Hi Elvin,
Following up to your email message. Stripped some sensitive data out.
This onfig looks fine! This should work. When pinging the CPE from the BNG, you may need to define and specify the source address specifically as the soruce selection sometimes is not right.
So do a "ping vrf INET form the BNG with "source loop 1" as suffix to force the right source addr selection.
Can the CPE ping the loopback properly?
If we can eliminate those 2 it will help.
Also when you have a rapid ping running with a timeout 0 and count 10000 we can track the np counters to see where we lose them.
MAke sure that SVD is disabled also especially when you have an MPLS core.
Your original message:
Ping from the BNG to the internet is possible, also from the internet is possible to ping the interface loopback configured. pppoe request reach the BNG and authentication is succesfull. The weird thing is that none CPE is able to reach the internet as well no ping response from the BNG to CPE. CPE reach BNG through a L2 transport using vlan. One more thing I notice is that the Mac address from all CPE is the same. I made a mac lookup and the mac address of all CPE is the DSLAM mac. maybe this is the reason no ping is possible from BNG to CPE.
Below is the configuration for pppoe session as well how I advertise the pool.
Thanks in advance.
aaa group server radius RADIUS
vrf INET
server-private x.y.46.147 auth-port 1645 acct-port 1646
key 7
!
source-interface Loopback1
!
aaa authorization subscriber default group radius group RADIUS
aaa authentication subscriber default group radius group RADIUS
pool vrf INET ipv4 ADDRESS_POOL
address-range x.y.241.50 x.y.241.62
interface Loopback1
vrf INET
ipv4 address x.y.241.49 255.255.255.255
interface TenGigE0/0/1/1
description Link to 30MZ_PE_3 TenG 1/2 Layer L2
cdp
!
interface TenGigE0/0/1/1.600
service-policy type control subscriber PPPoE_Policy
pppoe enable bba-group CUSTOMER
encapsulation dot1q 600
router bgp 65500
vrf INET
rd 1:1
address-family ipv4 unicast
network x.y.241.49/32
aggregate-address x.y.241.48/28 summary-only
dynamic-template
type ppp PPP_PTA_TEMPLATE
ppp authentication pap
ppp ipcp dns p.q.81.5 p.q.81.132
ppp ipcp peer-address pool ADDRESS_POOL
vrf INET
ipv4 unnumbered Loopback1
subscriber
pta tcp mss-adjust 1452
!
pppoe bba-group CUSTOMER
service selection disable
Class-map type control subscriber match-any PTA_CLASS
match protocol ppp
end-class-map
!
!
policy-map type control subscriber PPPoE_Policy
event session-activate match-first
class type control subscriber PTA_CLASS do-until-failure
10 authenticate aaa list default
!
!
event session-start match-first
class type control subscriber PTA_CLASS do-until-failure
1 activate dynamic-template PPP_PTA_TEMPLATE
!
Need a bit more info to say what the reason is... it could be sVD is acting up, is a ping from the BNG to the internet possible, is the ip pool advertised properly into the internet vrf,
if there are traffic drops, the np counters should be easy to verify what is going on also.
verify with a upstream test/traceroute and downstream and see where it stops.
common forgotten things is routing of the ip pool subnet and SVD when packets are arriving on the core facing LC not having enough info to route the traffic through (make a dummy, fake subinterface on that core LC, with some addr in that same vrf to workaround that)
xander
