[j-nsp] LNS Redundancy / Load Balancing L2TP Tunnels

Goldschmidt, Bernd bernd.goldschmidt at siemens.com
Thu Mar 23 07:02:58 EST 2006 

Hi Jonathan,

you could have both load balancing and redundancy together.

This is the setup to get redundancy:
====================================
/etc/raddb/users:
-----------------
l2tptest Auth-Type := Local, User-Password == l2tptest
        Tunnel-Type:1 = L2TP,
        Tunnel-Medium-Type:1 = IP,
        Tunnel-Server-endpoint:1 = 1.1.1.21,
        Tunnel-Password:1 = l2tptest2,
        Tunnel-Preference:1 = 50,
        Tunnel-Type:2 += L2TP,
        Tunnel-Medium-Type:2 += IP,
        Tunnel-Server-Endpoint:2 += 1.1.1.1,
        Tunnel-Password:2 += l2tptest,
        Tunnel-Preference:2 += 100


burkhard#test aaa ppp l2tptest l2tptest
Authentication Grant with Tunnel Attributes
************ user attributes *************
    idle Timeout - 0
    session Timeout - 0
    accounting Timeout - 600
    Tunnel Set - 1
        Tunnel Tag set - 1
        Tunnel Preference set - 50
        Tunnel Type set - 3
        Tunnel Medium set - 1
        Tunnel peer set - 1.1.1.21
        Tunnel Password set - l2tptest2
        Tunnel Router context - default
        Tunnel calling number - atm 3/2.42:100.101#184549476#this is a description#speed:UBR:12000#pppoe 12:34:56:78:9a:bc

    Tunnel Set - 2
        Tunnel Tag set - 2
        Tunnel Preference set - 100
        Tunnel Type set - 3
        Tunnel Medium set - 1
        Tunnel peer set - 1.1.1.1
        Tunnel Password set - l2tptest
        Tunnel Router context - default
        Tunnel calling number - atm 3/2.42:100.101#184549476#this is a description#speed:UBR:12000#pppoe 12:34:56:78:9a:bc

************ no ppp attributes *************
pausing 5 seconds before disconnecting test (tunneled) user, l2tptest
burkhard#

See also:
http://www.juniper.net/techpubs/software/erx/junose71/swconfig-broadband/html/l2tp-config9.html#136993



To get both, Load-sharing and redundancy, then you need to send both tunnel-server-endpoints with the same preference from the radius and you need to enable the knob "l2tp fail-over-within-preference".

/etc/raddb/users:
-----------------
l2tptest Auth-Type := Local, User-Password == l2tptest
        Tunnel-Type:1 = L2TP,
        Tunnel-Medium-Type:1 = IP,
        Tunnel-Server-endpoint:1 = 1.1.1.21,
        Tunnel-Password:1 = l2tptest2,
        Tunnel-Preference:1 = 50,
        Tunnel-Type:2 += L2TP,
        Tunnel-Medium-Type:2 += IP,
        Tunnel-Server-Endpoint:2 += 1.1.1.1,
        Tunnel-Password:2 += l2tptest,
        Tunnel-Preference:2 += 50

Gruß
Bernd.


 

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> jonathan.curtis at bell.ca
> Sent: Wednesday, March 22, 2006 9:46 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] LNS Redundancy / Load Balancing L2TP Tunnels
> 
>  
> Hi,
> 
> Wondering if much work has been done to solve the problems of load
> balancing L2TP tunnels for PPPoE authenticated subscribers?
> 
> IE: if an ERX fails on the other end of the tunnel, how could 
> we create
> some redundancy ?
> 
> We're looking at a number of options, wondering if someone has already
> deployed a solution that works well?
> 
> Thanks,
> 
> Jonathan
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list