Je teste plusieurs fonctions sur des routeurs émulés Cisco 7200, dans GNS3, avant l'achat réel.
L'une des fonctions que j'ai testées est la fonctionnalité LNS. J'ai principalement suivi ce billet de blog en termes de topologie et de configuration, bien que les adresses IP et les noms aient changé au fur et à mesure que j'ai adapté ma topologie existante.
J'essaie de comprendre pourquoi les abandons se produisent, ou du moins ce que je pourrais plus examiner pour diagnostiquer le problème. La connectivité entre CPE et mon LNS est par ailleurs correcte, à part les déconnexions régulières.
Avant d'aller plus loin: je dois mentionner que j'ai vu des abandons aléatoires avec GNS3 lorsque le processeur hôte est au maximum. Dans ce cas, le processeur est élevé, mais pas entièrement au maximum, et semble fonctionner correctement. Je soupçonne toujours qu'il s'agit d'un problème spécifique à GNS3, mais je ne suis pas sûr.
Dans ma topologie:
Tous les routeurs (CPE, LAC, LNS) sont:
Logiciel Cisco IOS, logiciel 7200 (C7200-ADVIPSERVICESK9-M), version 15.0 (1) M, LOGICIEL DE LIBÉRATION (fc2)
Processeur Cisco 7206VXR (NPE400) (révision A) avec 245760K / 16384K octets de mémoire.
- EDGE01 est mon LNS.
- CPE-A est le routeur client.
- J'ai le routeur en amont de mon laboratoire agissant en tant que LAC, mais je ne me concentre pas sur cela, car je veux simuler la résolution du problème comme je le ferais si notre LNS était en production - donc je n'aurais généralement pas de journaux LAC facilement disponibles .
Tout semble bien fonctionner, même si j'ai remarqué que l'appareil CPE semble se déconnecter et se reconnecter toutes les quelques minutes. Bien que les délais d'attente soient toujours similaires, ils ne sont pas exactement les mêmes:
EDGE01#sh logging | inc Foreign Host Close
*Mar 6 13:34:34.000: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 13:36:40.340: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 13:39:38.107: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 13:41:33.003: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
EDGE01#
Voici quelques exemples de journaux de ce qui se passe. Je ne les lis peut-être pas correctement, mais il semble que le CPE et le LNS disent: "L'autre gars a déconnecté la session, pas moi."
Déconnexion CPE
*Mar 6 13:30:35.378: Vi1 LCP: I TERMREQ [Open] id 1 len 4
*Mar 6 13:30:35.394: Vi1 IPCP: Event[DOWN] State[Open to Starting]
*Mar 6 13:30:35.394: Vi1 IPCP: Event[CLOSE] State[Starting to Initial]
*Mar 6 13:30:35.398: Vi1 LCP: O TERMACK [Open] id 1 len 4
*Mar 6 13:30:35.398: Vi1 LCP: Event[Receive TermReq] State[Open to
Stopping]
*Mar 6 13:30:35.398: Vi1 PPP DISC: Received LCP TERMREQ from peer
*Mar 6 13:30:35.402: Vi1 PPP: Phase is TERMINATING
*Mar 6 13:30:35.426: Di1 IPCP: Remove route to 172.16.2.1
*Mar 6 13:30:35.650: PPPoE 1544: I PADT R:ca03.0fa0.0008
L:ca0a.13a4.0008 Fa0/0
*Mar 6 13:30:35.650: PPPoE : Shutting down client session
*Mar 6 13:30:35.650: [0]PPPoE 1544: O PADT R:ca03.0fa0.0008
L:ca0a.13a4.0008 Fa0/0
*Mar 6 13:30:35.650: PPPoE: Failed to add PPPoE switching subblock
*Mar 6 13:30:35.650: %DIALER-6-UNBIND: Interface Vi1 unbound from
profile Di1
*Mar 6 13:30:35.650: Vi1 PPP: Block vaccess from being freed [0x10]
*Mar 6 13:30:35.650: Vi1
CPE-A#
LCP: Event[DOWN] State[Stopping to Starting]
*Mar 6 13:30:35.650: Vi1 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Mar 6 13:30:35.650: Vi1 PPP: Free previously blocked vaccess
*Mar 6 13:30:35.650: Vi1 PPP: Phase is DOWN
*Mar 6 13:30:35.654: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
state to down
*Mar 6 13:30:35.658: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to down
*Mar 6 13:30:35.682: PPPoE: Unexpected Event!. PPPoE switching
Subblockdestroy called
Déconnexion LNS
EDGE01#
L2X_ADJ: Vi2.1:adj notify change, event 4
L2X_ADJ: Vi2.1:midchain unstacking IP 0.0.0.0
L2X_ADJ: Vi2.1:adj notify change, event 8
*Mar 6 14:39:33.227: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 14:39:33.235: VPDN Vi2.1 vpdn shutdown session, result=2, error=6,
vendor_err=0, syslog_error_code=23, syslog_key_type=1
*Mar 6 14:39:33.243: VPDN Vi2.1 VPDN/AAA: accounting stop sent
*Mar 6 14:39:33.255: VPDN Vi2.1 Unbinding session from idb
*Mar 6 14:39:33.263: Vi2.1 VPDN: Resetting interface
L2X_ADJ: Vi2.1:midchain unstacking IP 0.0.0.0
L2X_ADJ: Vi2.1:removed ctx
Reconnexion LNS
*Mar 6 13:30:58.604: VPDN Received L2TUN socket message <xCRQ - Session
Incoming>
*Mar 6 13:30:58.608: VPDN Tnl/Sn 41793 56421 L2TUN socket session accept
requested
*Mar 6 13:30:58.612: VPDN Tnl/Sn 41793 56421 Setting up dataplane for
L2-L2, no idb
*Mar 6 13:30:58.880: VPDN Received L2TUN socket message <xCCN - Session
Connected>
*Mar 6 13:30:58.892: VPDN uid:330 VPDN session up
L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0
L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0
*Mar 6 13:30:59.112: VPDN uid:330 Virtual interface created for
cpe-a@isp.com
bandwidth 100000 Kbps
Reconnexion CPE
*Mar 6 13:30:55.674: Sending PADI: Interface = FastEthernet0/0
*Mar 6 13:30:55.686: PPPoE 0: I PADO R:ca03.0fa0.0008 L:ca0a.13a4.0008
Fa0/0
CPE-A#
*Mar 6 13:30:57.722: PPPOE: we've got our pado and the pado timer went off
*Mar 6 13:30:57.722: OUT PADR from PPPoE Session
*Mar 6 13:30:57.822: PPPoE 1545: I PADS R:ca03.0fa0.0008 L:ca0a.13a4.0008
Fa0/0
*Mar 6 13:30:57.822: IN PADS from PPPoE Session
*Mar 6 13:30:57.838: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 6 13:30:57.842: PPPoE: Virtual Access interface obtained.
*Mar 6 13:30:57.842: PPPoE : encap string prepared
*Mar 6 13:30:57.842: [0]PPPoE 1545: data path set to PPPoE Client
*Mar 6 13:30:57.854: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
state to up
*Mar 6 13:30:57.854: Vi1 PPP: Sending cstate UP notification
*Mar 6 13:30:57.858: Vi1 PPP: Processing CstateUp message
*Mar 6 13:30:57.906: PPP: Alloc Context [66CDB580]
*Mar 6 13:30:57.906: ppp622 PPP: Phase is ESTABLISHING
*Mar 6 13:30:57.910: Vi1 PPP: Using dialer call direction
*Mar 6 13:30:57.910: Vi1 PPP: Treating connection as a callout
*Mar 6 13:30:57.910: Vi1 PPP:
CPE-A#
Session handle[F400069A] Session id[622]
*Mar 6 13:30:57.914: Vi1 LCP: Event[OPEN] State[Initial to Starting]
*Mar 6 13:30:57.914: Vi1 PPP: No remote authentication for call-out
*Mar 6 13:30:57.918: Vi1 LCP: O CONFREQ [Starting] id 1 len 10
*Mar 6 13:30:57.918: Vi1 LCP: MagicNumber 0x191D3E68 (0x0506191D3E68)
*Mar 6 13:30:57.922: Vi1 LCP: Event[UP] State[Starting to REQsent]
*Mar 6 13:30:58.042: Vi1 LCP: I CONFREQ [REQsent] id 1 len 18
*Mar 6 13:30:58.046: Vi1 LCP: MRU 1492 (0x010405D4)
*Mar 6 13:30:58.046: Vi1 LCP: AuthProto PAP (0x0304C023)
*Mar 6 13:30:58.046: Vi1 LCP: MagicNumber 0x2686484A (0x05062686484A)
*Mar 6 13:30:58.050: Vi1 LCP: O CONFNAK [REQsent] id 1 len 8
*Mar 6 13:30:58.050: Vi1 LCP: MRU 1500 (0x010405DC)
*Mar 6 13:30:58.050: Vi1 LCP: Event[Receive ConfReq-] State[REQsent to
REQsent]
*Mar 6 13:30:58.106: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
*Mar 6 13:30:58.106: Vi1 LCP: MagicNumber 0x191D3E68 (0x0506191D3E68)
*Mar 6
CPE-A#13:30:58.106: Vi1 LCP: Event[Receive ConfAck] State[REQsent to
ACKrcvd]
*Mar 6 13:30:58.110: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
*Mar 6 13:30:58.110: Vi1 LCP: MRU 1500 (0x010405DC)
*Mar 6 13:30:58.110: Vi1 LCP: AuthProto PAP (0x0304C023)
*Mar 6 13:30:58.110: Vi1 LCP: MagicNumber 0x2686484A (0x05062686484A)
*Mar 6 13:30:58.114: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 18
*Mar 6 13:30:58.114: Vi1 LCP: MRU 1500 (0x010405DC)
*Mar 6 13:30:58.114: Vi1 LCP: AuthProto PAP (0x0304C023)
*Mar 6 13:30:58.114: Vi1 LCP: MagicNumber 0x2686484A (0x05062686484A)
*Mar 6 13:30:58.118: Vi1 LCP: Event[Receive ConfReq+] State[ACKrcvd to
Open]
*Mar 6 13:30:58.122: Vi1 PPP: No authorization without authentication
*Mar 6 13:30:58.126: Vi1 PPP: Phase is AUTHENTICATING, by the peer
*Mar 6 13:30:58.126: Vi1 PAP: Using hostname from interface PAP
*Mar 6 13:30:58.126: Vi1 PAP: Using password from interface PAP
*Mar 6 13:30:58.126: Vi1 PAP: O AUTH-REQ id 1 len 26 from
CPE-A# "cpe-a@isp.com"
*Mar 6 13:30:58.130: Vi1 LCP: State is Open
*Mar 6 13:30:59.390: Vi1 PAP: I AUTH-ACK id 1 len 5
*Mar 6 13:30:59.394: Vi1 PPP: Phase is FORWARDING, Attempting Forward
*Mar 6 13:30:59.394: Vi1 PPP: Queue IPCP code[1] id[1]
*Mar 6 13:30:59.422: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
*Mar 6 13:30:59.426: Vi1 PPP: Phase is UP
*Mar 6 13:30:59.426: Vi1 IPCP: Protocol configured, start CP.
state[Initial]
*Mar 6 13:30:59.426: Vi1 IPCP: Event[OPEN] State[Initial to Starting]
*Mar 6 13:30:59.430: Vi1 IPCP: O CONFREQ [Starting] id 1 len 10
*Mar 6 13:30:59.430: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
*Mar 6 13:30:59.434: Vi1 IPCP: Event[UP] State[Starting to REQsent]
*Mar 6 13:30:59.434: Vi1 PPP: Process pending ncp packets
*Mar 6 13:30:59.434: Vi1 IPCP: Redirect packet to Vi1
*Mar 6 13:30:59.434: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar 6 13:30:59.438: Vi1 IPCP: Address 172.16.2.1 (0x0306AC100201)
*Mar 6 13:30:59.442: Vi1 IPCP:
CPE-A# O CONFACK [REQsent] id 1 len 10
*Mar 6 13:30:59.442: Vi1 IPCP: Address 172.16.2.1 (0x0306AC100201)
*Mar 6 13:30:59.442: Vi1 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Mar 6 13:30:59.446: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to up
*Mar 6 13:30:59.602: Vi1 IPCP: I CONFNAK [ACKsent] id 1 len 10
*Mar 6 13:30:59.602: Vi1 IPCP: Address 172.16.2.19 (0x0306AC100213)
*Mar 6 13:30:59.606: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
*Mar 6 13:30:59.606: Vi1 IPCP: Address 172.16.2.19 (0x0306AC100213)
*Mar 6 13:30:59.606: Vi1 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to
ACKsent]
*Mar 6 13:30:59.826: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
*Mar 6 13:30:59.826: Vi1 IPCP: Address 172.16.2.19 (0x0306AC100213)
*Mar 6 13:30:59.826: Vi1 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Mar 6 13:30:59.842: Vi1 IPCP: State is Open
*Mar 6 13:30:59.846: Di1 IPCP: Install negotiated IP interface address
172.16.2.19
*Mar 6 13:30:59.854: Di1 IPCP: Install route to 172.16.2.1
CPE-A#
Configurations pertinentes ...
