[c-nsp] VPDN Multihop

Kurt Bales kwbales at kwbales.net
Mon Feb 16 23:52:26 EST 2009 

Hi All,

There is probably an obvious answer to this, but I am failing to make
it work the way I want so I'm asking the resident experts.

We are a wholesale ISP taking DSL tails as L2TP from carriers.

We have an LNS which is currently setup to switch these sessions to
downstream channel partners based on match against the domain/REALM.

For one of the realms on which we receive L2TP sessions, we would like
to select a destination (either locally terminated or
switched-to-channel-partner) on a per-account basis. These currently
are switched to us on a per-account basis by our upstream provider
doing per-account authentication and A/V pairs to forward the
sessions. Their A/V pairs are setting a tunnel-id for these.


We thought was to leverage the "multihop-hostname" command under a
request-dialin configured VPDN-group.

The documentation on CCO seems to imply that it can be used to match
against a VPDN tunnel-id, but we could not get that to work.

"multihop-hostname

To enable a tunnel switch to initiate a tunnel based on the hostname
or tunnel ID associated with an ingress tunnel, use the
multihop-hostname command in VPDN request-dialin subgroup
configuration mode. To disable this option, use the no form of this
command."

We tried configuring up a vpdn-group with a multihop
hostname/initiate-to/local name/l2tp tunnel password, surely that
would be enough to correctly match and therefore switch the session
across to the downstream LNS?

Unfortunately we could not get it to work, the error coming back was
complaining that it could not assign a virtual-template to the
session, which would seem to imply an attempt to terminate the session
locally

Feb 17 12:14:18: SSS MGR [uid:606]: Handling Policy Service Authorize
action (1 pending sessions) Feb 17 12:14:18: SSS PM
[uid:606][6858A474]: RM/VPDN disabled: RM/VPDN author not needed Feb
17 12:14:18: SSS PM [uid:606][6858A474]: AAA author needed for
registered user Feb 17 12:14:18: SSS MGR [uid:606]: Got reply Need
More Keys from PM Feb 17 12:14:18: SSS MGR [uid:606]: Handling Need
More Keys action Feb 17 12:14:18: VPDN uid:606 disconnect (TEST-CMD)
IETF: 9/nas-error Ascend: 62/VPDN No Resources Feb 17 12:14:18: VPDN
uid:606 vpdn shutdown session, result=2, error=5, vendor_err=0 Feb 17
12:14:18: VPDN uid:606 VPDN/AAA: accounting stop sent Feb 17 12:14:18:
L2TUN APP: uid:606handle/665997Destroying app session Feb 17 12:14:18:
L2TUN APP: uid:606handle/665997Stopping service selection Feb 17
12:14:18: L2X SSS [uid:606]: Disc sent to SSS Feb 17 12:14:18: L2TP
_____:06839:000070B5:
Feb 17 12:14:18: L2TP _____:06839:000070B5: Shutting down session
Feb 17 12:14:18: L2TP _____:06839:000070B5:   Result Code
Feb 17 12:14:18: L2TP _____:06839:000070B5:     Call disconnected,
refer to error msg (2)
Feb 17 12:14:18: L2TP _____:06839:000070B5:   Error Code
Feb 17 12:14:18: L2TP _____:06839:000070B5:     Insufficient resources (4)
Feb 17 12:14:18: L2TP _____:06839:000070B5:   Vendor Error
Feb 17 12:14:18: L2TP _____:06839:000070B5:     None (0)
Feb 17 12:14:18: L2TP _____:06839:000070B5:   Optional Message
Feb 17 12:14:18: L2TP _____:06839:000070B5:     "No virtual-template specified"
Feb 17 12:14:18: L2TP _____:06839:000070B5:



vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
vpdn redirect
vpdn logging
vpdn logging local
vpdn logging tunnel-drop
vpdn history failure table-size 50
vpdn session-limit 2048
vpdn search-order multihop-hostname domain
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix !
vpdn-group customer3
request-dialin
 protocol l2tp
 multihop hostname <tunnel-name>
initiate-to ip <downstream LNS IP> priority 1
local name <my hostname>
l2tp tunnel password 0 <mumble> !




Any thoughts/suggestions?


Regards,

Kurt Bales

More information about the cisco-nsp mailing list