02-21-2018 06:44 AM - edited 03-01-2019 03:22 PM
Dear Colleagues, Can you explain me what is the reason of this situation:
I have 8K+ subscribers in SRGroup. But new session activation is fail when еthe number of subscribers sessions reaches 8227.
sh subscriber manager disconnect-history sum shows:
No 2018:02:21 19:31:13 Session-Start Failure, 'iEdge' detected the 'warning' condition 'Start Config Failure', DC: 0 AC: 48 TC: 10 No 2018:02:21 19:31:13 Session-Start Failure, 'iEdge' detected the 'warning' condition 'Start Config Failure', DC: 0 AC: 48 TC: 10 No 2018:02:21 19:31:13 IP Subscriber session create failure ( Session Activate Failure ) , DC: 0 AC: 0 TC: 9
sh subscriber manager disconnect-history last shows:
Disconnect Reason: Session-Start Failure, 'iEdge' detected the 'warning' condition 'Start Config Failure' Disconnect Cause: AAA_DISC_CAUSE_DEFAULT (0) Abort Cause: AAA_AV_ABORT_CAUSE_SECURITY_FAIL (48) Terminate Cause: AAA_AV_TERMINATE_CAUSE_NAS_REQUEST (10) Time Disconnected: 2018:02:21 19:35:51 Client: [iEdge internal] Subscriber Label: 0x00000e8a Interface: No [ Session Info ] Interface: None Circuit ID: Unknown Remote ID: Unknown Type: IP: Packet-trigger IPv4 State: Up Pending, Wed Feb 21 19:35:51 2018 IPv4 Address: 10.227.227.198, VRF: default Mac Address: b0b2.dca8.ae2f Account-Session Id: 0293642N Nas-Port: 1527060044 User name: 01302.b0b2dca8ae2f.10.227.227.198 Formatted User name: 01302.b0b2dca8ae2f.10.227.227.198 Client User name: unknown Outer VLAN ID: 1302 Subscriber Label: 0x00000e8a Created: Wed Feb 21 19:35:51 2018 State: Connected Authentication: unauthenticated Authorization: authorized Ifhandle: 0x00000000 Session History ID: 0 Access-interface: Bundle-Ether91.1302 SRG Flags: 0x00004000 Policy Executed: event Session-Start match-first [at Wed Feb 21 19:35:51 2018] class type control subscriber class-default do-until-failure [Succeeded] 10 set-timer TIMER_UNAUTH 1 [cerr: No error][aaa: Success] 20 activate dynamic-template DYNTPL_IP_SUB_26 [cerr: No error][aaa: Success] 30 authorize aaa list default [cerr: No error][aaa: Success] Session Accounting: disabled Last COA request received: unavailable User Profile received from AAA: None No Services [Event History] Feb 21 19:35:51.424 IPv4 Start Feb 21 19:35:51.680 SUBDB produce done(fail) Disconnect Reason: IP Subscriber session create failure ( Session Activate Failure ) Disconnect Cause: AAA_DISC_CAUSE_DEFAULT (0) Abort Cause: AAA_AV_ABORT_CAUSE_NO_REASON (0) Terminate Cause: AAA_AV_TERMINATE_CAUSE_NAS_ERROR (9) Time Disconnected: 2018:02:21 19:35:52 Client: ipsub_ma Subscriber Label: 0x000796e2 Interface: No [ Session Info ] Interface: None Circuit ID: Unknown Remote ID: Unknown Type: IP: Packet-trigger IPv4 State: Up Pending, Wed Feb 21 19:35:51 2018 IPv4 Address: 10.161.155.210, VRF: default Mac Address: 14da.e923.a067 Account-Session Id: 0258045N Nas-Port: 1527060301 User name: 01303.14dae923a067.10.161.155.210 Formatted User name: 01303.14dae923a067.10.161.155.210 Client User name: unknown Outer VLAN ID: 1303 Subscriber Label: 0x000796e2 Created: Wed Feb 21 19:35:51 2018 State: Connected Authentication: unauthenticated Authorization: authorized Ifhandle: 0x00000000 Session History ID: 0 Access-interface: Bundle-Ether91.1303 SRG Flags: 0x00004000 Policy Executed: event Session-Start match-first [at Wed Feb 21 19:35:51 2018] class type control subscriber class-default do-until-failure [Succeeded] 10 set-timer TIMER_UNAUTH 1 [cerr: No error][aaa: Success] 20 activate dynamic-template DYNTPL_IP_SUB_26 [cerr: No error][aaa: Success] 30 authorize aaa list default [cerr: No error][aaa: Success] Session Accounting: disabled Last COA request received: unavailable User Profile received from AAA: None No Services [Event History] Feb 21 19:35:51.552 IPv4 Start Feb 21 19:35:51.936 SUBDB produce done(fail) Disconnect Reason: IP Subscriber session create failure ( Session Activate Failure ) Disconnect Cause: AAA_DISC_CAUSE_DEFAULT (0) Abort Cause: AAA_AV_ABORT_CAUSE_NO_REASON (0) Terminate Cause: AAA_AV_TERMINATE_CAUSE_NAS_ERROR (9) Time Disconnected: 2018:02:21 19:35:52 Client: ipsub_ma Subscriber Label: 0x0007be0d Interface: No [ Session Info ] Interface: None Circuit ID: Unknown Remote ID: Unknown Type: IP: Packet-trigger IPv4 State: Up Pending, Wed Feb 21 19:35:51 2018 IPv4 Address: 10.243.106.5, VRF: default Mac Address: 001d.9208.eb46 Account-Session Id: 0335492N Nas-Port: 1527061070 User name: 01306.001d9208eb46.10.243.106.5 Formatted User name: 01306.001d9208eb46.10.243.106.5 Client User name: unknown Outer VLAN ID: 1306 Subscriber Label: 0x0007be0d Created: Wed Feb 21 19:35:51 2018 State: Connected Authentication: unauthenticated Authorization: authorized Ifhandle: 0x00000000 Session History ID: 0 Access-interface: Bundle-Ether91.1306 SRG Flags: 0x00004000 Policy Executed: event Session-Start match-first [at Wed Feb 21 19:35:51 2018] class type control subscriber class-default do-until-failure [Succeeded] 10 set-timer TIMER_UNAUTH 1 [cerr: No error][aaa: Success] 20 activate dynamic-template DYNTPL_IP_SUB_26 [cerr: No error][aaa: Success] 30 authorize aaa list default [cerr: No error][aaa: Success] Session Accounting: disabled Last COA request received: unavailable User Profile received from AAA: None No Services [Event History] Feb 21 19:35:51.552 IPv4 Start Feb 21 19:35:51.936 SUBDB produce done(fail)
What does it mean ? I see that radius authorized these subscribers and gave access-accept, but ASR did't create sessions.
Subscribers are in different VLAN, have /24 subnet per VLAN with unnumbered ip address, have one loopback interface with multiple ip subnets on them. I tried to place all 8k+ subscribers into one SRG and i tried to place subscribers into two different SRG on one ASR - the result is - 8277 activated sessions. But if migrate 10% of subscribers to another node in SRG - 8277+ subscribers have a service.
ASR9001 with 4 tengig PHY, XR 6.2.25. Logging have no any error messages. Can you explain this trouble ?
Best regards
Sergey
Solved! Go to Solution.
12-26-2018 05:53 PM
Aleksandar, you wrote that q-in-q technology usage allows to distribute subscriber access VLANs across the chunks. I can't understand how it is implemented. I have dot1q encapsulated access vlans now:
interface Bundle-Ether91.446
description --S_VLAN446--
service-policy output SPD subscriber-parent resource-id 1
ipv4 point-to-point
ipv4 unnumbered Loopback26
service-policy type control subscriber PM_IPoE_26
encapsulation dot1q 446
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
interface Bundle-Ether91.447
description --S_VLAN447--
service-policy output SPD subscriber-parent resource-id 0
ipv4 point-to-point
ipv4 unnumbered Loopback26
service-policy type control subscriber PM_IPoE_26
encapsulation dot1q 447
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
But if i put it into ambiguous encapsulation with dot1q-range or dot1ad SC-VLAN how can i distribute access vlans across chunks ?
Thank you.
01-02-2019 03:19 AM
The architecture of the Traffic Manager chip on the NP allows the S-VLAN to be mapped to a chunk. To answer your first question, this is a sample configuration:
RP/0/RP0/CPU0:ASR9k#sh run int PE300.309
interface PW-Ether300.309
service-policy output SPD subscriber-parent resource-id 0
ipv4 unnumbered Loopback300
service-policy type control subscriber IPoE
encapsulation dot1q 309
ipsubscriber ipv4 l2-connected
initiator dhcp
!
!
RP/0/RP0/CPU0:ASR9k#sh subscriber running-config interface name PE300.309.ip3
Building configuration...
!! IOS XR Configuration 6.3.3
subscriber-label 0x44
dynamic-template
type ipsubscriber IPoE
ipv4 unnumbered Loopback300
ipv4 unreachables disable
service-policy output bng-parent
!
!
end
* Suffix indicates the configuration item can be added by aaa server only
RP/0/RP0/CPU0:ASR9k#sh run policy-map SPD
policy-map SPD
class class-default
shape average 1 gbps
!
end-policy-map
!
RP/0/RP0/CPU0:ASR9k#sh run policy-map bng-parent
policy-map bng-parent
class class-default
service-policy bng-child
shape average 100 mbps
bandwidth remaining ratio 30
bandwidth 50 mbps
!
end-policy-map
!
RP/0/RP0/CPU0:ASR9k#sh run policy-map bng-child
policy-map bng-child
class V4-PACKET-IS-AF23
bandwidth percent 30
!
class V4-PACKET-IS-AF31
bandwidth percent 20
!
class V4-PACKET-IS-AF41
bandwidth percent 40
!
class V4-PACKET-IS-CS5
priority level 1
police rate percent 5
!
!
class class-default
!
end-policy-map
!
RP/0/RP0/CPU0:ASR9k#
RP/0/RP0/CPU0:ASR9k#sh subscriber session filter interface PE300.309.ip3 detail
Interface: PW-Ether300.309.ip3
Circuit ID: Unknown
Remote ID: Unknown
Type: IP: DHCP-trigger
IPv4 State: Up, Sat Dec 15 12:27:21 2018
IPv4 Address: 192.168.31.20, VRF: default
Mac Address: 0006.2aaa.24a8
Account-Session Id: 0000f8b3
Nas-Port: 201331539
User name: unknown
Formatted User name: unknown
Client User name: unknown
Outer VLAN ID: 309
Subscriber Label: 0x00000044
Created: Sat Dec 15 12:27:12 2018
State: Activated
Authentication: unauthenticated
Authorization: unauthorized
Access-interface: PW-Ether300.309
Policy Executed:
policy-map type control subscriber IPoE
event Session-Start match-first [at Sat Dec 15 12:27:12 2018]
class type control subscriber class-default do-until-failure [Succeeded]
10 activate dynamic-template IPoE [Succeeded]
Session Accounting: disabled
Last COA request received: unavailable
RP/0/RP0/CPU0:ASR9k#
I wrote QinQ because that's what most BNG solutions use, but as you can see this approach works for dot1q encapsulation as well.
/Aleksandar
01-02-2019 06:41 AM
Thank you very much Aleksandar!
Happy New Year :)
03-10-2019 08:26 PM
Hi, Aleksandar! Thank you for your advice. I've made this configuration:
interface Bundle-Ether24.0
description ---CHE36-BNG_NP0_CHUNK0---
service-policy output SPD_CHE36 subscriber-parent resource-id 0
vrf cust
ipv4 point-to-point
ipv4 unnumbered Loopback24
arp learning disable
service-policy type control subscriber PM_IPoE_CHE36
load-interval 30
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
!
encapsulation ambiguous dot1q 423-425 , 1100 , 1127-1137 , 1147-1151 , 1154-1160 , 1162-1163 , 1168-1169
!
interface Bundle-Ether24.1
description ---CHE36-BNG_NP0_CHUNK1---
service-policy output SPD_CHE36 subscriber-parent resource-id 1
vrf cust
ipv4 point-to-point
ipv4 unnumbered Loopback24
arp learning disable
service-policy type control subscriber PM_IPoE_CHE36
load-interval 30
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
!
encapsulation ambiguous dot1q 422 , 426 , 429 , 560 , 1164-1165
subsciber redundancy group 24
interface-list
interface Bundle-Ether24.0 id 240
interface Bundle-Ether24.1 id 241
+ state-control routes and this scheme is working fine. But there is one small problem :)
Traffic on the bundle has reached the value approx 3 Gbps and the counters have become wrong: the 1st second - 4,2 Gbps, 2nd second - 1,8 Gbps, 3rd second - 0 Gbps, 4th second - 5,2 Gbps. Counters on the Phy-int (te0/0/0/0) - are OK, without any diviation.
interface Bundle-Ether24
description ---CHE36-BNG---
!
interface Bundle-Ether24.0
description ---CHE36-BNG---
service-policy output SPD_CHE36 subscriber-parent resource-id 0
vrf cust
ipv4 point-to-point
ipv4 unnumbered Loopback24
arp learning disable
service-policy type control subscriber PM_IPoE_CHE36
load-interval 30
ipsubscriber ipv4 l2-connected
initiator dhcp
initiator unclassified-source
!
encapsulation ambiguous dot1q 423-425 , 1100 , 1127-1137 , 1147-1151 , 1154-1160 , 1162-1163 , 1168-1169
!
interface TenGigE0/0/0/0
bundle id 24 mode passive
Have you seen this problem before?
I found https://quickview.cloudapps.cisco.com/quickview/bug/CSCty22548, but it was in 4 version of iOS XR.
Thank you!
With best regards, Sergey.
02-14-2019 07:56 PM
Hi Aleksandar!
Are there SNMP OIDs for monitoring utilization of NP's resources ? We are running iOS XR 6.4.2.
Thank you!
With best regards, Sergey.
02-16-2019 08:12 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: