[c-nsp] [cisco-bba] 7204VXR(NPE-G1) running c7200-jk9s-mz.123-14.T3.bin

Mark Tohill Mark at u.tv
Fri Sep 1 05:33:55 EDT 2006


Oliver,

I think the reason why we needed the 'T' image was the fact that we
upgraded to NPE-G1's and we probably took the latest 'T' image we could.

The reason we went for pre-cloned was because of RADIUS performance
issues when the box's were rebooted/reloaded or we lost VPDN tunnels.
Routers were swamped with RADIUS timeouts.

Thanks,
Mark


!
interface Virtual-Template1
 description VPDN Virtual Template
 mtu 1460
 ip unnumbered Loopback0
 ip tcp adjust-mss 1420
 no logging event link-status
 no snmp trap link-status
 peer default ip address pool default
 ppp mtu adaptive proxy
 ppp authentication chap
!
!
vpdn-group 1
 description VPDN-GROUP-1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname dsl.realm
 source-ip aaa.bbb.ccc.ddd
 lcp renegotiation on-mismatch
 l2tp tunnel password<removed>
!
!
virtual-template 1 pre-clone 8000
!



-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: 01 September 2006 10:01
To: Mark Tohill
Cc: cisco-nsp at puck.nether.net; cisco-bba at puck.nether.net
Subject: RE: [cisco-bba] 7204VXR(NPE-G1) running
c7200-jk9s-mz.123-14.T3.bin

Ok, looked at the case.. You're running out of memory, causing all kinds
of bad things. Fix the memory leak by upgrading (or downgrade to
12.3(20), don't see any feature in the config which would require
12.3T), and the other problems will likely go away.

How do your Radius profiles look like? You're using full virtual-access
pre-cloned interfaces, and you might be better off with virtual-access
sub-interfaces.

	oli


Mark Tohill <mailto:Mark at u.tv> wrote on Friday, September 01, 2006 10:54
AM:

> Hi Oliver,
> 
> TAC Case No. is 604178461 - Tracebacks etc on 7204-NPEG1s x 2 running
> c7200-jk9s-mz.123-14.T3.bin.
> 
> Oliver, regarding the 'trigger', I was trying to figure this out
> myself. These boxes were behaving perfectly for six or seven months
> and then 
> this, all of a sudden.
> 
> There have been no configuration changes, of note, since then. The
> only thing I can think of is I am now logging a suspected spammer on
> an 
> extended inbound ACL on our internet-facing interface.
> 
> I get entries in logging buffer for this user. Possibly connected to
> this is the mention of 'Virtual Exec' messages we got along with the
> tracebacks. It's maybe nothing.
> 
> Thanks again,
> Mark
> 
> 
> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: 01 September 2006 09:40
> To: Mark Tohill; cisco-bba at puck.nether.net; cisco-nsp at puck.nether.net
> Subject: RE: [cisco-bba] 7204VXR(NPE-G1) running
> c7200-jk9s-mz.123-14.T3.bin
> 
> Mark,
> 
> to me, this looks like side-effects of the memory leak, i.e. you're
> running out of memory causing all kinds of things. Do you get malloc
> failures in the logs? What is the TAC case# so I can take a look?
> 
> I do wonder about the PARSER-4-BADCFG message. What is the trigger for
> them? Do you do some config via tftp or similar (copy tftp
> running-config)?
> 
> 	oli
> 
> Mark Tohill <> wrote on Friday, September 01, 2006 10:15 AM:
> 
>> Hello,
>> 
>> We have 7204-NPEG1s x 2 running c7200-jk9s-mz.123-14.T3.bin. These
>> boxes are running BGP(default only), and terminating DSL L2TP VPDN's.
>> 
>> We're having a few issues with that image, one involving 'VTemplate
>> Manager' tracebacks. According to TAC, this is bugid:
>> 
>> CSCeh90534
>> Externally found severe defect: Duplicate (D)
>> memory leak with micro_block_alloc calling VTEMPLATE Backgr
>> 
>> Duplicate of :  CSCeg81196, fixed in 12.3(14)T4 and later
>> 
>> On same boxes, we get the following:
>> 
>> Aug 31 13:38:15.293: %PARSER-4-BADCFG: Unexpected end of
>> configuration file. Aug 31 13:38:15.297: %PARSER-4-BADCFG:
>> Unexpected end of configuration file. 
>> 
>> This is having the interesting side effect of not 'saving' a Loopback
>> and GRE Tunnel interface to the running config file. When we show
>> specific interface configurations, it's fine. See below:
>> 
>> #sh run int tunnel 0
>> Building configuration...
>> Current configuration : 136 bytes
>> !
>> interface Tunnel0
>>  ip address 192.168.200.2 255.255.255.252
>>  tunnel source GigabitEthernet0/2.200
>>  tunnel destination a.b.c.d
>> end
>> 
>> #sh run int loopback 0
>> Building configuration...
>> Current configuration : 111 bytes
>> !
>> interface Loopback0
>>  description VPDN Tunnel Endpoint
>>  ip address a.b.c.d 255.255.255.255
>> end
>> 
>> So we know the interfaces are there, being routed over, but we you do
>> an ordinary 'show run', they're configs are not complete..IP
>> addressing gone. 
>> 
>> #sh running-config | begin Tunnel0
>> interface Tunnel0
>>  !
>>  interface Loopback0
>>  description VPDN Tunnel Endpoint
>> !
>> 
>> Therefore we can't make any changes to the config, we'll loose them
>> when we save to startup!! The loopback is fairly critical, it
>> terminates the L2TP tunnel, an on reboot, the VPDN sessions will not
>> come up since there are no tunnels to carry them.
>> 
>> Has anyone encounterd this problem? We have been advised by TAC to
>> upgrade to 12.4 mainline, which is fine, but I cannot get info
>> regarding the config file corruption.
>> 
>> Any experiences/ideas appreciated.
>> 
>> Mark



More information about the cisco-nsp mailing list