Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BNG cluster - redundancy

Hello everyone,

 

What would be the best way to achieve link/cluster redundancy into the access plant given the second diagram? 

What is the best practice for redundant BNG configuration?

Cluster is a couple of ASR9001 with a 2 port 10gbps line card in each, and access nodes can be considered third party L2 switches chain linked to each other over 10 gpbs ( this is the OSP for FTTx ).

BNG (experimental, both PPPoE and IPoE work) on a bundle-ether interface works, members of the bundle-ether are east and south interfaces from distinct cluster members, haven't tested cluster redundancy yet. 

EAPS Ring redundancy with the setup #1 works but it has a single point of failure, the access node itself with the up links.

In the second setup with the TLS (Basically an L2 bridge without any protection protocol, none) bundle-ether link redundancy only works when links directly connected to the cluster go down.  As per Cisco papers, bundle-ether interface are for point-to-point links, so it is not supposed to work if an intermediate link goes does down, I understand that, there's no signalization.

I guess my question is how would you suggest to implement link redundancy in setup 2 with TLS, thus eliminate the single point of failure of EAPS setup, I've already contacted the vendor of the access nodes on the subject, awaiting their response, it has been a little over an year.

Thank you.

http://en.wikipedia.org/wiki/Ethernet_Automatic_Protection_Switching

Regards

Elnur

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hey Elnur,your finding is

Hey Elnur,

your finding is correct that BVI doesnt support subscribers. You can either terminate subscribers on the phy (sub) interface or bundle (sub)interface.

In this model with phy interfaces, since you can't run bundle due to your access environment, and you're stuck with those phy's then you have to apply the control policy to the te 0/0/0/2.49 interface.

Right now it is in l2transport mode, because you pulled it in a bridge domain. But if you put it back in l3 mode, then you can apply the control policy to it for the ip session activation. The "gotcha" with this design is, that this is active/standby for the both access interfcaes and the subscriber, when created is tied to that interface. Which means upon switch over it needs to be recreated. (stateless failover)

So what you can do here is potentially set a packet trigger on the standby interface for instance and recreate the subscriber on the unknown source ip to provide more seamless subscriber recreation in case there is ring convergence.

cheers!

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
28 REPLIES
Cisco Employee

Hi Elnur,Because you have an

Hi Elnur,

Because you have an L2 loop between these access nodes, and it is a ring, I dont see any other options then:

MST(AG) or MCLAG.

This to break the loop and loadbalance some vlans on the southern route and some vlans on the northern route with each other as back up.

Because the access interfaces on the cluster are different, this is not stateful redundancy. Which means that if the souther route dies, MSTAG converges, clients will re-establish on the norhtern path and access interface on the BNG.

MCLAG somewhat solves that problem because now I have a single bundle interface, but with an active/standby member , and this can alternative between vlans, to maintan stateful redundancy, but it requires your access nodes to be the POA's. Ugh, I dont like that at all writing that down even, but wanted you to know of the option.

Another potential is using the ASR9000v satellite. It can ring, cascade, dual home and all that.

It solves your spanning tree configuration and relies on the "satellite" discovery protocol to figure out the ring. It is very robust and very simple.

More over, all your interfaces of those satellites are managed out of the asr9000! So it simplifies the design and everything big time.

If that is no option, yeah then you're bound to some sort of ring protection whether it be 8032, REP or MST(AG).

ps. I hope in this case the vendor of hte access node is not cisco if you have to wait a year for a response :)

regards

xander

~~

Xander Thuijs CCIE #6775

Principal Engineer ASR9000/XR

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Hi Xander thank you for the

Hi Xander

 

thank you for the reply.

Seamless Redundancy and Load balancing are a concern, in that particular order, I mean I could leave without the former, the final goal is to terminate all sessions in IPoE, PPPoE will be required only for a couple of month for the duration of migration.

Can you please point me to some documents with BNG and 8032/REP/MST configuration snippets, or just 8032/REP/MST, i.e. if there're any, so I could try figure out how to get up BNG on top of them. Most of the documents I found on BNG are provided for bundle-ether interface.

As I understand so far there're a few ways to achieve our requirements, please confirm:

1.    Satellites in the OSP access - a bit expensive for us at the moment, given 1Gbps Access ports, Port Count per rack U/Cost per Port, nevertheless I'm seriously considering it for the second phase of the rollout.

  1. Satellites in the distribution for the OSP – BNG cluster in the diagram are replaced with a couple of Satellites and EAPS/MST/8032 does its magic.

3.    MCLAG - did not understand what you meant by POA above, the access plant is L2 and logical POA will be the BNG cluster, please elaborate. MC-LAG is vendor-specific, so how is this going to work? Shall I factor in a couple of Cisco switches that understand MC-LAG and let the EAPS deal with the protection of the ring, or can ASK9001 (with or without EAPS) handle it given the topology I’ve provided? i.e. will I have to change the physical topology from the second diagram provided in my original post.

4.    Somehow, which I’m researching now, to implement one of the 8032/REP/MST on the BNG cluster.

 

All in all some configuration samples of BNG on top of 8032/REP/MST would really help me get this up and running.

 

Thank you.

Regards

Elnur

p.s. the vendor is definitely not Cisco:) and I believe Cisco will help overcome shortcomings of EAPS:) 

p.s.s apologize for the lengthy post, and hope it did not bore you too much.

Cisco Employee

hi elnur.here some detail on

hi elnur.

here some detail on MSTAG: https://supportforums.cisco.com/document/61401/asr9000xr-using-mst-ag-mst-access-gateway-mst-and-vpls

BNG doesnt change the story a hell of a lot, because the BNG is just running on a subinterface on the bundle-e (or gige for that matter) which is also part of the STP topology. So the MSTP/MSTAG config we can tie loose from the bng, which makes it easier to setip (in phases for testing) and troubleshooting.

Forget about MCLAG, but in case you want more info go here: https://supportforums.cisco.com/document/9868751/asr9000xr-multichassis-lag-or-mc-lag-mclag-guide

So first setup MSTAG on say a bundle-e100.1 untagged EFP under the spanning-tree mstag YOURSTP section.

Then add the bng configs on say bundle-e100.20 l3 subinterfaces.

cheers!

xander

ps not a problem on the lengty post!

 

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

hi Xanderdo you mean I

hi Xander

do you mean I configure MST/MSTAG on phy interface and later put it into a bundle? 

Thanks

Elnour

Cisco Employee

The decision of using bundle

The decision of using bundle out of the 9k to your switch(es) depends on a few things:

1) bundles on the a9k will pull subscriber control to the RSP and you will cap session scale to 128k TOPs.

2) linecard based subscribers using a phy 10/1G (sub) interface will leave control of the sub on the LC with increasing scale release over release. First support for LC subs is in XR511.

3) the ability for your switches to support bundle (or lacp for that matter).

The MSTAG concept works the same for a gig/tengig or bundle

So you need to first determine whether you want RP or LC based subs.

And if bundle access is desired whether your switch supports LACp or link bundling.

If not and due to eg XR/A9K release restriction you have (For whatever reason), you can always consider a single member bundle and disable lacp on the a9k side so the switch doesnt even know we are making it a bundle.

The MSTAG function will break your ring, but make sure your switches do support MSTP (or PVST which is another alternative if necessary).

regards

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

thank you very much for

thank you very much for clarifications.

LACP is out, along with the bundles, my access plant does not support MCLAG.

Now, how do we get Seamless Redundancy and BNG cluster node protection, seamless as in the BNG session id/state is preserved between a cluster node/link failures.

With bundle I kind of get it, a physical interface from each chassis is joined into a bundle, and BNG is running over it, the state of each session is replicated between RSP's of the cluster because of the bundle.

With bundle if I shutdown a any given member streaming video would not even stutter, haven't tested node protection yet, I believe it should work.

As I understand the sessions will have to be reestablished in all cases expect for bundle. Please confirm.

 

Regards

Elnur

Cisco Employee

Because the ring terminates

Because the ring terminates on different interfaces, and you can't use bundle statefull is out...

XR52 will provide what we call "geo redundancy" this is 2 separate BNG's that sync their subs via a control channel (like iccp-ish) and then you can make that design with the ring you have work.

