Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

multilink l2tp causes mac OSX to have hickups

Hi,

I have a cisco 891, with 2 VDSL lines, setting up a multilink PPP (1 over each VDSL line) to increase bandwidth (LNS side is xl2tpd on linux). As soon as both l2tp's get up (and bonded correctly) into 1 Multilink interface, a MAC osX client behind this cisco is having difficulties accessing the internet. If I use only 1  Virtual-PPP interface at a time, the problem doesn't exist.

I located the problem, but have no explanation for it. I also have a work-around for it (by disabling RFC 1323 on the mac via sysctl), but this is only a method of last resort, since we want to be as transparant as possible to the network.

The problem occurs when the Mac behind the Cisco starts a tcp session (e.g. to port 80 of a webserver). The Mac send the initial syn packet, the webserver sends back the SYN,ACK packet (I see both packet with tcpdump leaving & comming back on the mac, so there is no case of lost packets in the L2TP), and then the MAC does nothing with it (after a second it resends the initial SYN packet, in which the webserver sends the same SYN,ACK packet back, the MAC ignoring it again). After a while (undefined), the session starts. If I disable either one the the Virtual-PPP links (having a MPPP with only one link), I get the same packets (i really don't see any difference in them), and suddenly the mac sends the ACK on the SYN,ACK packet from the first time.

I allready ruled out the MTU issue (since the SYN, SYN/ACK, ACK handshake only exists of small packets, and after the handshake trouble, big packets get through just fine).

anybody a clue?

thx in advance

Arne

this is relevant config on cisco

pseudowire-class pwclass1

encapsulation l2tpv2

ip local interface Dialer1

!        

pseudowire-class pwclass2

encapsulation l2tpv2

ip local interface Dialer2

!        

interface Multilink1

ip address negotiated

ip nat outside

ip virtual-reassembly in

ip tcp adjust-mss 1370 (to make sure no big packets get over the wire, since we do l2tp over PPPOE)

ppp eap refuse

ppp chap hostname XXX

ppp chap password XXX

ppp multilink

ppp multilink slippage mru 32 (this has been experimented with it)

ppp multilink group 1

ppp multilink mrru local 1600

no cdp enable

interface Virtual-PPP1

no ip address

ppp multilink

ppp multilink group 1

no cdp enable

pseudowire <IP> 10 pw-class pwclass1

!

interface Virtual-PPP2

no ip address

ppp multilink

ppp multilink group 1

no cdp enable

pseudowire <IP> 9 pw-class pwclass2

ip route <IP> 255.255.255.255 Dialer1 (I know this causes both tunnel uplinks path to go through 1 VDSL line, but this will be solved later, and I don't think this is the issue here)

ip route 0.0.0.0 0.0.0.0 Mu1 (only exists when Multilink1 is up)

ip nat inside source list 167 interface Multilink1 overload

interface Vlan100

ip address 192.168.17.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1370

access-list 167 permit ip 192.168.17.0 0.0.0.255 any

523
Views
0
Helpful
0
Replies
CreatePlease login to create content