Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1878
Views
0
Helpful
0
Replies

ASR9k-BNG as proxy DHCP and DHCP serveur in different vrf with ABF between vrf having problem

stany aymon
Level 1
Level 1

‎11-12-2013 05:32 AM

Problem overview

BNG is configured as DHCP proxy and a lot of DHCP discover and DHCP offer are exchanged between the DHCP server and the proxy before the client is able to have set the correct IP. This could take a variable time from few minutes to 20 minutes.

I have the feeling that the BNG behaviour or routing is the problem.

Environment:

-two ASR 9001 in cluster with version 4.3.2

-default global vrf for public IP addresses with access to internet with the bundle interface BE1.1103 as interface for the IPoE clients

-interface BE1.1099 in vrf <Ftth> where the different servers are located in to provide radius and dhcp services

-BNG is used to provide HighSpeedInternet (HSI) IP addresses to the clients (interface router on a fiber-modem)

-ABF on both interfaces BE1.1103 and BE1.1099 to permit to route some IPs between the global and the Ftth vrf

-radius server in the BE1.1099 that allow the client to receive an IP through the DHCP proxy on the BNG

Configuration on BNG:

dhcp ipv4

profile DHCP_B1103_PF proxy

  lease proxy client-lease-time 600

  helper-address vrf Ftth a.a.a.21 giaddr x.x.x.1

  relay information option

  relay information policy keep

  relay information option allow-untrusted

!

interface Bundle-Ether1.1103 proxy profile DHCP_B1103_PF

duplicate-mac-allowed

interface Bundle-Ether1.1099

description Serveur interface

vrf Ftth

ipv4 address a.a.a.1 255.255.255.0

encapsulation dot1q 1099

ipv4 access-group Abf1 ingress hardware-count

ipv4 access-list Abf1

50 permit ipv4 any x.x.x.0/24 nexthop1

51 permit icmp any x.x.x.0 0.0.0.255 nexthop1

60 permit ipv4 any any

!

interface Bundle-Ether1.1103

description HSI Clients

ipv4 point-to-point

ipv4 unnumbered Loopback1

arp learning disable

service-policy type control subscriber IPOE_POLICY

encapsulation dot1q 1103

ipsubscriber ipv4 l2-connected

  initiator dhcp

!

ipv4 access-group Abf2 ingress hardware-count

!

ipv4 access-list Abf2

10 permit ipv4 x.x.x.0/24 a.a.a.0/24 nexthop1 vrf Ftth

30 permit icmp x.x.x.0/24 a.a.a.0/24 nexthop1 vrf Ftth

60 permit ipv4 any any

!

Problem description:

-the radius is working perfectly and allow the different clients to receive an IP from the DHCP

-from the DHCP server I can ping an IP subscriber so the routing between ABF seams to work

-the fiber modem is also receiving an IP address but it take a lot of offer and sometimes a long time before the ack is coming. Like here the dhcp.log

Nov 11 17:26:41 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 via x.x.x.1

Nov 11 17:26:42 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:44 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:44 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:47 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:47 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:50 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:50 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:53 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:53 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:56 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:56 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:59 NcSrvFtth02 dhcpd: DHCPDISCOVER from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:59 NcSrvFtth02 dhcpd: DHCPOFFER on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:59 NcSrvFtth02 dhcpd: DHCPREQUEST for x.x.x.250 (10.126.0.3) from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:26:59 NcSrvFtth02 dhcpd: DHCPACK on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:27:02 NcSrvFtth02 dhcpd: DHCPREQUEST for x.x.x.250 (10.126.0.3) from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:27:02 NcSrvFtth02 dhcpd: DHCPACK on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:27:05 NcSrvFtth02 dhcpd: DHCPREQUEST for x.x.x.250 (10.126.0.3) from 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

Nov 11 17:27:05 NcSrvFtth02 dhcpd: DHCPACK on x.x.x.250 to 00:0f:5d:ad:7a:70 (drgos) via x.x.x.1

I took a tcpdump on the dhcpserver and I have the following error 3 times before the ack is coming:

source x.x.x.1 (interface BNG BE1.1103) destination a.a.a.3 (dhcp server) dhcp discover

source a.a.a.3(dhcp server) destination x.x.x.1 dhcp offer

source a.a.a.1(interface BNG BE1.1099) destination a.a.a.3 icmp destination unreachable (port unreachable)

I really have the feeling that it's a BNG routing problem with the ASR and BNG

Could you help me with this issue?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents