03-14-2008 12:38 PM
Hello,
We have a standard L2TP LNS configuration using Cisco's VPDN. Although everything is working, there's an issue that we've noted - UDP traffic on port 1701 between LAC and LNS is huge.
Compared to bandwidth consumed by users (cumulative tx/rx rate on virtual-access), this UDP traffic is almost equal - it doubles link consumption?! Is this normal, or we're missing something?
Any feedback would be appreciated.
Regards,
Marko
03-20-2008 02:32 PM
The solution for this would be setting Traffic Rule that will bypass all
IP traffic between the LAC and LNS IPs,
Since the SCE set to skip L2TP traffic it will attempt to skip the L2TP
layer based on UDP port (defult is 1701) so for 1st fragment packets the
UDP port information is there and therefore those 1st fragments will not
hit that Traffic Rule since the SCE will skip the L2TP layer and will
treat internal packet only, for the non-first fragments, the SCE will
not identify the packet as L2TP and will therefore consider the external
L3 as a regular packet, this packets will have the LAC and LNS IPs and
therefore will hit that Traffic Rule and will be bypassed.
http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/l2tp.html#wp16186
03-23-2008 09:17 AM
Hello,
Thanks for the input!
One thing, are you implying that we should implement this rule based filtering on the LAC side that will DROP all UDP/1701 traffic AFTER the 1st segment passes thru?
Also, by SCE you're considering Cisco's Service Control Engine (http://www.cisco.com/en/US/products/ps6151/)? I'm almost sure that our telco (which owns the LAC's) does not have anything similar, so we can ask for solution that is close to either Policy Based Routing or standard ACLs.
Regards,
Marko
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: