cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1218
Views
0
Helpful
1
Replies

Routeur Cisco c7301 - LNS - Vpdn l2tp sessions blocked in wait-connected status (wt-con)

atosorigin
Level 1
Level 1

Hi,

I'll try to explain my problem. Sorry for my level in english.

We've got a LNS router (cisco c7301) which is responsible for the interconnection of 2.400 routers DSL (1.800 adsl routers + 480 sdsl routers).

This LNS router is called by several LAC equipments.

The LNS router call 2 radius services to authenticate the l2tp sessions.

When i realize a clear of the l2tp sessions on the equipment, several hundred of l2tp sessions can't established and remain blocked in a wait-connected status (wt-con status).

We have activated the debug mode on a LAC Router and the LNS Router and we observed that the LNS router not really sent the ICRP response to the ICRQ request send by the LAC router.

The LNS router try to resend the ICRP packet but without success
Mar  8 18:19:47:  Tnl 41875 L2TP: O Resend ICRP, flg TLS, ver 2, len 28, tnl 4489, ns 28517, nr 58314

The LAC Server doesn't receive the ICRP packet and send a deconnection request (CDN) to the LNS router after a wait of 40 seconds

Regularly, the blocked DSL routers initialize some new attempts of l2tp connexion but this phenomenon persists and is happen again at each time.


So the last l2tp sessions can't established while several hours.

During the detection of the issue, the LNS router were quiet (CPU usage: 10%  -  used RAM memory: 22%).
This kind of router will be able to establish more than 15.000 l2tp sessions and in normal conditions, it runs correctly.

We have detected another strange thing.

When i use the following debug command 'debug vpdn l2x-packets', the sessions are unblocked and the last routers establish quickly their l2tp sessions.

And the LNS router stay stable.

This issue occurs at each time in case of incident and the delay of service restoration is more long.

The used lns router is a Cisco 7301 and this problem occurs with the version 12.4 (12c) and 12.4(25c) of the IOS.

Someone has already met this kind of issue ?

Have you any idea or solution to solve this issue (Configuration parameters, other, ...) ?

Do you think that it is an issue of the IOS ?

Thanks for your help.

Regards,

Jérôme

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jerome,

>>

When i use the following debug command 'debug vpdn l2x-packets', the  sessions are unblocked and the last routers establish quickly their l2tp  sessions.

And the LNS router stay stable.

so when the debug is activated the router behaves correctly because the L2TP packets are process switched.

I suspect a software bug that causes L2TP packets to be not passed to the correct processes causing sessions to stay blocked.

I would try to use a different IOS image.

You may want to open a service request with TAC

Edit:

changing IOS I mean moving  to 12.4T like

c7301-adventerprisek9-mz.124-22.T3.bin

or 12.2(33)SRE train

c7301-adventerprisek9-mz.122-33.SRE1.bin

Hope to help

Giuseppe

Review Cisco Networking for a $25 gift card