Another option is to do hub and spoke from the bng to the ring switches, so you dont have a ring anymore, but yeah hub and spoke, this requires more fiber between the switches and the bng's obviously.

redundancy doesn't come for free eh :)

cheers

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Hi XanderThank you for the

Hi Xander

Thank you for the confirmation. I'll deal with seamless redundancy later:)

Will g.8032 work or MSTAG is a better option? I saw your post where you are saying that g.8032 could work as well. My systems in the OSP do support MSTP to the standard (that's what they claim)

I'm very new to XR (a couple of weeks), the link that you've provided above for MSTAG guide is probably for another version of XR (not sure) as some of the instructions are missing on my system (XR511)

I tried to do g.8032 on my own, following the guide below

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/lxvpn/configuration/guide/lesc51x/lesc51p2mps.html#pgfId-1332653

yet vlan-ids instruction is not available in the context of the ring instance configuration, even if it was, I could not figure out the interface where to configure IP address (e.g. for management access into the OSP nor BNG)

Please advise. Really appreciate your effort!

 

Rgds,

Elnur

RP/0/RSP0/CPU0:ironman0#show ver
Fri Jun 13 09:02:24.538 UTC

Cisco IOS XR Software, Version 5.1.1[Default]
Copyright (c) 2014 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 2.03(20131022:110718) [ASR9K ROMMON],

ironman0 uptime is 9 weeks, 2 days, 4 hours, 54 minutes
System image file is "bootflash:disk0/asr9k-os-mbi-5.1.1/0x100000/mbiasr9k-rp.vm"

cisco ASR9K Series (P4040) processor with 8388608K bytes of memory.
P4040 processor at 1500MHz, Revision 2.0
ASR9001S Chassis

Cisco Employee

Hi Elnur,for those couple of

Hi Elnur,

for those couple of days only, you're doing pretty great!!

Say, the concept is here to break the ring, and you generally want some sort of loadbalancing. That means, that there are several options. 8032 is one, MSTP is one.

In order to reduce the load on the root's (the a9k's in this case) the MSTAG is a great concept. it runs MSTP, but only the bear bones: it sends precanned bpdu's out, showing to the ring it is the root. the switches in the ring based on that knowledge will forward some vlans (part of an instance) out on one link and other vlans (part of another instance) out another uplink interface.

Both options are perfectly doable 8032/mstag, they both achieve the same thing, I just happen to feel that MSTAG is probably a bit easier to approach and troubleshoot.

While 8032 is theoretically faster; if you're not concerned about a few msec convergence delay, hey, we're stateless already anyway, when we fail over the session needs to re-establish which by the nature of PPPoE takes seconds already right there.

then my train of thought is, go with the solution that is easiest for you to manage.

cheers

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Hi Xander In the last couple

Hi Xander

 

In the last couple of days I've finally got some time to deal with MSTAG and got it up on running with my nodes, let's just say everything seems to be alright on ASR cluster part MSTAG-wise, expect I could not find a way to attach BNG control policy to the routed BVI, I that where am I suppose to configure BNG control, or I shall try without l2vpn configure it individually on the bridge member interfaces(makes sense me, not sure how yet), or else?

please advise where is the right track:)

Thank you, your help is much appreciated!

e.g. VLAN 47 below is suppose to handle IPoE

 

Regards,

Elnur

 

spanning-tree mstag ring0-10gbps
 interface TenGigE0/0/0/2.1
  name ring0
  revision 1
  bridge-id 0000.0000.0001
  instance 0
   root-id 0000.0000.0001
   priority 4096
   root-priority 4096
  !
  instance 1
   vlan-ids 20,35,47
   root-id 0000.0000.0001
   priority 4096
   root-priority 4096
  !
  instance 2
   vlan-ids 49
   root-id 0000.0000.0001
   priority 4096
   root-priority 4096
  !
 !
 interface TenGigE1/0/0/2.1
  name ring0
  revision 1
  bridge-id 0000.0000.0002
  instance 0
   root-id 0000.0000.0001
   priority 8192
   root-priority 4096
  !
  instance 1
   vlan-ids 20,35,47
   root-id 0000.0000.0001
   priority 8192
   root-priority 4096
  !
  instance 2
   vlan-ids 49
   root-id 0000.0000.0001
   priority 8192
   root-priority 4096
  !
 !
!

