  6 16:13:53.319:  Tnl 16568 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: Destroying session
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: Session state change from
established to idle
Feb  6 16:13:53.319: uid:9 Tnl/Sn 16568/11 L2TP: Accounting stop sent
Feb  6 16:13:53.319:  Tnl 16568 L2TP: Tunnel state change from established
to no-sessions-left
Feb  6 16:13:53.319:  Tnl 16568 L2TP: No more sessions in tunnel, shutdown
(likely) in 10 seconds
Feb  6 16:13:54.319:  Tnl 16568 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:14:03.319:  Tnl 60283 L2TP: I StopCCN from TEST tnl 21254
Feb  6 16:14:03.319:  Tnl 60283 L2TP: Tunnel state change from
no-sessions-left to shutting-down
Feb  6 16:14:03.319:  Tnl 60283 L2TP: Shutdown tunnel
Feb  6 16:14:03.319:  Tnl 60283 L2TP: Tunnel state change from
shutting-down to idle
Feb  6 16:14:03.323:  Tnl 16568 L2TP: O StopCCN  to bipac tnlid 58877
Feb  6 16:14:03.323:  Tnl 16568 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:14:03.323:  Tnl 16568 L2TP: Tunnel state change from
no-sessions-left to shutting-down
Feb  6 16:14:04.323:  Tnl 16568 L2TP: Control channel retransmit delay set
to 1 seconds
Feb  6 16:14:08.323:  Tnl 16568 L2TP: Shutdown tunnel
Feb  6 16:14:08.323:  Tnl 16568 L2TP: Tunnel state change from
shutting-down to idle

=======================================



sh debugging
MLPVT group:
  SGBP dial-bids debugging is on
  SGBP messages debugging is on
  SGBP mastership queries debugging is on
  SGBP events debugging is on
  SGBP fsm events debugging is on
VPN:
  L2X protocol events debugging is on
  L2X protocol errors debugging is on
  VPDN events debugging is on
  VPDN errors debugging is on





====================



Current Running config




Version 12.4(21a), RELEASE SOFTWARE (fc1)



sgbp group TEST

sgbp protocol l2tp

sgbp seed-bid  5000

sgbp member  10.10.10.2

sgbp ppp-forward

sgbp source-ip 10.10.10.1

vpdn enable

vpdn multihop



!


vpdn-group 1

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 1

no l2tp tunnel authentication

!
l2tp-class TestL2TP


username TEST password 7 094F471A1A0A57




interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

media-type rj45

channel-group 1

!
interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

media-type rj45

channel-group 1

!

interface Virtual-Template1

ip unnumbered GigabitEthernet0/0

peer default ip address pool default

ppp authentication chap pap ms-chap ms-chap-v2 vpdn

Rgds

-- 

David Mommsen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nas/attachments/20120405/ac150450/attachment.html>

More information about the cisco-nas mailing list