cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3529
Views
10
Helpful
10
Replies

ASR 9001 BNG multiple subnets on access-interface

Serg_tsk
Level 1
Level 1

Dear colleagues, i'm newbie with ASR9k1 and have a question.

 

Cisco IOS XR Software, Version 6.2.25[Default]

 

 

 We are migrating from C6506 to ASR9001 routers as a BNG with IPoE access technology. And the 1st trouble is usage of two subnets per vlan:

 

interface Vlan443
 ip address 10.114.114.254 255.255.255.0 secondary
 ip address 99.99.99.254 255.255.255.0

I don't understand how to do this in BNG configuration, because it using unnumbered ip addressing, and there is point to IP address of any working interface of this router or borrowing IP from any interface of router in dynamic-template. And i can't use double options to configure two or more IPs on access-interface and dyn-template. I tried to configure secondary IP on loopback interface, but it hasn't any positive effect. DHCP relay has assigned address from "secondary" subnet, but subscriber's interface was with "primary" IP and connectivity was fail.

 

 

dynamic-template
 type ipsubscriber DYNTPL_IP_SUB
  timeout idle 600 traffic inbound
  ipv4 unnumbered loopback 433
  ipv4 access-group ACL_DENY_IN ingress
  ipv4 access-group ACL_DENY_OUT egress
!
interface Loopback433
 ipv4 address 10.114.114.254 255.255.255.0 secondary
 ipv4 address 99.99.99.254 255.255.255.0 
!
interface TenGigE0/0/2/1.433
 ipv4 point-to-point
 ipv4 unnumbered Loopback433
 arp learning disable
 service-policy type control subscriber PM_IPoE
 encapsulation dot1q 433
 ipsubscriber ipv4 l2-connected
  initiator dhcp
  initiator unclassified-source
!
policy-map type control subscriber PM_IPoE
 event session-start match-first
  class type control subscriber class-default do-until-failure
   10 set-timer TIMER_UNAUTH 1
   20 activate dynamic-template DYNTPL_IP_SUB
   30 authorize aaa list default format VLAN_MAC password pass
........................................

But for "primary" subnet everything works well: subscribers get service and sessions are starting.

 

I've made 2nd sub-interface in that vlan with IP from secondary network and removed from loopback  as temporary issue, but it isn't beautiful:

 

interface TenGigE0/0/2/3.433
 ipv4 address 10.114.114.254 255.255.255.0
 encapsulation dot1q 433
 ipv4 access-group ACL_PERMIT_VOIP_IN ingress
 ipv4 access-group ACL_PERMIT_VOIP_OUT egress

  hosts may have not AAA and IPoE Session processing  in 10.114.114.0/24.

 

 

have you some ideas ? Thank you.

Sergey.

 

1 Accepted Solution

Accepted Solutions

Sergey,

 

The IP addresses on the Loopback interface should cover the whole range of addressed assigned by the DHCP server.

 

Can you capture this in a file and attach (it's difficult to read long inline session logs):

 

sh install active summary

sh subscriber session filter interface <subscriber-interface> detail

sh arp <subscriber-interface> 

sh im database interface <subscriber-interface> detail

 

/Aleksandar

View solution in original post

10 Replies 10

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

hi Sergey,

 

unnumbered is the right approach, with multiple secondary addresses on the Loopback interface. I didn't quite understand this sentence that you wrote:

 

...DHCP relay has assigned address from "secondary" subnet, but subscriber's interface was with "primary" IP...

 

Can you elaborate on that?

 

/Aleksandar

Aleksandar, thank you for your reply.

 

I'm uncorrectly wrote that ips were from different subnets. I shiffed that network, and got incomprehensible results:

Access-interface was upped:

08:45:37.552739 ARP, Reply 99.99.99.254 is-at 78:ba:f9:6e:30:71, length 46
08:45:37.552756 ARP, Reply 10.114.114.254 is-at 78:ba:f9:6e:30:71, length 46
08:45:37.552939 ARP, Reply 99.99.99.254 is-at 78:ba:f9:6e:30:71, length 46
08:45:37.552949 ARP, Reply 10.114.114.254 is-at 78:ba:f9:6e:30:71, length 46

OK, double ips were introduced.  Subscriber from 99.99.99.0/24 can get ip settings: IP 99.99.99.252/32, gw= 99.99.99.254 and it will works. Session will start without any problem.

08:55:22.145412 ARP, Request who-has 99.99.99.254 tell 99.99.99.252, length 28
08:55:22.145914 ARP, Reply 99.99.99.254 is-at 78:ba:f9:6e:30:71, length 46
08:55:22.145925 IP 99.99.99.252 > 99.99.99.254: ICMP echo request, id 16231, seq 1, length 64
08:55:22.146584 IP 99.99.99.254 > 99.99.99.252: ICMP echo reply, id 16231, seq 1, length 64
IP:PKT       Te0/0/2/1.433.ip37       AC        99.99.99.252 (default) 

Than device from 10.114.114.0/24 was attached. External DHCP-server gave settings through ASR DHCP-relay: IP 10.114.114.253/32, GW 10.114.114.254. OK. But connectivity was fail:

09:01:06.281567 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46
09:01:06.289967 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46
09:01:06.389387 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46
09:01:06.874611 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46
09:01:07.881091 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46
09:01:08.885379 ARP, Request who-has 10.114.114.254 tell 10.114.114.253, length 46

The configuration of access-interface and loopback:

interface TenGigE0/0/2/1.433
 ipv4 point-to-point
 ipv4 unnumbered Loopback433
 arp learning local   <-- I tried to disable arp learning. There was no effect
 service-policy type control subscriber PM_IPoE
 encapsulation dot1q 433
 ipsubscriber ipv4 l2-connected
  initiator dhcp
  initiator unclassified-source
!
interface Loopback433
 ipv4 address 99.99.99.254 255.255.255.255 <-- I tried /24 netmask. There was no effect
 ipv4 address 10.114.114.254 255.255.255.255 secondary

I can't understand why the ASR doesn't respond to ARP_requests in secondary network.

 

Sergey.

 

Sergey,

 

The IP addresses on the Loopback interface should cover the whole range of addressed assigned by the DHCP server.

 

Can you capture this in a file and attach (it's difficult to read long inline session logs):

 

sh install active summary

sh subscriber session filter interface <subscriber-interface> detail

sh arp <subscriber-interface> 

sh im database interface <subscriber-interface> detail

 

/Aleksandar

Aleksandar, I made new test config, and we added new attribute to AAA config (src ip of subscriber). It's incredible, but 2nd network started working normally.

 

show subscriber session all
Sun Dec  3 20:27:37.929 TOMSK
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End

Type         Interface                State     Subscriber IP Addr / Prefix                              
                                                LNS Address (Vrf)                              
--------------------------------------------------------------------------------
IP:PKT       Te0/0/2/1.459.ip1        AC        99.99.99.251 (default)            
IP:PKT       Te0/0/2/1.459.ip2        AC        10.227.247.253 (default) 

aaa attribute format VLAN_MAC_SRCIP
 format-string length 253 "0%s.%s.%s" outer-vlan-id client-mac-address-raw addr

I can't find an explanation why it did not work before...

Thank you for your support.

Hi,

and you are using this new AAA attribute for authorization (VLAN+MAC+SRC IP)? 

Hello,

 

I'm finding myself in a similar situation where I may have to perform prefix stacking while using unnumbered loopback interfaces because we're going to be migrating from PPPoE to IPoE using Geo Redundant BNG via two ASR9006 systems and I need assistance in determining the following.

 

1. When prefix stacking and using BNG is there a hierarchy for which prefix is used first? For example, is the primary prefix used and then the secondary?

2. Does Cisco recommend and support that type of configuration for BNG?

 

Thanks,

 

Alex

We do support secondary IPv4 addresses on Loopback that binds to a dynamic template. Quite a number of our customers are using this approach. The primary and all secondary addresses are always inherited by the subscriber interface. To avoid burning ARP entries (which we anyway don't need for subscriber interfaces), disable ARP on subscriber interfaces by configuring "subscriber arp scale-mode-enable".

/Aleksandar

Good Afternoon Aleksandar,

 

 

I appreciate your reply and information provided. I'll test with this and get back to you. I am currently awaiting completion of a new DHCP and Radius sever. I hope you have a great weekend!

Good Morning! I've been able to get an IPoE session up and working correctly. However, it doesn't seem as though I have the ability to assign multiple dhcpv4 proxy profiles to the same interface and I've not been able to find documentation stating that its supported or not. My goal is to maintain the flexibility of IP assignment that we have through the use of local pools for PPPoE. Yet bring that flexibility over to IPoE via DHCPv4 proxy. For example, take multiple /23 non-contiguous spaces and make them assignable across multiple interfaces as we do in PPPoE via IPCP. Any help is greatly appreciated.

Hi, have you managed to fix that?

I am replying to the BNG with the Loopback Interface and this is then the giaddr for the DHCP server.
The subscriber gets the correct IP address.

There is a problem though. I have one access-interface, but when there are sessions from two different subnets, the second subnet can't ping anything. If all subs are in the same subnet everything is ok.
No idea if this is a config or design issue, or maybe this is not supported at all.