Nail up Dialer2 failover interface

openipltd · ‎03-24-2009

Using 1841 with 2x HWIC-1ADSL-M, different ISP on each for resilience. Not attempting outbound load balancing at this point. Default route is out of Dialer0. The problem is that if the Dialer2 drops, the router never tries to bring it back up again [as far as I can tell]. Dialer0 continues to work, but we use Dialer2 for remote management, and also it would be nice if Dialer2 would stay up permanently as this would give us a chance to notice any issues with the Dialer2 circuit and fix them before it becomes critical. The router will bring up Dialer2 as part of the reload process, so it must be a config issue which is at fault.

!

interface ATM0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no atm ilmi-keepalive

!

interface ATM0/0/0.1 point-to-point

description $ES_WAN$$FW_OUTSIDE$

ip flow ingress

pvc 0/38

oam-pvc manage

pppoe-client dial-pool-number 1

!

interface ATM0/1/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no atm ilmi-keepalive

!

interface ATM0/1/0.2 point-to-point

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 2

!

interface Dialer0

description $FW_OUTSIDE$

ip address 81.x.x.x x.x.x.x

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip flow ingress

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname xxxxx

ppp chap password 7 XXXXX

crypto map SDM_CMAP_1

!

interface Dialer2

ip address 94.x.x.x x.x.x.x

ip access-group 110 in

encapsulation ppp

dialer pool 2

dialer-group 2

no cdp enable

ppp authentication chap pap callin

ppp chap hostname xxxxx

ppp chap password 7 xxxxx

ppp pap sent-username xxxxx password 7 xxxxx

!

openipltd · ‎03-25-2009

I set a static route out of Dialer2 for a host, then put an 'ip sla ...' on it, so I know there is always interesting traffic for Dialer2. I have also forwarded syslog to a server out of Dialer0. I can see that at one point the SLA target stopped responding, then the ATM0/1/0 DSL dropped, came back up, re-logged in and the SLA came back:

Mar 24 21:22:30.845 PCTime: %TRACKING-5-STATE: 50 ip sla 150 reachability Up->Down

Mar 24 21:23:01.749 PCTime: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 6001: Neighbor 172.28.77.2 (Tunnel2) is down: holding time expired

Mar 24 21:23:05.433 PCTime: %LINK-3-UPDOWN: Interface ATM0/1/0, changed state to down

Mar 24 21:23:06.397 PCTime: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

Mar 24 21:23:06.401 PCTime: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di2

Mar 24 21:23:06.433 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/1/0, changed state to down

Mar 24 21:23:07.397 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

Mar 24 21:23:15.437 PCTime: %LINK-3-UPDOWN: Interface ATM0/1/0, changed state to up

Mar 24 21:23:16.437 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/1/0, changed state to up

Mar 24 21:23:17.809 PCTime: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

Mar 24 21:23:17.809 PCTime: %DIALER-6-BIND: Interface Vi2 bound to profile Di2

Mar 24 21:23:20.965 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

Mar 24 21:23:34.809 PCTime: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 6001: Neighbor 172.28.77.2 (Tunnel2) is up: new adjacency

Mar 24 21:24:25.845 PCTime: %TRACKING-5-STATE: 50 ip sla 150 reachability Down->Up

So all seems well there. But then at 01:08 the SLA stops responding:

Mar 25 01:08:27.352 PCTime: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 6001: Neighbor 172.28.77.2 (Tunnel2) is down: Interface Goodbye received

Mar 25 01:08:30.884 PCTime: %TRACKING-5-STATE: 50 ip sla 150 reachability Up->Down

Mar 25 01:08:31.956 PCTime: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 6001: Neighbor 172.28.77.2 (Tunnel2) is up: new adjacency

Mar 25 01:09:10.660 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

According to the ISPs RADIUS logs the router disconnected with a Port-Error terminate clause. And that's where it stands right now. ATM0/1/0 and Dialer2 both show as up/up, but Dialer2 is not logged in. A shut/no shut on ATM0/1/0 and Dialer2 will not get it to log back in.

openipltd · ‎03-25-2009

What's odd is that if I clear the counters on ATM0/1/0 they never increment in either direction:

#show int atm0/1/0

ATM0/1/0 is up, line protocol is up

Hardware is HWIC-DSLSAR (with Alcatel ADSL Module)

MTU 4470 bytes, sub MTU 4470, BW 448 Kbit/sec, DLY 1140 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ATM, loopback not set

Encapsulation(s): AAL5 AAL2, PVC mode

23 maximum active VCs, 256 VCs per VP, 1 current VCCs

VC Auto Creation Disabled.

VC idle disconnect time: 300 seconds

Last input never, output 11:57:25, output hang never

Last clearing of "show interface" counters 00:44:45

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 477

Queueing strategy: Per VC Queueing

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

With various PPP/ATM/PPPoATM debugging options on:

049788: *Mar 25 13:00:19.573 PCTime: Vi2 LCP: O CONFREQ [REQsent] id 219 len 10

049789: *Mar 25 13:00:19.573 PCTime: Vi2 LCP: MagicNumber 0x28183C20 (0x050628183C20)

049790: *Mar 25 13:00:21.589 PCTime: Vi2 LCP: Timeout: State REQsent

049791: *Mar 25 13:00:21.589 PCTime: Vi2 LCP: O CONFREQ [REQsent] id 220 len 10

049792: *Mar 25 13:00:21.589 PCTime: Vi2 LCP: MagicNumber 0x28183C20 (0x050628183C20)

049793: *Mar 25 13:00:23.605 PCTime: Vi2 LCP: Timeout: State REQsent

049794: *Mar 25 13:00:23.605 PCTime: Vi2 LCP: State is Listen

049798: *Mar 25 13:00:53.621 PCTime: Vi2 LCP: Timeout: State Listen

049799: *Mar 25 13:00:53.621 PCTime: Vi2 PPP: No remote authentication for call-out

049800: *Mar 25 13:00:53.621 PCTime: Vi2 LCP: O CONFREQ [Listen] id 221 len 10

049801: *Mar 25 13:00:53.621 PCTime: Vi2 LCP: MagicNumber 0x28190021 (0x050628190021)

049803: *Mar 25 13:00:55.637 PCTime: Vi2 LCP: Timeout: State REQsent

Seems like it never gets any LCP packets? Surely if the router is sending CONFREQs, the counters on ATM0/1/0 should be incrementing?

openipltd · ‎05-22-2009

Any ideas anybody? Still not working even after replacing the HWIC.