cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4488
Views
30
Helpful
20
Replies

ASR 9001 SRG 8k SubSessions limit ?

Serg_tsk
Level 1
Level 1

Dear Colleagues, Can you explain me what is the reason of this situation:

I have 8K+ subscribers in SRGroup. But new session activation is fail when еthe number of subscribers sessions reaches 8227.

 

sh subscriber manager disconnect-history sum shows:

 

No                      2018:02:21 19:31:13  Session-Start Failure, 'iEdge'
                                             detected the 'warning' condition
                                             'Start Config Failure', DC: 0 AC:
                                             48 TC: 10
No                      2018:02:21 19:31:13  Session-Start Failure, 'iEdge'
                                             detected the 'warning' condition
                                             'Start Config Failure', DC: 0 AC:
                                             48 TC: 10
No                      2018:02:21 19:31:13  IP Subscriber session create
                                             failure ( Session Activate
                                             Failure ) , DC: 0 AC: 0 TC: 9

sh subscriber manager disconnect-history last shows:

 

Disconnect Reason:        Session-Start Failure, 'iEdge' detected the 'warning' condition 'Start Config Failure'
Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause:              AAA_AV_ABORT_CAUSE_SECURITY_FAIL (48)
Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NAS_REQUEST (10)
Time Disconnected:        2018:02:21 19:35:51
Client:                   [iEdge internal]
Subscriber Label:         0x00000e8a
Interface:                No

[ Session Info ]

Interface:                None
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     IP: Packet-trigger
IPv4 State:               Up Pending, Wed Feb 21 19:35:51 2018
IPv4 Address:             10.227.227.198, VRF: default
Mac Address:              b0b2.dca8.ae2f
Account-Session Id:       0293642N
Nas-Port:                 1527060044
User name:                01302.b0b2dca8ae2f.10.227.227.198
Formatted User name:      01302.b0b2dca8ae2f.10.227.227.198
Client User name:         unknown
Outer VLAN ID:            1302
Subscriber Label:         0x00000e8a
Created:                  Wed Feb 21 19:35:51 2018
State:                    Connected
Authentication:           unauthenticated
Authorization:            authorized
Ifhandle:                 0x00000000
Session History ID:       0
Access-interface:         Bundle-Ether91.1302
SRG Flags:                0x00004000
Policy Executed:

  event Session-Start match-first [at Wed Feb 21 19:35:51 2018]
    class type control subscriber class-default do-until-failure [Succeeded]
      10 set-timer TIMER_UNAUTH 1 [cerr: No error][aaa: Success]
      20 activate dynamic-template DYNTPL_IP_SUB_26 [cerr: No error][aaa: Success]
      30 authorize aaa list default [cerr: No error][aaa: Success]
Session Accounting: disabled
Last COA request received: unavailable
User Profile received from AAA: None
No Services
[Event History]
   Feb 21 19:35:51.424 IPv4 Start
   Feb 21 19:35:51.680 SUBDB produce done(fail)


Disconnect Reason:        IP Subscriber session create failure ( Session Activate Failure )
Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause:              AAA_AV_ABORT_CAUSE_NO_REASON (0)
Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NAS_ERROR (9)
Time Disconnected:        2018:02:21 19:35:52
Client:                   ipsub_ma
Subscriber Label:         0x000796e2
Interface:                No

[ Session Info ]

Interface:                None
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     IP: Packet-trigger
IPv4 State:               Up Pending, Wed Feb 21 19:35:51 2018
IPv4 Address:             10.161.155.210, VRF: default
Mac Address:              14da.e923.a067
Account-Session Id:       0258045N
Nas-Port:                 1527060301
User name:                01303.14dae923a067.10.161.155.210
Formatted User name:      01303.14dae923a067.10.161.155.210
Client User name:         unknown
Outer VLAN ID:            1303
Subscriber Label:         0x000796e2
Created:                  Wed Feb 21 19:35:51 2018
State:                    Connected
Authentication:           unauthenticated
Authorization:            authorized
Ifhandle:                 0x00000000
Session History ID:       0
Access-interface:         Bundle-Ether91.1303
SRG Flags:                0x00004000
Policy Executed:

  event Session-Start match-first [at Wed Feb 21 19:35:51 2018]
    class type control subscriber class-default do-until-failure [Succeeded]
      10 set-timer TIMER_UNAUTH 1 [cerr: No error][aaa: Success]
      20 activate dynamic-template DYNTPL_IP_SUB_26 [cerr: No error][aaa: Success]
      30 authorize aaa list default [cerr: No error][aaa: Success]
Session Accounting: disabled
Last COA request received: unavailable
User Profile received from AAA: None
No Services
[Event History]
   Feb 21 19:35:51.552 IPv4 Start
   Feb 21 19:35:51.936 SUBDB produce done(fail)


Disconnect Reason:        IP Subscriber session create failure ( Session Activate Failure )
Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause:              AAA_AV_ABORT_CAUSE_NO_REASON (0)
Terminate Cause:          AAA_AV_TERMINATE_CAUSE_NAS_ERROR (9)
Time Disconnected:        2018:02:21 19:35:52
Client:                   ipsub_ma
Subscriber Label:         0x0007be0d
Interface:                No