Le LAC:
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
vpdn search-order domain
!
vpdn-group PPP-Customers
request-dialin
protocol l2tp
domain isp.com
initiate-to ip 10.27.200.2
local name LAC
l2tp tunnel password 0 tunnel123
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
bba-group pppoe isp
virtual-template 1
!
!
interface Loopback0
description Management Loopback
ip address 10.27.100.1 255.255.255.255
!
!
interface FastEthernet0/0
description PtP to CPE
no ip address
duplex auto
speed auto
pppoe enable group isp
!
!
!
interface FastEthernet1/0
description PtP LAC-EDGE01
ip address 10.27.200.1 255.255.255.252
duplex full
speed 100
!
!
interface Virtual-Template1
ip unnumbered Loopback0
ppp authentication pap chap
!
!
router bgp 100
no synchronization
bgp router-id 10.27.100.1
bgp log-neighbor-changes
neighbor 10.27.200.2 remote-as 165535
neighbor 10.27.200.2 password BGP123
no auto-summary
!
Le LNS:
EDGE01 # sh debug
VPN:
Le débogage des événements VPDN est activé
aaa new-model
!
!
aaa authentication ppp default local
aaa authentication ppp PPPNetBlock local
!
!
!
!
!
aaa session-id common
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group PPP-Customers
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS
no l2tp tunnel authentication
l2tp tunnel password 0 tunnel123
l2tp tunnel timeout no-session 15
!
!
!
!
!
username cpe-a@isp.com password 0 cpe123
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
description Management Loopback
ip address 172.16.3.1 255.255.255.255
!
!
interface Loopback1
description PPP Customers GW Loopback
ip address 172.16.2.1 255.255.255.255
!
!
interface FastEthernet0/0
description PtP EDGE01-LAC
ip address 10.27.200.2 255.255.255.252
duplex full
speed 100
!
!
interface Virtual-Template1
description PPP Customers Template
ip unnumbered Loopback1
peer default ip address pool PPPNetBlock
ppp authentication pap chap
!
!
! For this lab, I am redistributing CPE IPs into OSPF instead of BGP.
router ospf 1
router-id 172.16.3.1
log-adjacency-changes
auto-cost reference-bandwidth 512000
redistribute connected subnets
network 172.16.3.0 0.0.0.255 area 0
default-information originate
!
! BGP with upstream router, which is also the LAC.
! BGP session is kind of irrelevant, though.
router bgp 165535
no synchronization
bgp router-id 10.27.200.2
bgp log-neighbor-changes
neighbor 10.27.200.1 remote-as 100
neighbor 10.27.200.1 password BGP123
no auto-summary
!
ip local pool PPPNetBlock 172.16.2.2 172.16.2.254
ip forward-protocol nd
Le CPE:
Débogage CPE-A # sh
PPP:
Le débogage de l'authentification PPP est activé
Le débogage des erreurs de protocole PPP est activé
Le débogage de la négociation du protocole PPP est activé
PPPoE:
Le débogage des événements du protocole PPPoE est activé
Le débogage des erreurs de protocole PPPoE est activé
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
description DSL
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
!
interface Dialer1
description DSL Dialer
ip address negotiated
ip mtu 1492
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap callin
ppp chap hostname cpe-a@isp.com
ppp chap password 0 cpe123
ppp pap sent-username cpe-a@isp.com password 0 cpe123
no cdp enable
!
!
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!