ASR9000/XR: BNG and Dual-stack ipv4 and ipv6 sessions - Page 5

xthuijs · ‎01-14-2014

Introduction
- Dual Stack
  - Deployment models and general concept
  - Address Assignment
IPv6 Addressing
Operation and Call Flow
- Call Flows
Sample Scenario
- Configuration
- Verification example
Related Information

Introduction

This document provides an overview for dual stack sessions for ASR9000 BNG, running ipv4 and ipv6 address stacks next to each other for subscriber sessions.

Dual Stack

Dual stack refers to the concept of running a subsciber session with an IPv4 address as well as an IPv6 address.

Deployment models and general concept

Address Assignment

To unravle the complex terminology associated with address assignment in particular to IPv6 this picture below shows the various address assignment options available.

You can also use the framed-ipv6-address radius attribute to provide an address to the subscriber from radius which then will be advertised

via SLAAC (NA/ND) for both PPPoE and IPoE sessions.

The additional attribute ipv6:ipv6-default-gateway VSA can be used to provide the default router in case no dhcpv6 is used for IPoE sessions.

IPv6 Addressing

When it comes to "prefix delegation" that is having a large IPv6 like subnet that is shared between subscribers who get a subnet from that subnet sort of speak the following addressing example hopefully visualizes how it all ties together

Addressing mapping

Configuration CPE

The following 2 secions provide the configuration for the client side and the WAN side of the CPE

PC client side of the CPE

interface GigabitEthernet0/2

description to switch fa0/15

ip address 192.168.1.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex full

speed 100

media-type rj45

negotiation auto

ipv6 address prefix-from-provider ::1:0:0:0:1/64

ipv6 enable

WAN side of the CPE

interface FastEthernet2/0.50

encapsulation dot1Q 50

ipv6 address autoconfig default

ipv6 enable

ipv6 dhcp client pd prefix-from-provider

In these examples we are expanding the delegated prefix with a :1/64 and we perceive ourselves to be the ".1" and default gateway.

Configuration DHCPv6 Server

ipv6 unicast-routing

ipv6 dhcp pool dhcpv6

prefix-delegation pool dhcpv6-pool1 lifetime 6000 2000

ipv6 route 2001:60:45:28::/64 2005::1

ipv6 route 2001:DB8:1200::/40 2005::1

ipv6 route 200B::/64 2005::1

ipv6 route 2600:80A::9/128 4000::1

ipv6 local pool dhcpv6-pool1 2001:DB8:1200::/40 48

More info on IOS dhcpv6 server:

http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b8a116.shtml

Operation and Call Flow

Because ASR9000 treats the 2 stacks as a single subscriber, and hence ONE access request and a SINGLE accounting record are generated for both stacks, differences of desired operation exist when it comes to when for isntance to generate an accounting request.

There are 2 key things to consider and of importance:

When the first AF comes up, an access-request is generated, the access-accept should contain BOTH ipv4 and ipv6 information for the session although there is no second request for the other AF maybe yet
An accounting-start can be generated as soon as the first AF comes up, we can wait for a determined period of time and generate a single accounting start record for BOTH AF's, or we can do a triggered interim accounting record when the second AF comes up.

Call Flows

Dual stack generic call flow

PPPoE DS detailed call flow SLAAC based address assignment

PPPoE DS detailed call flow DHCPv6 based address assignment

IPoE DS detailed callflow IPv4 AF starts first

IPoE DS detailed callflow IPv6 AF starts first

Sample Scenario

Sample Topology for the configuration example

Configuration

hostname bng

logging console debugging

Radius server configuration.

Radius server is listening on 5.5.5.2 with auth-port on 1645 and accounting-port on 1646

radius-server host 5.5.5.2 auth-port 1645 acct-port 1646

key 7 010107000A5955

!

COA server or policy-server with ip-address 5.5.5.2 is running

aaa server radius dynamic-author

client 5.5.5.2 vrf default server-key 7 03165A0F575D72

!

aaa group server radius RADIUS

server 5.5.5.2 auth-port 1645 acct-port 1646

!

aaa accounting service default group radius

aaa accounting subscriber default group radius

aaa authorization subscriber default group radius

aaa authentication subscriber default group radius

line console

stopbits 1

!

DHCPv6 address pool is defined locally within BNG box and local pool is used for ipv6 address assignment to IPv6 BNG clients

pool vrf default ipv6 ipv6_address_pool

address-range 2001::2 2001::7dff

!

DHCPv4 server with ip address 20.20.20.2 is deployed externally and this ipv4 address should be reachable from BNG device. Routing protocols should take care of reachability of 20.20.20.2 from BNG device. DHCPv4 proxy is configured as follows.

dhcp ipv4

profile IPoEv4 proxy

helper-address vrf default 20.20.20.2 giaddr 10.10.10.1

!

DHCPv4 proxy is enabled on bundle sub-interface

interface Bundle-Ether1.10 proxy profile IPoEv4

!

DHCPv6 server is configured and already configured DHCPv6 address pool is referred within DHCPv6 server configuration. DHCPv6 profile is configured as follows with address pool.

dhcp ipv6

profile IPoEv6 server

address-pool ipv6_address_pool

!

DHCPv6 address pool is referred on bundle sub-interface.

interface Bundle-Ether1.10 server profile IPoEv6

!

interface Bundle-Ether1

bundle maximum-active links 1

!

Bundle sub-interface with dot1q encapsulation configured with single tag. Subscriber traffic from

CPE should come with single dot1q tag and this vlan tag should match with vlan id 10 configured under bundle sub-interface. In dual-stack IPoE configuration, “initiator dhcp” is configured ipv4/ipv6 l2 connect mode.

Policy-map type control’s name is referred with service-policy

interface Bundle-Ether1.10

ipv4 point-to-point

ipv4 unnumbered Loopback1

ipv6 enable

service-policy type control subscriber pm-src-mac

encapsulation dot1q 10

ipsubscriber ipv4 l2-connected

initiator dhcp

!

ipsubscriber ipv6 l2-connected

initiator dhcp

!

Ipv4 address 10.10.10.1 is default-gateway ip address for pool of ipv4 address allocated to dual-stack BNG clients

interface Loopback1

ipv4 address 10.10.10.1 255.255.255.0

ipv6 enable

!

interface MgmtEth0/RSP0/CPU0/0

ipv4 address 9.22.11.3 255.255.0.0

!

interface MgmtEth0/RSP0/CPU0/1

shutdown

!

Physical interface gigabit0/0/0/0 is configured as bundle interface.

interface GigabitEthernet0/0/0/0

bundle id 1 mode on

negotiation auto

transceiver permit pid all

!

interface GigabitEthernet0/0/0/1

ipv4 address 20.20.20.1 255.255.255.0

transceiver permit pid all

!

interface GigabitEthernet0/0/0/5

ipv4 address 5.5.5.1 255.255.255.0

!

Dual-stack dynamic-template is configured for dual-stack initiation. “ipv6 enabled” under dual-stack template and ipv4 unnumbered

address, ipv4 urpf configured.

dynamic-template

type ipsubscriber Dual_stack_IPoE

accounting aaa list default type session periodic-interval 5

ipv4 verify unicast source reachable-via rx

ipv4 unnumbered Loopback1

ipv6 enable

!

Class-map configured for dual-stack scenario to match DHCPv6 – SOLICIT and DHCPv4 DISCOVER as sign of life packet

class-map type control subscriber match-any dual_stack_class_map

match protocol dhcpv4 dhcpv6

end-class-map
!

Class-map “Dual_stack_class_map “ is referred within policy-map. Even session-start is hit based on DHCPv4/DHCPv6 FSOL, template “Dual_stack_IPoE” is activated. Subscriber mac-address is used as subscriber identification and it is authorized with AAA server

policy-map type control subscriber pm-src-mac

event session-start match-all

class type control subscriber dual_stack_class_map do-all

1 activate dynamic-template Dual_stack_IPoE

2 authorize aaa list default identifier source-address-mac password cisco

!

end-policy-map

!

end

Verification example

”show subscriber session all” command shows ipv4/ipv6 clients session active

RP/0/RSP0/CPU0:bng#show subscriber session all

Tue Jan 29 12:49:25.237 UTC

Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,

ID - Idle, DN - Disconnecting, ED - End

Type Interface State Subscriber IP Addr / Prefix

LNS Address (Vrf)

--------------------------------------------------------------------------------

IP:DHCP BE1.10.ip22 AC 10.10.10.10 (default)

2001::2 (default)

Command “show subscriber session all detail” should show ipv4/ipv6 clients details detailly.