[ Session Info ]

Interface:                None
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     IP: Packet-trigger
IPv4 State:               Up Pending, Wed Feb 21 19:35:51 2018
IPv4 Address:             10.243.106.5, VRF: default
Mac Address:              001d.9208.eb46
Account-Session Id:       0335492N
Nas-Port:                 1527061070
User name:                01306.001d9208eb46.10.243.106.5
Formatted User name:      01306.001d9208eb46.10.243.106.5
Client User name:         unknown
Outer VLAN ID:            1306
Subscriber Label:         0x0007be0d
Created:                  Wed Feb 21 19:35:51 2018
State:                    Connected
Authentication:           unauthenticated
Authorization:            authorized
Ifhandle:                 0x00000000
Session History ID:       0
Access-interface:         Bundle-Ether91.1306
SRG Flags:                0x00004000
Policy Executed:

  event Session-Start match-first [at Wed Feb 21 19:35:51 2018]
    class type control subscriber class-default do-until-failure [Succeeded]
      10 set-timer TIMER_UNAUTH 1 [cerr: No error][aaa: Success]
      20 activate dynamic-template DYNTPL_IP_SUB_26 [cerr: No error][aaa: Success]
      30 authorize aaa list default [cerr: No error][aaa: Success]
Session Accounting: disabled
Last COA request received: unavailable
User Profile received from AAA: None
No Services
[Event History]
   Feb 21 19:35:51.552 IPv4 Start
   Feb 21 19:35:51.936 SUBDB produce done(fail)

What does it mean ? I see that radius authorized these subscribers and gave access-accept, but ASR did't create sessions.

Subscribers are in different VLAN, have  /24 subnet per VLAN with unnumbered ip address, have one loopback interface with multiple ip subnets on them. I tried to place all 8k+ subscribers into one SRG and i tried to place subscribers into two different SRG on one ASR - the result is - 8277  activated sessions. But if migrate 10% of subscribers to another node in SRG - 8277+ subscribers have a service.

ASR9001 with 4 tengig PHY, XR 6.2.25. Logging have no any error messages. Can you explain this trouble ?

 

Best regards

Sergey

 

20 Replies 20

Aleksandar, you wrote that q-in-q technology usage allows to distribute subscriber access VLANs across the chunks. I can't understand how it is implemented. I have dot1q encapsulated access vlans now:

 

 interface Bundle-Ether91.446
 description --S_VLAN446--
 service-policy output SPD subscriber-parent resource-id 1
 ipv4 point-to-point
 ipv4 unnumbered Loopback26
 service-policy type control subscriber PM_IPoE_26
 encapsulation dot1q 446
 ipsubscriber ipv4 l2-connected
  initiator dhcp
  initiator unclassified-source


interface Bundle-Ether91.447
 description --S_VLAN447--
 service-policy output SPD subscriber-parent resource-id 0
 ipv4 point-to-point
 ipv4 unnumbered Loopback26
 service-policy type control subscriber PM_IPoE_26
 encapsulation dot1q 447
 ipsubscriber ipv4 l2-connected
  initiator dhcp
  initiator unclassified-source

 

 

But if i put it into ambiguous encapsulation with dot1q-range or dot1ad SC-VLAN how  can i distribute access vlans across chunks ?

 Thank you.

 

The architecture of the Traffic Manager chip on the NP allows the S-VLAN to be mapped to a chunk. To answer your first question, this is a sample configuration:

 

RP/0/RP0/CPU0:ASR9k#sh run int PE300.309
interface PW-Ether300.309
service-policy output SPD subscriber-parent resource-id 0
ipv4 unnumbered Loopback300
service-policy type control subscriber IPoE
encapsulation dot1q 309
ipsubscriber ipv4 l2-connected
initiator dhcp
!
!

RP/0/RP0/CPU0:ASR9k#sh subscriber running-config interface name PE300.309.ip3
Building configuration...
!! IOS XR Configuration 6.3.3
subscriber-label 0x44
dynamic-template
type ipsubscriber IPoE
ipv4 unnumbered Loopback300
ipv4 unreachables disable
service-policy output bng-parent
!
!
end

* Suffix indicates the configuration item can be added by aaa server only
RP/0/RP0/CPU0:ASR9k#sh run policy-map SPD
policy-map SPD
class class-default
shape average 1 gbps
!
end-policy-map
!

RP/0/RP0/CPU0:ASR9k#sh run policy-map bng-parent
policy-map bng-parent
class class-default
service-policy bng-child
shape average 100 mbps
bandwidth remaining ratio 30
bandwidth 50 mbps
!
end-policy-map
!

RP/0/RP0/CPU0:ASR9k#sh run policy-map bng-child
policy-map bng-child
class V4-PACKET-IS-AF23
bandwidth percent 30
!
class V4-PACKET-IS-AF31
bandwidth percent 20
!
class V4-PACKET-IS-AF41
bandwidth percent 40
!
class V4-PACKET-IS-CS5
priority level 1
police rate percent 5
!
!
class class-default
!
end-policy-map
!

RP/0/RP0/CPU0:ASR9k#
RP/0/RP0/CPU0:ASR9k#sh subscriber session filter interface PE300.309.ip3 detail
Interface: PW-Ether300.309.ip3
Circuit ID: Unknown
Remote ID: Unknown
Type: IP: DHCP-trigger
IPv4 State: Up, Sat Dec 15 12:27:21 2018
IPv4 Address: 192.168.31.20, VRF: default
Mac Address: 0006.2aaa.24a8
Account-Session Id: 0000f8b3
Nas-Port: 201331539
User name: unknown
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 309
Subscriber Label: 0x00000044
Created: Sat Dec 15 12:27:12 2018
State: Activated
Authentication: unauthenticated
Authorization: unauthorized
Access-interface: PW-Ether300.309
Policy Executed:
policy-map type control subscriber IPoE
event Session-Start match-first [at Sat Dec 15 12:27:12 2018]
class type control subscriber class-default do-until-failure [Succeeded]
10 activate dynamic-template IPoE [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable

RP/0/RP0/CPU0:ASR9k#

 

I wrote QinQ because that's what most BNG solutions use, but as you can see this approach works for dot1q encapsulation as well. 

 

/Aleksandar

Thank you very much Aleksandar!

 

Happy New Year :)

Hi, Aleksandar! Thank you for your advice. I've made this configuration:

 

interface Bundle-Ether24.0
description ---CHE36-BNG_NP0_CHUNK0---
service-policy output SPD_CHE36 subscriber-parent resource-id 0
vrf cust
ipv4 point-to-point
ipv4 unnumbered Loopback24
arp learning disable
service-policy type control subscriber PM_IPoE_CHE36
load-interval 30
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
!
encapsulation ambiguous dot1q 423-425 , 1100 , 1127-1137 , 1147-1151 , 1154-1160 , 1162-1163 , 1168-1169
!

interface Bundle-Ether24.1
description ---CHE36-BNG_NP0_CHUNK1---
service-policy output SPD_CHE36 subscriber-parent resource-id 1
vrf cust
ipv4 point-to-point
ipv4 unnumbered Loopback24
arp learning disable
service-policy type control subscriber PM_IPoE_CHE36
load-interval 30
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
!
encapsulation ambiguous dot1q 422 , 426 , 429 , 560 , 1164-1165


subsciber redundancy group 24

interface-list

interface Bundle-Ether24.0 id 240

interface Bundle-Ether24.1 id 241

 

+ state-control routes and this scheme is working fine. But there is one small problem :)

Traffic on the bundle has reached the value approx 3 Gbps and the counters have become wrong: the 1st second - 4,2 Gbps, 2nd second - 1,8 Gbps, 3rd second - 0 Gbps, 4th second - 5,2 Gbps. Counters on the Phy-int (te0/0/0/0) - are OK, without any diviation.

 

interface Bundle-Ether24
description ---CHE36-BNG---
!

interface Bundle-Ether24.0
description ---CHE36-BNG---
service-policy output SPD_CHE36 subscriber-parent resource-id 0
vrf cust
ipv4 point-to-point
ipv4 unnumbered Loopback24
arp learning disable
service-policy type control subscriber PM_IPoE_CHE36
load-interval 30
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
!
encapsulation ambiguous dot1q 423-425 , 1100 , 1127-1137 , 1147-1151 , 1154-1160 , 1162-1163 , 1168-1169
!

interface TenGigE0/0/0/0
bundle id 24 mode passive

 

 

Have you seen this problem before?

I found https://quickview.cloudapps.cisco.com/quickview/bug/CSCty22548, but it was in 4 version of iOS XR.

 

Thank you!

 

With best regards, Sergey.

Hi Aleksandar!

Are there SNMP OIDs for monitoring utilization of NP's resources ? We are running iOS XR 6.4.2. 

Thank you!

With best regards, Sergey.

hi Sergey, we are not expanding the SNMP MIBs any more. SNMP as protocol cannot scale any more. We're investing into making operational data available through model-driven Telemetry. We already have some data available: https://github.com/YangModels/yang/blob/master/vendor/cisco/xr/642/Cisco-IOS-XR-asr9k-np-oper.yang You'll see that one type of info are the "fast drops". If there are no fast-drops by NP, it means that the NP is not running low on resources. The fast drops are available as separate counters on Tomahawk. On Typhoon look for low priority drop counter increment: PARSE_FAST_DISCARD_LOW_PRIORITY_DROP_[0-3] A good starting point for Telemetry: BRKSPG-2333: Model Driven Telemetry (CLEUR 2017) https://xrdocs.io/telemetry/tutorials/2016-07-21-configuring-model-driven-telemetry-mdt/ https://xrdocs.github.io/telemetry/tutorials/2016-07-25-configuring-model-driven-telemetry-mdt-with-yang/ /Aleksandar
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: