Solved: ASR 9k BNG dhcp triggered session start (ack not received by client)

David Tsulaia · ‎02-10-2015

Hello,

I am currently setting up bng on 9k with l2-connected subscribers, session is initiated on receipt of dhcp packet. Everything works fine up to the point where asr 9k dhcp proxy has to send ACK to the DCHP request that client send after it gets OFFER from 9k. here are some configs, debugs and shows:

dhcp ipv4
 profile PROXY proxy
  lease proxy client-lease-time XXX
  class ONE
   helper-address vrf default XXXX giaddr XXXX
  !
  relay information option
  relay information policy replace
  relay information option remote-id 300
  relay information option allow-untrusted
 !
 interface TenGigE0/1/0/0.XXX proxy profile PROXY

policy-map type control subscriber SUB
 event session-start match-first
  class type control subscriber class-default do-all
   10 authorize aaa list default identifier source-address-mac password cisco
  !
  class type control subscriber DHCP do-all
   10 authorize aaa list default identifier source-address-mac password cisco
  !
 !
 end-policy-map

interface TenGigE0/1/0/0.XXX
 ipv4 point-to-point
 ipv4 address XXXX XXXX
 arp learning disable
 service-policy type control subscriber SUB
 encapsulation dot1q XXX
 ipsubscriber ipv4 l2-connected
  initiator dhcp

debug dhcp ipv4 proxy

LC/0/1/CPU0:Feb  9 13:01:27.163 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_DISCOVER state INIT
LC/0/1/CPU0:Feb  9 13:01:27.163 : dhcpd[158]: DHCPD PROXY: TP1903: Process packet event in INIT state called for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:01:27.180 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event DPM_SUCCESS state INIT_DPM_WAIT
LC/0/1/CPU0:Feb  9 13:01:27.180 : dhcpd[158]: DHCPD PROXY: TP1917: Process client request called for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:01:27.184 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_OFFER state SELECTING
LC/0/1/CPU0:Feb  9 13:01:27.184 : dhcpd[158]: DHCPD PROXY: TP1918: Process server reply called for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:01:27.184 : dhcpd[158]: DHCPD PROXY: TP2371: Process OFFER for chaddr 1803.7396.4aae - successful
LC/0/1/CPU0:Feb  9 13:01:29.281 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_DISCOVER state OFFER_SENT
LC/0/1/CPU0:Feb  9 13:01:29.281 : dhcpd[158]: DHCPD PROXY: TP1917: Process client request called for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:01:29.285 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_OFFER state SELECTING
LC/0/1/CPU0:Feb  9 13:01:29.285 : dhcpd[158]: DHCPD PROXY: TP1918: Process server reply called for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:01:29.286 : dhcpd[158]: DHCPD PROXY: TP2371: Process OFFER for chaddr 1803.7396.4aae - successful
LC/0/1/CPU0:Feb  9 13:01:32.289 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_REQUEST state OFFER_SENT
LC/0/1/CPU0:Feb  9 13:01:32.289 : dhcpd[158]: DHCPD PROXY: TP3412: Stored option 55 response cleared
LC/0/1/CPU0:Feb  9 13:01:32.290 : dhcpd[158]: DHCPD PROXY: TP1917: Process client request called for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:01:32.293 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_ACK state REQUESTING

this is point where it gets stuck until it expires at this point session is coming UP access-accept is already received and processed successfully.

LC/0/1/CPU0:Feb  9 13:02:32.293 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event LEASE_EXPIRE state ACK_DPM_WAIT
LC/0/1/CPU0:Feb  9 13:02:32.293 : dhcpd[158]: DHCPD PROXY: TP2805: Client delete called for chaddr 1803.7396.4aae due to reason Client lease expired
LC/0/1/CPU0:Feb  9 13:02:32.293 : dhcpd[158]: DHCPD PROXY: TP2821: Client delete called for chaddr 1803.7396.4aae due to reason Client lease expired but DPM in progress, queue on DLC
LC/0/1/CPU0:Feb  9 13:02:32.293 : dhcpd[158]: DHCPD PROXY ERROR: TP1518: Lease Expire failed for chaddr 1803.7396.4aae
LC/0/1/CPU0:Feb  9 13:02:32.293 : dhcpd[158]: DHCPD PROXY ERROR: TP3647: FSM call returned error for chaddr_string: 1803.7396.4aae, msg_type:0, mode: 4, event: 4

here it end after expiring and session fails to come up.

Any help is appreciated IOS XR version is 5.2.2. I'll gladly provide any detail needed.

I was using this http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-2/bng/configuration/guide/b-bng-cg52xasr9k.html

and this https://supportforums.cisco.com/document/77526/asr9000-bng-training-guide-setting-pppoe-and-ipoe-sessions

as a guide also few other docs from xander.

xthuijs · ‎02-18-2015

the access-interface in your case

TenGigE0/1/0/0.XXX

needs to have an ip address or needs to be unnumbered to a loopback in order to enable IP on the interface so that an incoming DHCP request is not dropped because of reason "ip not enabled". this address can really be ANY address, as long as IP is enabled that part is happy.

Then when the subscriber is created, we create a new interface off the base interface with a .ip<#> suffix, since this is a new interface it needs to have a local address, in this case we want to be unnumbered to something because:

1) we want to be able to reuse that interface multiple times for multiple subscribers

2) it serves as the gateway address for the subscriber.

So the unnumbered from the template OR passed by radius needs to serve the subnet in the range that you're allocating adds from to the sub.

xander

View solution in original post

David Tsulaia · ‎02-10-2015

Solution bng needs to know interface on which to operate of sorts....

So either telling it with

dynamic template type ipsubscriber SUB

ipv4 unnumbered lo0

or you can tell it with radius ipv4:ipv4-unnumbered=Loopback0

I do not understand the logic of this since the phy interface or bundle already had IP address.

But it works and the client receives the ACk and IP address is BOUND and session is UP.

xthuijs · ‎02-18-2015

the access-interface in your case

TenGigE0/1/0/0.XXX

needs to have an ip address or needs to be unnumbered to a loopback in order to enable IP on the interface so that an incoming DHCP request is not dropped because of reason "ip not enabled". this address can really be ANY address, as long as IP is enabled that part is happy.

Then when the subscriber is created, we create a new interface off the base interface with a .ip<#> suffix, since this is a new interface it needs to have a local address, in this case we want to be unnumbered to something because:

1) we want to be able to reuse that interface multiple times for multiple subscribers

2) it serves as the gateway address for the subscriber.

So the unnumbered from the template OR passed by radius needs to serve the subnet in the range that you're allocating adds from to the sub.

xander

David Tsulaia · ‎02-18-2015

Thank you for clarification.

As you can see from config snippet interface has ip address assigned, but it still didn't work untill I put unnumbered either in dynamic-template or in AV pair. So i guess it MUST be unnumbered?

xthuijs · ‎02-18-2015

yeah your address configuration was on the access interface in this config section, and that merely enables the ip routing on that interface to consume the dhcp discover.

separately from that you need the unnumbered either on the template (if activated via the control policy) or passed from radius.

the unnumbered instead of static assignment is key simply because this address is "reused" by all subscriber interfaces leveraging that same pool, hence unnumbered is must to allow multiple "local" interface reusing the same address. unnumbered on bcast media (such as ethernet) is then key as opposed to static assignment.

This is similar to the virtual-template ip unnumbered btw.

In that facinity IOS virtual-template is equivalent to XR dynamic template.

xander

David Tsulaia · ‎02-18-2015

I had a rough idea of how and why it worked. You made it clear and consice. Thank you very much :)