Re: weird problem with pppovpdn

mlu · ‎08-19-2003

Hi all:

We have ADSL service and have some weird problems. Some of our customers PPPoE/VPDN sessions would stay connected with NAS(LNS) routers for hours even they are idle:

Interface User Mode Idle Peer Address

Vi189 johndo1@company. PPPoVPDN 1d4h:02:05 xxx.xxx.xxx.xxx

Vi191 johndo2@company. PPPoVPDN 1d1h:01:11 xxx.xxx.xxx.xxx

Vi193 johndo3@company. PPPoVPDN 23:02:33 xxx.xxx.xxx.xxx

Vi195 johndo4@company. PPPoVPDN 18:02:14 xxx.xxx.xxx.xxx

The real problem is that those customers will call in and complain that they can’t connect to Internet. We have to clear those virtual interfaces up by command “clear interface virtual-access #” all the time. Now we are creating a script doing this. But it won’t resolve the actual problem.

Seem to me, this magnitude of the problem relates the configuration command “virtual-template 1 pre-clone xxx”; the larger the # “xxx” is, the severer the problem is. When I drop the number down to 50, fewer customers complain. But the routers’ CPU utilization starts getting higher than normal (one of router’s CPU actually reached 91% when over 2000 customers terminated on that router).

I also noticed that the most of those customers with such problem configure their home ADSL modems with so-called “nailed-in connection” instead of automatically timeout after a certain idle time. Personally I like this option since it seems to refresh the PPP sessions but would not destroy the VPDN tunnels; unfortunately, most of those customers don’t like this idea.

Could anyone here explains on this issue in details or help me find some information (such as white papers, URLs. I am very interested in the theory behind this)? The most important thing question is: how could I fix this from my site?

Thanks

didyap · ‎08-25-2003

Here are a few documents on VPDN. There is also a support page for the same.

http://www.cisco.com/en/US/tech/tk801/tk703/technologies_tech_note09186a0080094586.shtml

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:VPDN__Virtual_Private_Dialup_Network

mlu · ‎08-25-2003

thanks.

the problem is that the "dead" l2tp virtual access interfaces don't get closed as they should. i duplicated the problem by turning off adsl modem (test account); according the cisco reading materials, the cooresponding virtual access interface should be closed too. No, it was not. it was there for very long time even the remote adsl modem was shut down; because of this, the test account could not be used it until i cleared the virtual access interface.

here is the config:

vpdn-group ISP-LNS

accept-dialin

protocol l2tp

virtual-template 1

local name isp

l2tp tunnel timeout no-session 10

...

interface Virtual-Template1

ip unnumbered Loopback1

ip tcp adjust-mss 1452

no logging event link-status

peer default ip address pool sun-adsl

no keepalive

ppp mtu adaptive

ppp lcp predictive

ppp authentication chap pap

ppp ipcp predictive

ppp timeout idle 600

i seriously suspect that there are some kind of bugs for this problem

lborrageiro · ‎08-27-2003

Hey had a similar problem.

What does your config look like ?