RP/0/RSP0/CPU0:bng#show subscriber session all deta

Tue Jan 29 12:49:27.752 UTC

Interface: Bundle-Ether1.10.ip22

Circuit ID: Unknown

Remote ID: Unknown

Type: IP: DHCP-trigger

IPv4 State: Up, Tue Jan 29 12:46:32 2013

IPv4 Address: 10.10.10.10, VRF: default

IPv6 State: Up, Tue Jan 29 12:46:42 2013

IPv6 Address: 2001::2, VRF: default

IPv6 Interface ID: ..d..... (02 00 64 ff fe 01 01 02)

Mac Address: 0000.6401.0102

Account-Session Id: 0000001c

Nas-Port: Unknown

User name: 0000.6401.0102

Outer VLAN ID: 10

Subscriber Label: 0x00000055

Created: Tue Jan 29 12:46:32 2013

State: Activated

Authentication: unauthenticated

Access-interface: Bundle-Ether1.10

Policy Executed:

policy-map type control subscriber pm-src-mac

event Session-Start match-all [at Tue Jan 29 12:46:32 2013]

class type control subscriber dual_stack_class_map do-all [Succeeded]

1 activate dynamic-template Dual_stack_IPoE [Succeeded]

2 authorize aaa list default [Succeeded]

Session Accounting:

Acct-Session-Id: 0000001c

Method-list: default

Accounting started: Tue Jan 29 12:46:32 2013

Interim accounting: On, interval 1 mins

Last successful update: Tue Jan 29 12:48:34 2013

Next update in: 00:00:06 (dhms)

Last COA request received: unavailable

”show dhcp ipv4 proxy binding” command is going to show ipoev4 clients created with ip-address and mac-address, interface on which it is created, vrf-name etc

RP/0/RSP0/CPU0:bng#show dhcp ipv4 proxy binding

Tue Jan 29 12:49:42.955 UTC

Lease

MAC Address IP Address State Remaining Interface VRF Sublabel

-------------- -------------- --------- --------- ------------------- --------- ----------

0000.6401.0102 10.10.10.10 BOUND 3409 BE1.10 default 0x55

RP/0/RSP0/CPU0:bng#show dhcp ipv4 proxy binding de

Tue Jan 29 12:49:49.498 UTC

MAC Address: 0000.6401.0102

VRF: default

Server VRF: default

IP Address: 10.10.10.10

Giaddr from client: 0.0.0.0

Giaddr to server: 10.10.10.1

Server IP Address: 20.20.20.2

Server IP Address to client: 10.10.10.1

ReceivedCircuit ID: -

InsertedCircuit ID: -

ReceivedRemote ID: -

InsertedRemote ID: -

ReceivedVSISO: -

InsertedVSISO: -

Auth. on received relay info:FALSE

Profile: IPoEv4

State: BOUND

Proxy lease: 3600 secs (01:00:00)

Proxy lease remaining: 3403 secs (00:56:43)

Client ID: 0x00-0x00-0x64-0x01-0x01-0x02

Access Interface: Bundle-Ether1.10

Access VRF: default

VLAN Id: 10

Subscriber Label: 0x55

Subscriber Interface: Bundle-Ether1.10.ip22

“show dhcp ipv6 server binding” is going to show ipv6 address allocated from DHCPv6 local pool

RP/0/RSP0/CPU0:bng#show dhcp ipv6 server binding

Tue Jan 29 12:50:04.560 UTC

Summary:

Total number of clients: 1

DUID : 00030001000064010102

MAC Address: 0000.6401.0102

Client Link Local: fe80::200:64ff:fe01:102

Sublabel: 0x55

IA ID: 0x0

STATE: BOUND

IPv6 Address: 2001::2 (Bundle-Ether1.10)

lifetime : 600 secs (00:10:00)

expiration: 399 secs (00:06:39)

RP/0/RSP0/CPU0:bng#

Related Information

Configuration example and verification provided by Narendiran Rajaram

Xander Thuijs CCIE #6775

Principal Engineer ASR9000, IOS-XR and NCS6000

xthuijs · ‎05-13-2014

Hi Dimitris,

I have been involved in this investigation and been tracking this closely since we spoke about this. First of all the discussion whether something is a bug or enhancement and what severity it has is moot to me when it comes to your operational ability for the ddts.

It is fact that a bug exists for this functionality in XR434. However we found that the deficiencies with ipv6 ND that were there in XR434 are fixed by this "enhancement" ddts CSCuc85085.

Technically this can be backported or smu'd, however there are many lines of codes and dependencies on other changes in XR51 that makes the "cherry picking" of the functionality that would resolve our ddts CSCun42256 very hard.

The choice would have been to try and pick those lines that fixes it, or port the whole thing over (if at all possible due to these changes and dependencies) and potentially affect the stability of XR434 which is rather strong to date.

Considering the fact that XR512 is out now and 513 on schedule for August (extended maintenance release), we thought it would be better to advise you to go down that path then the struggle of trying to make this work in 434.

That is how it should have been communicated to you. Do you agree with that approach?

So agree with you it is a bug in 434. But best play would be to consider 512/513 to leverage this functionality for reasons mentioned.

Hopefully this is an acceptable explanation for you.

xander

Dimitris Kotsilis · ‎05-14-2014

Hi Xander,

Thanks for the prompt reply.

Until now 4.3.4 was the recommended version for BNG in ASR9K and both you and our AS engineers suggest we use 4.3.4 instead of 5.1.x.

If this has been changed, we don't have any problem in switching to the recommended 5.1.x version.

Do you suggest we upgrade to 5.1.2 and continue the evaluation in that version?

Regards,

Dimitris

~~~~~~~

hey dimitris, somehow the reply button doesnt work to reply to this message but I can edit it... (maybe best to move new discussions under the main umbrella instead of under the doc...

Any case, to answer this one. 4.3.4 is definitely our flag ship release to date. The next EMR will be XR 5.1.3 coming out in august.

depending on your deployment schedule and the necessity of the functionality of the v6 mtu under discussion, you could start with 512 eval and potentially go with 513. Issues you find in 513 could be integrated in 513 (if they classify as bug, since the EMR/513 will not absorb new functionality, bug fix only).

So the criteria for decision is here: importance of v6 mtu on template and timeline for deployment whether august 513 is a good one to pick.

regards

xander

Dimitris Kotsilis · ‎05-19-2014

Hi Xander,

In ASR1K we had an issue with the lack of the delegated-ipv6-prefix attribute in the AAA start acct record, when the delegation was made from a local DHCPv6 server (CSCub63085). We have proposed the addition of a new functionality in order to solve this issue and the BU is going to implement it (CSCuo33886).

I noticed that the same issue is seen in ASR9K 4.3.4 and while searching, I have found CSCui42709. In the DDTS I can see that the issue is solved in some 5.1.x and 5.2.x versions. Could you please inform us what kind of solution will be provided regarding this issue in IOS-XR?

Regards,

Dimitris

smailmilak · ‎05-19-2014

Hi,

sorry for jumping in. We have the exact problem. Solution on 5.1.x is an interim update when CPE gets DP from DHCPv6 server. This happens 1-2 second after session is established and that is why the DP is not seen in the start record.

Our customers backend system does not support interim updates and thus Cisco is making a SMU where we hoppefully will solve this issue for good.

Xander is involved in this and he has some more info.

xthuijs · ‎05-19-2014

Hi Dimitris, that ddts is integrated in XR 5.1.1 and 5.1.2, hence will be in XR 5.1.3 also.

regards

xander

xthuijs · ‎05-19-2014

Correct, if you need the info in the start record we need to delay the start rec generation, for which a new CLI is going to be integrated. The ddts for that to track is CSCuo70731.

Targeted for 513.

If you are fine with the interim records it being present in, there is no issue.

regards

xander

Dimitris Kotsilis · ‎05-19-2014

Hi Smail,

The time the PD is being done is unfortunately based on the CPE and when it will decide to ask for a LAN prefix, so we cannot say that it will always be 1-2 seconds after IPV6CP.

In IOS-XE there is a workaround, by configuring "aaa accounting update newinfo". This command sends the acct start immediately and an acct update every time a new "significant" attribute is produced, so it will send an update when delegated-ipv6-prefix is available. On the other hand, this unfortunately causes many update packets for each dual stack PPP sessions (3 acct updates average) which consumes resources and makes it more difficult to process, so we have proposed to the ASR1K BU to introduce a new command that will give us the capability to configure an interim for an initial acct update (lets say 120 sec after the acct start) and then a different interim for the next acct updates (lets say 24 hours). The BU has accepted it and the will introduce it in one of the next IOS-XE versions.

The reason I am asking what solution will be given in IOS-XR is to see if we are covered or if we need to discuss about a similar implementation in IOS-XR.

Dimitris Kotsilis · ‎05-19-2014

Hi Xander,

Which ddts is integrated in 5.1.x? CSCuo33886?

smailmilak · ‎05-19-2014

Hi,

you are right. In our case it's 1-2 second. Problem is also that with dualstack sessions out of 6000 we have 200 session with invalid Framed IPv4 address in the start record.

Really weird behaviour. I hope that the fix (CSCuo70731) will solve this, too.

xthuijs · ‎05-19-2014

CSCui42709 is in 511 and 512 already adn will be in 513 therefore too.

CSCuo33886 is an IOS ddts for delaying interim, and XR has that functionality already to determine how interim records are sent on dual stack

CSCub63085 is an IOS ddts not applicable to XR

CSCuo70731 is to get the PD into acc start with a special delay knob (somewhat similar to the preceeding IOS one) and is *targeted* for XT 513.

Dimitris Kotsilis · ‎05-19-2014

Sorry for insisting, but I am not sure I fully understood:

CSCui42709 is in 511 and 512 already and will be in 513 therefore too.

TR-187 R-67 is talking about a delayed acct-start. Isn't this covered by "accounting aaa list AAA-LIST type session periodic-interval 10 dual-stack-delay 2"?

---

CSCuo33886 is an IOS ddts for delaying interim, and XR has that functionality already to determine how interim records are sent on dual stack

Could you please define which functionality allows us to achieve the following in an ASR9K:

Acct-Start packet sent as soon as a dual-stack PPP session is establish (probably right after IPCP)
One Acct-Update packet sent after getting all significant IPvX-related attributes (or some seconds after the Acct-Start
Acct-Update packets in a configured frequency (e.g. once a day).

This is more or less what the ASR1K BU is going to implement in IOS-XE.

---

CSCuo70731 is to get the PD into acc start with a special delay knob (somewhat similar to the preceeding IOS one) and is *targeted* for XT 513.

CSCuo70731 is not visible to me, so I am not able to see any details. Are you talking about a delayed acct-start or an extra acct-update?

Dimitris Kotsilis · ‎05-19-2014

Invalid or missing?

smailmilak · ‎05-19-2014

We get 255.255.255.254

Invalid for me.

Dimitris Kotsilis · ‎06-02-2014

Hi Xander,

Considering the fact that XR512 is out now and 513 on schedule for August (extended maintenance release), we thought it would be better to advise you to go down that path then the struggle of trying to make this work in 434.

So agree with you it is a bug in 434. But best play would be to consider 512/513 to leverage this functionality for reasons mentioned.

I have upgraded to 5.1.2 and IPv6 for PPP sessions doesn't work (exactly the same config works in 4.3.4)!

Long story short, although IPv6 is enabled in the dynamic template, IPV6VP is opened and the communication between the link-local addresses of the BRAS and the CPE is up, the BRAS doesn't answer to the RA solicit messages from the CPE so it doesn't provide any framed IPv6 prefix.

Below you can see the output showing that normally the RA would be sent every 160 to 240 seconds and a part of the debug outputs showing the unanswered RA solicit messages from the CPE

16:29:48 ---- RP/0/RSP0/CPU0:bbras-llu-kln-31#sh ipv6 interface Bundle-Ether1.33211199.pppoe4
16:29:52 ---- Bundle-Ether1.33211199.pppoe4 is Up, ipv6 protocol is Up, Vrfid is default (0x60000000)
16:29:53 ----   IPv6 is enabled, link-local address is fe80::aa0c:dff:fe16:7abb
16:29:53 ----   No global unicast address is configured
16:29:53 ----   Joined group address(es): ff02::1:ff16:7abb ff02::2 ff02::1
16:29:53 ----   MTU is 1500 (1492 is available to IPv6)
16:29:53 ----   ICMP redirects are disabled
16:29:53 ----   ICMP unreachables are enabled
16:29:53 ----   ND DAD is disabled, number of DAD attempts 0
16:29:53 ----   ND reachable time is 0 milliseconds
16:29:53 ----   ND cache entry limit is 1000000000
16:29:53 ----   ND advertised retransmit interval is 0 milliseconds
16:29:53 ----   ND router advertisements are sent every 160 to 240 seconds
16:29:53 ----   ND router advertisements live for 1800 seconds
16:29:53 ----   Hosts use DHCP to obtain other configuration.
16:29:53 ----   Outgoing access list is not set
16:29:53 ----   Inbound access list is not set
16:29:53 ----   Table Id is 0xe0800000
16:29:53 ---- IP unicast RPF check is enabled
16:29:53 ---- RPF mode strict
16:29:53 ----   Complete protocol adjacency: 0
16:29:53 ----   Complete glean adjacency: 0
16:29:53 ----   Incomplete protocol adjacency: 0
16:29:53 ----   Incomplete glean adjacency: 0
16:29:53 ----   Dropped protocol request: 0
16:29:53 ----   Dropped glean request: 0

16:30:01 ---- LC/0/1/CPU0:May 30 16:30:01.066 : ipv6_nd[256]: IPV6: source fe80::2dee:feab:39e4:ddab (Bundle-Ether1.33211199.pppoe4)
16:30:01 ---- LC/0/1/CPU0:May 30 16:30:01.066 : ipv6_nd[256]:        dest ff02::2 (FINT0_1_CPU0)
16:30:01 ---- LC/0/1/CPU0:May 30 16:30:01.066 : ipv6_nd[256]:        traffic class 0, flow 0x0, len 48+30, prot 58, hops 255, ipv6_nd_receive
16:30:01 ---- LC/0/1/CPU0:May 30 16:30:01.066 : ipv6_nd[256]:        ICMP type: Router Solicit (133)
16:30:05 ---- LC/0/1/CPU0:May 30 16:30:05.068 : ipv6_nd[256]: IPV6: source fe80::2dee:feab:39e4:ddab (Bundle-Ether1.33211199.pppoe4)
16:30:05 ---- LC/0/1/CPU0:May 30 16:30:05.068 : ipv6_nd[256]:        dest ff02::2 (FINT0_1_CPU0)
16:30:05 ---- LC/0/1/CPU0:May 30 16:30:05.068 : ipv6_nd[256]:        traffic class 0, flow 0x0, len 48+30, prot 58, hops 255, ipv6_nd_receive
16:30:05 ---- LC/0/1/CPU0:May 30 16:30:05.068 : ipv6_nd[256]:        ICMP type: Router Solicit (133)
16:30:13 ---- LC/0/1/CPU0:May 30 16:30:13.068 : ipv6_nd[256]: IPV6: source fe80::2dee:feab:39e4:ddab (Bundle-Ether1.33211199.pppoe4)
16:30:13 ---- LC/0/1/CPU0:May 30 16:30:13.068 : ipv6_nd[256]:        dest ff02::2 (FINT0_1_CPU0)
16:30:13 ---- LC/0/1/CPU0:May 30 16:30:13.068 : ipv6_nd[256]:        traffic class 0, flow 0x0, len 48+30, prot 58, hops 255, ipv6_nd_receive
16:30:13 ---- LC/0/1/CPU0:May 30 16:30:13.068 : ipv6_nd[256]:        ICMP type: Router Solicit (133)

I am planning to downgrade on Monday, unless you have something to propose until then.

EDIT: I have downgraded to 4.3.4 and dual stack works fine without any configuration changes. It seems that something is going wrong in 5.1.2.

Regards,

Dimitris

joerg.micheel · ‎06-13-2014

Hi Xander,

how can i configure a fixed IPv6 Address on the LNS for the Virtual- Access Interface ?

Ihave configured the RADIUS wit the AV Pair Framed-Interface-Id and Framed-IPv6-Prefix and the WAN Interface from the CPE get´s this Prefix and also the Interface ID, but i don´t find a solution to configure a fixed IPv6 Address on the LNS WAN Interface via RADIUS . To you have a hint for me ß

Cheers joerg