05-07-2010 11:15 AM - edited 03-04-2019 08:24 AM
Hi,
I'll try to explain my problem. Sorry for my level in english.
We've got a LNS router (cisco c7301) which is responsible for the interconnection of 2.400 routers DSL (1.800 adsl routers + 480 sdsl routers).
This LNS router is called by several LAC equipments.
The LNS router call 2 radius services to authenticate the l2tp sessions.
When i realize a clear of the l2tp sessions on the equipment, several hundred of l2tp sessions can't established and remain blocked in a wait-connected status (wt-con status).
We have activated the debug mode on a LAC Router and the LNS Router and we observed that the LNS router not really sent the ICRP response to the ICRQ request send by the LAC router.
The LNS router try to resend the ICRP packet but without success
Mar 8 18:19:47: Tnl 41875 L2TP: O Resend ICRP, flg TLS, ver 2, len 28, tnl 4489, ns 28517, nr 58314
The LAC Server doesn't receive the ICRP packet and send a deconnection request (CDN) to the LNS router after a wait of 40 seconds
Regularly, the blocked DSL routers initialize some new attempts of l2tp connexion but this phenomenon persists and is happen again at each time.
So the last l2tp sessions can't established while several hours.
During the detection of the issue, the LNS router were quiet (CPU usage: 10% - used RAM memory: 22%).
This kind of router will be able to establish more than 15.000 l2tp sessions and in normal conditions, it runs correctly.
We have detected another strange thing.
When i use the following debug command 'debug vpdn l2x-packets', the sessions are unblocked and the last routers establish quickly their l2tp sessions.
And the LNS router stay stable.
This issue occurs at each time in case of incident and the delay of service restoration is more long.
The used lns router is a Cisco 7301 and this problem occurs with the version 12.4 (12c) and 12.4(25c) of the IOS.
Someone has already met this kind of issue ?
Have you any idea or solution to solve this issue (Configuration parameters, other, ...) ?
Do you think that it is an issue of the IOS ?
Thanks for your help.
Regards,
Jérôme
05-08-2010 01:10 AM
Hello Jerome,
>>
When i use the following debug command 'debug vpdn l2x-packets', the sessions are unblocked and the last routers establish quickly their l2tp sessions.
And the LNS router stay stable.
so when the debug is activated the router behaves correctly because the L2TP packets are process switched.
I suspect a software bug that causes L2TP packets to be not passed to the correct processes causing sessions to stay blocked.
I would try to use a different IOS image.
You may want to open a service request with TAC
Edit:
changing IOS I mean moving to 12.4T like
c7301-adventerprisek9-mz.124-22.T3.bin
or 12.2(33)SRE train
c7301-adventerprisek9-mz.122-33.SRE1.bin |
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide