Transparent DSL to Ethernet bridge using AAL5MUX
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2012 02:50 PM - edited 03-04-2019 05:25 PM
Hi,
I'm trying to build a project where I utilize a Cisco 877 as a dumb modem by briding the ATM interface together with an Ethernet interface (VLAN) in this case due L2 switchports.
The online documentation for RFC 2684 bridging states that I should be using AAL5SNAP as the encapsulation mechanism however, my ISP requires that I use the AAL5MUX encapsulation as part of the DSL settings.
My current config looks like so:
| Header 1 |
|---|
Building configuration... Current configuration : 1694 bytes ! ! Last configuration change at 22:46:28 BST Sun Aug 19 2012 by admin ! NVRAM config last updated at 22:47:41 BST Sun Aug 19 2012 by admin ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco877W ! boot-start-marker boot-end-marker ! ! no aaa new-model clock summer-time BST recurring no ip routing no ip cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! username <omitted> ! ! ! ! ! ! interface ATM0 no ip address no ip route-cache no atm ilmi-keepalive pvc 0/38 encapsulation aal5snap ! dsl operating-mode auto bridge-group 1 ! interface FastEthernet0 switchport access vlan 2 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 switchport access vlan 3 ! interface Dot11Radio0 no ip address no ip route-cache shutdown speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Vlan1 no ip address no ip route-cache ! interface Vlan2 no ip address no ip route-cache bridge-group 1 ! interface Vlan3 ip address 192.168.1.254 255.255.255.0 ! ! ! no ip http server no ip http secure-server ! access-list 100 permit tcp 192.168.0.0 0.0.1.255 any eq telnet access-list 100 deny tcp any any eq telnet access-list 100 remark Only allow local subnets telnet acces ! ! ! ! control-plane ! bridge 1 protocol ieee ! line con 0 logging synchronous no modem enable line aux 0 line vty 0 4 access-class 100 in logging synchronous login local transport input all ! scheduler max-task-time 5000 ntp server 192.168.1.120 end |
Currently the internet/WAN connectivity is really poor as the system either doesn't connect or connects really slowly and quieries don't get through, pages don't resolve etc...
Prior to this when I was using the 877 in full routing mode with the Dialer sub interface providing the PPPoA connection to my ISP the internet speed was fine unless the line got conjested.
The previous config I was using is as follows:
| Header 1 |
|---|
interface ATM0 mtu 1500 no ip address no ip route-cache shutdown no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl lom 200 ! interface Dialer0 ip address negotiated ip nat outside no ip virtual-reassembly encapsulation ppp no ip route-cache shutdown dialer pool 1 no cdp enable ppp authentication chap callin ppp chap hostname <omitted> ppp chap password <omitted> |
At present I haved OpenBSD doing PPPoE with NAT/PAT/firewall/routing etc.... on a Sun Microsystems Netra T105 SPARC server. As stated this is a test project to compare speed and capability.
The CPU and memory of the server are not in use at all as there's plenty of juice left inside the system so no reason for routing packets to be bottlenecked by OpenBSD.
Could anyone help me get AAL5MUX working if it is at all possible as I'm positive that this will sort out my internet connectivity issues....??
If I run a quick 'show' from the ATM interface I get a bunch of options and I'm not sure which one I need or even if it is compatible for bridging:
| Header 1 |
|---|
(config-if-atm-vc)#encap aal5mux ? fr-atm-srv Frame Relay/ATM service interworking frame-relay Frame Relay/ATM network interworking ip IP ppp VC MUX PPP over AAL5 Encapsulation voice Voice over ATM (config-if-atm-vc)#encap aal5mux ppp ? Virtual-Template Virtual Template interface dialer pvc is part of dialer profile |
Perhaps would I need to create a virtual-template and bridge from there?
Thanks
- Labels:
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2012 03:09 PM
In fact with LOM enabled running sh dsl inter I get this:
| Header 1 |
|---|
#sh dsl inter ATM0 Alcatel 20190 chipset information ATU-R (DS) ATU-C (US) Modem Status: Showtime (DMTDSL_SHOWTIME) DSL Mode: ITU G.992.5 (ADSL2+) Annex A ITU STD NUM: 0x03 0x2 Chip Vendor ID: 'STMI' 'GSPN' Chip Vendor Specific: 0x0000 0x0010 Chip Vendor Country: 0x0F 0xFF Modem Vendor ID: 'CSCO' 'GSPN' Modem Vendor Specific: 0x0000 0x1000 Modem Vendor Country: 0xB5 0xFF Serial Number Near: FCZ112713XK Serial Number Far: Modem VersChip ID: C196 (0) DFE BOM: DFE3.0 Annex A (1) Chip ID: C196 (0) DFE BOM: DFE3.0 Annex A (1) Capacity Used: 48% 100% Noise Margin: 16.5 dB 7.0 dB Output Power: 20.0 dBm 10.0 dBm Attenuation: 19.0 dB 7.0 dB Defect Status: None None Last Fail Code: None Watchdog Counter: 0xDC Watchdog Resets: 0 Selftest Result: 0x00 Subfunction: 0x00 Interrupts: 12431 (0 spurious) PHY Access Err: 0 Activations: 3 LED Status: ON LED On Time: 100 LED Off Time: 100 Init FW: init_3.0.010_nobist.bin Operation FW: AMR-3.0.010.bin FW Source: external FW Version: 3.0.10 DS Channel1 DS Channel0 US Channel1 US Channel0 Speed (kbps): 0 8192 0 907 Cells: 0 1834382523 0 1723611539 Reed-Solomon EC: 0 0 0 0 CRC Errors: 0 597 0 0 Header Errors: 0 439 0 0 Total BER: 0E-0 2354E-10 Leakage Average BER: 0E-0 8322E-12 Interleave Delay: 0 4 0 58 ATU-R (DS) ATU-C (US) Bitswap: enabled enabled Bitswap success: 0 0 Bitswap failure: 0 0 LOM Monitoring : Enabled LOM watch configured for 200 times LOM appeared continuously for 0 times DMT Bits Per Bin 000: 0 0 0 0 0 0 0 0 3 5 7 8 9 A A B 010: C C C C C C C D C C C C B B B A 020: 0 0 0 0 2 2 4 4 4 4 5 6 6 6 6 7 030: 7 7 7 7 7 8 8 8 8 8 8 8 8 8 8 8 040: 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 050: 8 8 8 8 8 8 8 8 8 8 8 8 7 7 8 7 060: 7 7 7 7 7 7 7 7 7 7 7 2 7 8 8 8 070: 7 7 7 7 7 7 7 8 7 7 7 7 7 7 7 8 080: 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 090: 7 7 7 7 7 7 7 6 7 7 6 6 6 6 6 7 0A0: 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 0B0: 6 6 6 6 6 6 6 6 6 7 7 7 7 7 7 7 0C0: 7 7 6 7 6 6 6 6 6 6 6 6 6 6 6 6 0D0: 6 6 5 2 2 6 6 6 6 6 6 6 6 6 6 6 0E0: 6 5 6 6 6 6 6 6 6 6 5 5 5 5 6 5 0F0: 5 6 6 7 6 6 6 5 6 6 6 6 5 5 6 6 100: 6 6 6 6 6 6 6 6 6 6 6 4 6 6 6 6 110: 6 6 6 6 6 6 5 6 5 5 4 6 5 6 5 5 120: 5 5 6 6 5 5 5 5 5 5 5 5 5 5 5 5 130: 5 5 5 5 5 5 4 4 4 5 4 4 4 4 4 4 140: 4 4 4 4 4 4 4 4 4 4 5 5 4 5 5 5 150: 5 5 2 4 5 4 5 4 4 5 5 5 5 5 5 4 160: 4 4 4 4 4 4 4 0 4 4 4 4 4 4 4 4 170: 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 180: 4 0 4 4 4 4 4 4 4 4 4 4 4 4 4 4 190: 0 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 1A0: 4 0 4 4 4 4 4 4 3 3 3 0 0 0 2 0 1B0: 0 0 2 2 2 2 2 2 0 2 2 2 2 2 2 2 1C0: 0 2 2 2 0 2 2 2 0 0 2 0 2 2 2 2 1D0: 0 0 2 2 2 2 2 2 2 2 0 2 2 2 2 2 1E0: 2 2 2 1 1 0 0 0 0 0 0 0 0 0 0 0 1F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2012 08:07 AM
Trying to bridge will only produce trouble and poor performances.
Use routing, and everything will work fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2012 08:46 AM
Hello Kayasaman,
AAL5SNAP encapsulation includes a SNAP header that allows to identify the payload as bridged ethernet frames, AAL5MUX does not provide this capability.
As a result of this your attempt to bridge over AAL5MUX has very poor performance.
As already suggested by Paolo move back to a routed solution.
Hope to help
Giuseppe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2012 09:50 AM
Giuseppe Larosa wrote:
Hello Kayasaman,
AAL5SNAP encapsulation includes a SNAP header that allows to identify the payload as bridged ethernet frames, AAL5MUX does not provide this capability.
As a result of this your attempt to bridge over AAL5MUX has very poor performance.
As already suggested by Paolo move back to a routed solution.
Yes, altough in theory, both bridged frame over aal5mux, or bridged frame over ppp over aal5mux should work.
But as they say, in theory, theory and practice are the same thing, but in practice, they are not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2012 01:45 PM
Hi,
so sorry for the late response.
I totally lost track of this posting as things got out of control busy :-(
Thanks for the reponses in the meantime!
Hmm.... so any type of ATM to Ethernet bridging will result in poor performance.
Currently having a working system in place with this config:
| Header 1 |
|---|
interface ATM0 mtu 1454 no ip address no ip route-cache no atm ilmi-keepalive pvc 0/38 encapsulation aal5snap ! dsl operating-mode auto dsl lom 200 bridge-group 1 ! interface FastEthernet0 switchport access vlan 2 ! interface Vlan2 no ip address ip mtu 1454 no ip route-cache bridge-group 1 ! bridge 1 protocol ieee |
Confirming I get:
Bridge Group 1:
Address Action Interface Age RX count TX count
0030.881e.efee forward ATM0 0 361151454 220767492
000f.e213.eec0 forward ATM0 0 863456 0
0800.20f9.c324 forward Vlan2 0 262447407 425575101
Though too many bit errors:
| Header 1 |
|---|
ATM0 Alcatel 20190 chipset information ATU-R (DS) ATU-C (US) Modem Status: Showtime (DMTDSL_SHOWTIME) DSL Mode: ITU G.992.5 (ADSL2+) Annex A ITU STD NUM: 0x03 0x2 Chip Vendor ID: 'STMI' 'GSPN' Chip Vendor Specific: 0x0000 0x0010 Chip Vendor Country: 0x0F 0xFF Modem Vendor ID: 'CSCO' 'GSPN' Modem Vendor Specific: 0x0000 0x1000 Modem Vendor Country: 0xB5 0xFF Serial Number Near: FCZ112713XK Serial Number Far: Modem VersChip ID: C196 (0) DFE BOM: DFE3.0 Annex A (1) Chip ID: C196 (0) DFE BOM: DFE3.0 Annex A (1) Capacity Used: 47% 100% Noise Margin: 21.5 dB 7.5 dB Output Power: 20.0 dBm 10.0 dBm Attenuation: 19.0 dB 7.0 dB Defect Status: None None Last Fail Code: None Watchdog Counter: 0x57 Watchdog Resets: 0 Selftest Result: 0x00 Subfunction: 0x00 Interrupts: 12536 (0 spurious) PHY Access Err: 0 Activations: 2 LED Status: ON LED On Time: 100 LED Off Time: 100 Init FW: init_3.0.010_nobist.bin Operation FW: AMR-3.0.010.bin FW Source: external FW Version: 3.0.10 DS Channel1 DS Channel0 US Channel1 US Channel0 Speed (kbps): 0 8192 0 903 Cells: 0 1118853068 0 2910286709 Reed-Solomon EC: 0 0 0 0 CRC Errors: 0 782 0 0 Header Errors: 0 334 0 0 Total BER: 0E-0 2329E-11 Leakage Average BER: 0E-0 4018E-12 Interleave Delay: 0 4 0 58 ATU-R (DS) ATU-C (US) Bitswap: enabled enabled Bitswap success: 0 0 Bitswap failure: 0 0 LOM Monitoring : Enabled LOM watch configured for 200 times LOM appeared continuously for 0 times |
With all other PPP config, NAT/PAT, Firewall, static/dynamic routing functions handled by the OpenBSD server.
A few things I've noticed/observed. I do manage to get full ADSL 2+ Annex A performance; between 600 - 700 kbps max downstream bandwidth.
For sure the OpenBSD box is only 400MHz SPARC and only 1 of them meaning that any additional processing would also be going through the single core/socket CPU. It's actually quite interesting to see how say remotely logging in via SSH affects the WAN performance.
Multi user access is also slow and difficult since the bandwidth rapidly drops when 2+ people browse HTTP at the same time, let alone backend services such as web/mail servers.
Also the VoIP system goes completely dead if say someone is loading a video file from eg. Youtube.
I think I'm going to fork out for a Cisco 887VA so that I can utilize the Annex M capability of my DSL line however, the Cisco NAT seems to take lots of memory in the routers.....
My 1801W which I used previously kept crashing once the number of connections went up. Doing a sh ip nat translations and piping the output into a file resulted in roughly 7000+ lines (translations) so no wonder the boxes crash on me all the time.
Luckily I don't have this problem with OpenBSD on the server/router test that I've devised. However, I think I really need a faster internet line/Metro Ethernet compatible router - budget doesn't allow so I guess I'm slightly stuck.
The good part is that I have learned a lot by connecting my various 8xx + 1800 routers to the OpenBSD box using GRE over IPSEC, OSPF, PPPoE etc... and have had the chance to check out SPI and other security features which slowdown/blowup my Cisco boxes.
