ASR9k // 6.2.3 // BNG // http-redirect to (null)

dfauluchi · ‎08-23-2018

Hi Everybody,

We have a bng using a redirect policy. From time to time redirection fails. Here's the policy and the log when that happens:

policy-map type pbr psa_captive
class type traffic permit_always
transmit
!
class type traffic web_up_capture
http-redirect http://myportal.com:10101/redirect.html
!
class type traffic class-default
drop
!
end-policy-map
!

LC/0/2/CPU0:Aug 21 16:06:00 : pbr_ea[300]: PBR HTTPR (rsi_tbl:0xe0000018)(190.98.152.169)ClassID(256): Dropping ACK with no payload.
LC/0/2/CPU0:Aug 21 16:06:00 : pbr_ea[300]: PBR HTTPR (rsi_tbl:0xe0000018)(190.98.152.169)ClassID(256): Received HTTP ver:1.1, URL:/ncc.txt, redirect to:(null)

Aleksandar Vidakovic · ‎08-24-2018

"Dropping ACK with no payload" is not an indication of a bug, this is expected behaviour. Redirect to null is not expected. What do you see in "show pbr internal statistics location ..."? What is the configuration of the web_up_capture class? It might be the best if you opened a TAC SR for this issue.

dfauluchi · ‎08-25-2018

Hi Aleksandar,

Thanks for your answer. I opened a TAC SR 685092855, by anyway I'd like to have a second opinion.
Here you have the commands you asked for:

RP/0/RSP0/CPU0:xxxx#sh pbr internal statistics location 0/2/cPU0
Sat Aug 25 22:56:16.766 GMT
PBR EA Internal Statistics:
  RSI Replay End Pending: 0
  Database:
    IFH Add:                        79
    IFH Delete:                     79
    IFH Total:                      0
    Mutex Block:                    0
  IM:
    Caps Add:                        79
    Caps Add Error:                  0
    Caps Remove:                     78
    Caps Remove Error:               0
    DPC:                             4
    DPC Error:                       0
    Init Data Update:                4
    Init Data Update Error:          0
  Switching:
    Rx HTTPR TCP SYN:               7926
    Rx HTTPR TCP ACK:               27477
    Rx HTTPR TCP FIN:               7891
    Rx HTTPR HTTP GET:              6936
    Rx HTTPR HTTP HEAD:             6
    Rx HTTPR HTTP POST:             995
    Tx HTTPR TCP SYN ACK:           7926
    Tx HTTPR TCP FIN ACK:           7891
    Tx HTTPR HTTP Redirect:         7900
    DROP IFH Class ID Inval:        0
    DROP API Error:                 0
    DROP No Connection:             0
    DROP HTTPR Fragment:            0
    DROP HTTPR IP Options:          0
    DROP HTTPR TCP ACK:             15849
    DROP HTTPR TCP Parse:           29
    DROP HTTPR HTTP Parse:          3728


class-map type traffic match-any web_up_capture
 match access-group ipv4 web_up_capture_acl 
 end-class-map
! 
ipv4 access-list web_up_capture_acl
 10 permit tcp any any eq www
!

Diego.

Aleksandar Vidakovic · ‎08-27-2018

hi Diego,

I'm afraid I can't say based on the available information. This requires some more interactive troubleshooting, that's why I have asked you to open a TAC SR. I see that 685092855 was already accepted and is actively being worked on.

/Aleksandar

prague · ‎03-12-2023

I'm considering only providing this guidance for a specific subscriber group. I have an existing dynamic template, but I don't want to break it. Do you have any ideas on how I can do this by sending a radius attribute for a certain subscriber?

smailmilak · ‎03-14-2023

Hi,

use CoA (Change of Authorization) for that. This is also called dynamic author on XR.

You can then activate a dyn template e.g. type service for only one subscriber by pushing this attribute on RADIUS.