l2vpn
 bridge group ring0
  bridge-domain ring0-ipoe
   transport-mode vlan passthrough
   interface TenGigE0/0/0/2.47
   !
   interface TenGigE1/0/0/2.47
   !
   routed interface BVI47
  !
  bridge-domain ring0-mngmnt
   interface TenGigE0/0/0/2.20
   !
   interface TenGigE1/0/0/2.20
   !
   routed interface BVI20
  !
  bridge-domain ring0-cpe-mnmngt
   interface TenGigE0/0/0/2.49
   !
   interface TenGigE1/0/0/2.49
   !
   routed interface BVI49
  !
 !
!

Cisco Employee

Hey Elnur,your finding is

Hey Elnur,

your finding is correct that BVI doesnt support subscribers. You can either terminate subscribers on the phy (sub) interface or bundle (sub)interface.

In this model with phy interfaces, since you can't run bundle due to your access environment, and you're stuck with those phy's then you have to apply the control policy to the te 0/0/0/2.49 interface.

Right now it is in l2transport mode, because you pulled it in a bridge domain. But if you put it back in l3 mode, then you can apply the control policy to it for the ip session activation. The "gotcha" with this design is, that this is active/standby for the both access interfcaes and the subscriber, when created is tied to that interface. Which means upon switch over it needs to be recreated. (stateless failover)

So what you can do here is potentially set a packet trigger on the standby interface for instance and recreate the subscriber on the unknown source ip to provide more seamless subscriber recreation in case there is ring convergence.

cheers!

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Thank you for your response!

Thank you for your response! I kind of figured this out myself, and got stuck again, to be honest have not had a chance to dig deeper, and using this opportunity would like to ask.

All the great guides here have:

interface Bundle-Ether100.2 proxy profile AutoSelectGiaddr

here is my problem, bundle-ether nor Phy interfaces on my system do not have 'proxy' option. I hope I'm missing something obvious.

 

Cisco IOS XR Software, Version 5.1.1[Default] 

 

Thank you

Elnur

New Member

Found it

Cisco Employee

hi elnur, ok cool yeah it is

hi elnur, ok cool yeah it is under the dhcp ipv4 context, or should be :)

you're all set?

cheers!

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Hi Xander,Not quite set yet,

Hi Xander,

Not quite set yet, how did you know?:) if you do not mind, I have more problems and a few questions:

I'm moving forward, overall XR to me seems more intuitive, ones you get used to it:)

problem: if the the ring is open in the middle, both nodes must play, everything works as expected on one interface, does not on the other, please take a look below, the only difference is that one of them is on LC of one chassis the other one is on LC of the other (this is ASR9001S nV cluster), local dhcp server shows the session stuck in INIT_DPM_WAIT state. I thought it is because of the shared pool (some sort of protection against split brain) and downed the working interface, did not help. Is there some particular reason that you know of that might be causing this?

How do I debug IPOE sessions? I googled all I could, no luck.

interface TenGigE1/0/0/2.47

 description rign0-ipoe-west
 ipv4 point-to-point
 ipv4 unnumbered Loopback20
 service-policy type control subscriber ES_IPOE_PM0
 shutdown
 encapsulation dot1q 47
 ipsubscriber ipv4 l2-connected
  initiator dhcp
 !
interface TenGigE0/0/0/2.47

 description rign0-ipoe-east
 ipv4 point-to-point
 ipv4 unnumbered Loopback20
 service-policy type control subscriber ES_IPOE_PM0
 encapsulation dot1q 47
 ipsubscriber ipv4 l2-connected
  initiator dhcp
 !
!

Thank you.

Elnur

New Member

Dear Xander,please advice,

Dear Xander,

please advice, what is INIT_DPM_WAIT state, the problem I have looks like L2 issue of the ring equipment, ASR is doing great! anyhow please let me know if you suspect(know) anything is wrong with ASR in this regards - ignore otherwise:) (I'm already planning procurement of CPT 200 based ring)

About debugging IPOE sessions, still stands, please advise.

IOS ISG based portal we developed is using portbundle to identify redirected (captured) sessions, as I understand there is no portbundle support in XR (increased scalability?). I need option82 for automation of the service provisioning in the billing system, given client IP extracting it from accounting records is trivial, the only problem that I see is with VRF's (client IP collision), a portal per VRF could be used to avoid this collision (additional interfaces), have not thought it through yet. Do you see any problems with this? please advise.

Is there another document besides this with iEdge (CoA) commands?

Thank your very much!

Elnur

New Member

This is what DPM debug saysLC

This is what DPM debug says

LC/0/0/CPU0:Jul 24 08:14:37.759 : dhcpd[153]: DPM INTERNAL: TP13: DPM Session create called for client DHCPV4
LC/0/0/CPU0:Jul 24 08:14:37.759 : dhcpd[153]: DPM INTERNAL: TP14: DPM Session create params client DHCPV4: chaddr 3a02.7138.f050chaddr_len 6, client_id , client_id_len 0, parentIfHandle 0x4000740 (67110720)
LC/0/0/CPU0:Jul 24 08:14:37.759 : dhcpd[153]: DPM INTERNAL: TP15: Session create params client DHCPV4 circuit_id 31302E3139322E36342E32303A312D392D332D302D6574682D34373A2D3437, circuit_id_len 31
LC/0/0/CPU0:Jul 24 08:14:37.759 : dhcpd[153]: DPM INTERNAL: TP38: Session create params client DHCPV4 vendor_id , vendor_id_len 0
LC/0/0/CPU0:Jul 24 08:14:37.759 : dhcpd[153]: DPM INTERNAL: TP57: Session create params client DHCPV4  port 2 chan 0subif 47 rack 0 slot 0 instance 8
LC/0/0/CPU0:Jul 24 08:14:37.759 : dhcpd[153]: DPM INTERNAL: TP66: Session create params client DHCPV4 nas port type 22tag_count 1 outer tag 47 inner tag 0
LC/0/0/CPU0:Jul 24 08:14:58.041 : dhcpd[153]: DPM INTERNAL: TP50: Session start response callback received with sub_label = 0x4000014 (67108884), client = DHCPV4 ctx = 0x3001351 (50336593), result = 'AAA_BASE' detected the 'fatal' condition 'Invalid state (aaa base lib error)', trans_id = 0x1379 (49
85)
LC/0/0/CPU0:Jul 24 08:14:58.041 : dhcpd[153]: DPM ERROR: TP7: Session start response for sub_label 0x4000014 (67108884) client DHCPV4result is not ok: 'AAA_BASE' detected the 'fatal' condition 'Invalid state (aaa base lib error)'
LC/0/0/CPU0:Jul 24 08:14:58.042 : dhcpd[153]: DPM INTERNAL: TP119: Session disconnect called for client DHCPV4 reason Session start failure
LC/0/0/CPU0:Jul 24 08:14:58.042 : dhcpd[153]: DPM ERROR: TP36: Invalid sub_label passed to disconnect sessionfor client DHCPV4

Cisco Employee

I think this is a known issue

I think this is a known issue. Can you recover from this scenario by doing a proc restart on the dhcp process on LC0 and the RP?

If so, you may be hitting CSCuo78296 , it doesnt have any release note yet, but I'll check that out. Try the proc restart first.

Besides the link you have found for the VSA/attributes, there is not much else today, however our doc group is putting some effort in documenting this properly, so you'll likely see it appearing on CCO at some point soon.

regards

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Thank you Xander, I was

Thank you Xander, I was lost

Unfortunately I was unable to access the bug info, on CSCuo78296.

about debugging, I wonder what is this, a several of times debug output just stopped (this is the reason I struggled above, I thought i'm not enabling it correctly ), I have to undebug and debug back everything, in order to get output back on to the monitor terminals, several times it even closed the telnet session all together, the one where debug was enabled from, the other active telnet sessions stayed alive, but stopped debug output as well.

 

as to the restart of dhcpd, it did not help on the affected member, so i decided to reboot the affected cluster member, for some reason i lost from the cluster, I tried to bring it back by rebooting the unaffected member, reboot did not bring the lost member, and now the same DPM problem is affecting this single member as well, below output is from it:

 

RP/1/RSP0/CPU0:ironman0#process restart dhcpd location all
Fri Jul 25 03:14:54.678 Baku
Location all can affect the stability of the System. Proceed? [confirm]On node node1_0_CPU0 ...
RP/1/RSP0/CPU0:Jul 25 03:14:55.308 : sysmgr_control[65886]: %OS-SYSMGR-4-PROC_RESTART_NAME : User elnour (vty0) requested a restart of process dhcpd at 1/0/CPU0
On node node1_RSP0_CPU0 ...
complete
RP/1/RSP0/CPU0:ironman0#LC/1/0/CPU0:Jul 25 03:14:55.394 : ipsub_ma[242]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is not ready. Reason: [V4 Subscriber infra process(es) is unavailble].
RP/1/RSP0/CPU0:Jul 25 03:14:55.439 : ipsub_ma[290]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is not ready. Reason: [V4 Subscriber infra process(es) is unavailble].
LC/1/0/CPU0:Jul 25 03:14:56.048 : dhcpd[153]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is not ready. Reason: [V4 Subscriber infra process(es) is unavailble].
RP/1/RSP0/CPU0:Jul 25 03:14:56.117 : dhcpd[1080]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is not ready. Reason: [V4 Subscriber infra process(es) is unavailble].
LC/1/0/CPU0:Jul 25 03:14:58.120 : dhcpd[153]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is ready. Reason: [V4 Subscriber infra process(es) is availble].
LC/1/0/CPU0:Jul 25 03:14:58.120 : ipsub_ma[242]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is ready. Reason: [V4 Subscriber infra process(es) is availble].
RP/1/RSP0/CPU0:Jul 25 03:14:58.168 : dhcpd[1080]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is ready. Reason: [V4 Subscriber infra process(es) is availble].
RP/1/RSP0/CPU0:Jul 25 03:14:58.168 : ipsub_ma[290]: %SUBSCRIBER-SUB_UTIL-5-SESSION_THROTTLE : Subscriber Infra is ready. Reason: [V4 Subscriber infra process(es) is availble].

RP/1/RSP0/CPU0:ironman0#
RP/1/RSP0/CPU0:ironman0#
RP/1/RSP0/CPU0:ironman0#show proc dhcpd location all
Fri Jul 25 03:15:04.433 Baku
node:      node1_0_CPU0
-------------------------------------------------------------------------------
                  Job Id: 153
                     PID: 512176
         Executable path: /iosxr-fwding-5.1.1/bin/dhcpd
              Instance #: 1
              Version ID: 00.00.0000
                 Respawn: ON
           Respawn count: 7
  Max. spawns per minute: 12
            Last started: Fri Jul 25 03:14:55 2014
           Process state: Run (last exit status : 1)
           Package state: Normal
       Started on config: cfg/gl/dhcpd/profile/IPOE_BASE/0x3/server/type
                    core: MAINMEM
               Max. core: 0
               Placement: None
            startup_path: /pkg/startup/dhcpd.startup
                   Ready: 0.616s
        Process cpu time: 0.229 user, 0.032 kernel, 0.261 total
JID   TID CPU Stack pri state        TimeInState    HR:MM:SS:MSEC   NAME
153    1    3  128K  10 Join           0:00:08:0379    0:00:00:0191 dhcpd
153    2    2  128K  10 Sigwaitinfo    0:00:08:0813    0:00:00:0000 dhcpd
153    3    3  128K  10 Receive        0:00:08:0614    0:00:00:0000 dhcpd
153    4    3  128K  10 Receive        0:00:03:0507    0:00:00:0013 dhcpd
153    5    3  128K  10 Receive        0:00:07:0352    0:00:00:0001 dhcpd
153    6    2  128K  10 Receive        0:00:00:0060    0:00:00:0027 dhcpd
153    7    2  128K  10 Receive        0:00:00:0309    0:00:00:0028 dhcpd
153    8    3  128K  10 Receive        0:00:08:0383    0:00:00:0000 dhcpd
153    9    1  128K  10 Receive        0:00:08:0323    0:00:00:0001 dhcpd
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
node:      node1_RSP0_CPU0
-------------------------------------------------------------------------------
                  Job Id: 1080
                     PID: 1851601
         Executable path: /disk0/iosxr-fwding-5.1.1/0x204/bin/dhcpd
              Instance #: 1
              Version ID: 00.00.0000
                 Respawn: ON
           Respawn count: 7
  Max. spawns per minute: 12
            Last started: Fri Jul 25 03:14:55 2014
           Process state: Run (last exit status : 1)
           Package state: Normal
       Started on config: cfg/gl/dhcpd/
           Process group: central-services
                    core: OFF
               Max. core: 0
               Placement: Placeable
            startup_path: /pkg/startup/dhcpd.startup
                   Ready: 0.695s
        Process cpu time: 0.215 user, 0.038 kernel, 0.253 total
1080   1    1  144K  10 Join           0:00:08:0228    0:00:00:0208 dhcpd
1080   2    3  144K  10 Receive        0:00:08:0800    0:00:00:0000 dhcpd
1080   3    3  144K  10 Sigwaitinfo    0:00:08:0745    0:00:00:0000 dhcpd
1080   4    2  144K  10 Receive        0:00:03:0460    0:00:00:0010 dhcpd
1080   5    1  144K  10 Receive        0:00:07:0356    0:00:00:0000 dhcpd
1080   6    2  144K  10 Condvar        0:00:07:0947    0:00:00:0001 dhcpd
1080   7    0  144K  10 Receive        0:00:00:0123    0:00:00:0022 dhcpd
1080   8    3  144K  10 Receive        0:00:00:0168    0:00:00:0010 dhcpd
1080   9    3  144K  10 Receive        0:00:08:0227    0:00:00:0000 dhcpd
1080   10   3  144K  10 Receive        0:00:08:0178    0:00:00:0002 dhcpd
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------

 

RP/1/RSP0/CPU0:ironman0#show subscriber session all
Fri Jul 25 03:34:16.625 Baku
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End

Type         Interface                State     Subscriber IP Addr / Prefix
                                                LNS Address (Vrf)
--------------------------------------------------------------------------------
PPPoE:PTA    BE100.47.pppoe1          AC        185.26.184.0 (default)
IP:DHCP      No                       CN        -
RP/1/RSP0/CPU0:ironman0#debug dpm
Fri Jul 25 03:34:20.302 Baku
RP/1/RSP0/CPU0:ironman0#LC/1/0/CPU0:Jul 25 03:34:27.160 : dhcpd[153]: DPM INTERNAL: TP50: Session start response callback received with sub_label = 0x400001d (67108893), client = DHCPV4 ctx = 0x200002a (33554474), result = 'AAA_BASE' detected the 'fatal' condition 'Invalid state (aaa base lib error)', trans_id = 0x2a (42)
LC/1/0/CPU0:Jul 25 03:34:27.161 : dhcpd[153]: DPM INTERNAL: TP119: Session disconnect called for client DHCPV4 reason Session start failure
LC/1/0/CPU0:Jul 25 03:34:27.160 : dhcpd[153]: DPM ERROR: TP7: Session start response for sub_label 0x400001d (67108893) client DHCPV4result is not ok: 'AAA_BASE' detected the 'fatal' condition 'Invalid state (aaa base lib error)'
LC/1/0/CPU0:Jul 25 03:34:27.161 : dhcpd[153]: DPM ERROR: TP36: Invalid sub_label passed to disconnect sessionfor client DHCPV4

RP/1/RSP0/CPU0:ironman0#undebug allLC/1/0/CPU0:Jul 25 03:34:34.527 : dhcpd[153]: DPM INTERNAL: TP13: DPM Session create called for client DHCPV4
LC/1/0/CPU0:Jul 25 03:34:34.527 : dhcpd[153]: DPM INTERNAL: TP14: DPM Session create params client DHCPV4: chaddr 2a02.7138.f076chaddr_len 6, client_id , client_id_len 0, parentIfHandle 0x440003c0 (1140851648)
LC/1/0/CPU0:Jul 25 03:34:34.527 : dhcpd[153]: DPM INTERNAL: TP15: Session create params client DHCPV4 circuit_id 31302E3139322E36342E34303A312D31382D332D302D6574682D34373A2D3437, circuit_id_len 32
LC/1/0/CPU0:Jul 25 03:34:34.527 : dhcpd[153]: DPM INTERNAL: TP38: Session create params client DHCPV4 vendor_id , vendor_id_len 0
LC/1/0/CPU0:Jul 25 03:34:34.527 : dhcpd[153]: DPM INTERNAL: TP57: Session create params client DHCPV4  port 2 chan 0subif 47 rack 1 slot 0 instance 8
LC/1/0/CPU0:Jul 25 03:34:34.527 : dhcpd[153]: DPM INTERNAL: TP66: Session create params client DHCPV4 nas port type 22tag_count 1 outer tag 47 inner tag 0

Fri Jul 25 03:34:34.635 Baku
All possible debugging has been turned off
RP/1/RSP0/CPU0:ironman0#

Cisco Employee

Ok this is not good. We need

Ok this is not good. We need to investigate this more closely. At this point I think a TAC case might be best to continue the triage allowing us to give some dedication to this problem.

I would want to recommend you to first check with XR 512, if this is a lab environment, to make sure this is not a known issue in 511.

If you could check the behavior in XR512 and if the same or similar collect this same logging and have that entered in a TAC case.

would that work for you?

regards

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Thank you Xander

Thank you Xander,

Unfortunately, at the moment I don't have Smartnet, I'll purchase it ASAP, in the meanwhile I would really appreciate if you could provide XR512 for tests, is it possible?

Thank you.

Regards

Elnur

Cisco Employee

oops! :) haha no problem.If

oops! :) haha no problem.

If you have a CCO ID you should be able to download XR512 no problem. I could post it on file exchange on CCO, but that still requires a CCO ID.

regards

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Thank you Xander, you are a

Thank you Xander, you are a good man!

I'm not sure:) (is it the login I use to access cisco.com?) I think my CCO ID is elnur.mammadov

 

Thank you

Elnur

Cisco Employee

yup that is the one Elnur, I

yup that is the one Elnur, I verified in the CCO lookup tool and that uid indeed exists. So with that you should be able to go to the:

support, then downloads, add asr9000 in the search box.

when you have that then select all releases from the left, 5 and take the 512 (ED) image to add to your cart for download.

regards!

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Hi XanderIt still does not

Hi Xander

It still does not work, I tried, please find the image attached.

What about file exchange?

 

Thank you! 

 

Regards,

Elnur

Cisco Employee

Hello everyone,

Hello everyone,

I saw this thread is last 3 year ago. But I hope someone can help to answer and advise me.

I would like to know what is the main difference between BNG cluster and BNG geo - redundancy ? what is pro and con ? which one is better solution?

I have 3xASR9006 use as BNG in difference location. I want to do load sharing and redundancy for them. Not so sure to use which solution.

Thanks.

Cisco Employee

hi laung,

hi laung,

cluster is taking 2 physical chassis and make them a single logical router.

this requires a brain extension (EOBC extension) and a dataplane extension between the chassis (aka IRL). because it is a single control plane the overall scale doesnt increase as much. but since it is now a single control plane, active/active LAG can be done.

geored is superior. you can have 2 devices use another one as backup. the control plane is separate, so the scale is higher. no need for low latency EOBC extensions as geored uses iccp to communicate and sync state for the sessions.

also cluster is no longer supported in XR6 and not on rsp880/tomahawk linecards either btw.

in short geored is what you want to be looking at for your scenario.

cheers

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

Xander, Google found this

Xander,

 

Google found this http://www.ciscoknowledgenetwork.com/files/96_03-15-11_BNG_evolution_seminar_v0.9.pdf

on the page 19 I was very happy to see the attached snipped:)

 

Regards

Elnur

 

 

 

 

909
Views
15
Helpful
28
Replies