cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2036
Views
0
Helpful
5
Replies

ASR9k PPPoE Session handling: PPP_MA-3-ERR_DUPLICATE_IPV4_ADDRESS on abrupt session reset

Adam Vitkovsky
Level 3
Level 3

Hi folks,

So I’d like to ask with regards to the PPPoE session handling.

So assuming the keepalives exchanged between the client(CPE/PC) and the server(ASR9k) are the only thing that each party can use to tell if the session is operational.

Now let’s assume I break the session abruptly on the client side (say by bouncing the interface between CPE and access switch).

As a result client site has an interface down-up situation resulting in immediate reset of the PPPoE session.       

However the server side has no idea the session is non-functional until the dead timer expires (120s x 5 = 10minutes on ASR9k).

-this is where we see the problem actually,

Since the CPE had a brief interface bounce the original PPPoE was torn down immediately followed by new session setup request issued to ASR9k once the interface is up again.

That’s where ASR9k still holding on to the old session (for 10minutes) receives a new PPPoE session request and submits credentials to RADIUS as usual.

RADIUS responds with session acknowledgement and IP address assignment –that’s when ASR9k starts complaining that it can’t process the new session setup due to a duplicate IP address.

(It seems that RADIUS and provisioning system realizes the obvious, it’s just the ASR9k that’s not playing along)

 

RP/0/RSP0/CPU0:Sep 14 16:19:34.327 : ipv4_rib[1169]: %ROUTING-RIB-3-ECMP_ERR_ADD : Path add exceed max number of paths supported by protocol. Table 0xe0000011, prefix x.x.x.x/32, protocol subscriber, intf 0x2300, tunnelid 0, nexthop_table 0xe0000011, nexthop 0.0.0.0

LC/0/0/CPU0:Sep 14 16:19:34.327 : PPP-MA[304]: %L2-PPP_MA-4-ERR_RIB : Unexpected error encountered whilst Sending RIB batch buffer, error 1

LC/0/0/CPU0:Sep 14 16:19:34.327 : PPP-MA[304]: %L2-PPP_MA-3-ERR_DUPLICATE_IPV4_ADDRESS : TenGigE0/0/0/30.200.pppoe800: Subscriber IPv4 address x.x.x.x matches another route

 

Now I’d see two solutions to this,

1) we can speed up the keepalives and reduce the dead timer –but that will negatively impact the overall scalability of the solution.

2) somehow allow ASR9k to realize the incoming session is the same session it already has (holding onto) -which then should result in immediate reset of the existing session in order to allow the new session to be formed (no need to tweak any timers).

 

Option 2 would be preferred of course,

Can I make the ASR9k to pay attention to the username or some other attribute that uniquely identifies the session and then convince it to do the right thing i.e. reset the existing session in order to make room for the new session?

 

This is on 6.2.3

 

Thank you

 

adam

 

netconsultings.com

::carrier-class solutions for the telecommunications industry::

 

adam
5 Replies 5

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

hi Adam,

 

this scenario can be interpreted both ways: a rogue CPE could disconnect the existing session. That's why at the design time we went for not bringing down the existing session. 

 

Have you tried using an EEM/Tcl script to act on ERR_DUPLICATE_IPV4_ADDRESS syslog message and clear the subscriber? This would be the fastest way to achieve what you need, implementable immediately, as opposed to waiting on a new feature.

 

/Aleksandar

Hi Aleksandar, Douglas,

 

Yes I suppose that having an on device or off device script clearing the session is a third option,

Setting the 10 minute timeout on CPE is not desirable –as we would rather like to reduce the downtime for subscribers (after a power failure at the household or CPE accidentally unplugging from the mains, etc..).  


Though Interestingly enough,

I was talking to one other engineer about this and he is suggesting that, within this 10 minute timeout period, the CPE should be able to reconnect with the original/existing PPPoE session kept by ASR9k.

Don’t ask me how, but he said that what’s needed are the correct settings in the “policy-map type control subscriber <name>’ and on RADIUS, so I was kind of hoping you guys would confirm that :)

-does this ring a bell to you gents?

 

But the funny thing is that when he was going to guide me through the setup we started by defining the new dynamic-template and policy and vrf –so we can play with it (i.e. new vrf, new template everything new –basically exact copy of the original config –just different names) –but for some reason the CPE won’t connect with this new template –ASR9k won’t even make a call to radius,  

So I have an additional question now –is it possible to have two dynamic templates in operation (hosting clients) on ASR9k please?     

Once I run a debug tomorrow I’ll know more I guess.

 

Thank you very much

 

adam

 

netconsultings.com

::carrier-class solutions for the telecommunications industry::

 

adam

Hey, Adam 

 

Sorry I was busy with other issues 

 

Regarding your questions:

 

I was talking to one other engineer about this and he is suggesting that, within this 10 minute timeout period, the CPE should be able to reconnect with the original/existing PPPoE session kept by ASR9k.

Don’t ask me how, but he said that what’s needed are the correct settings in the “policy-map type control subscriber <name>’ and on RADIUS, so I was kind of hoping you guys would confirm that :)

-does this ring a bell to you gents?

 

Not that I am aware of, maybe if you play around with Idle timeout feature, the former session could disconnected and new session started after link flap can remain. 

 

Look 

The Idle Timeout feature for IPoE and PPPoE sessions allows users to configure a maximum period of time that the subscriber sessions may remain idle. The subscriber sessions are terminated when this timeout period expires. The BNG monitors both the ingress and egress traffic for the determination of the idle time for the subscriber sessions. Control packets are not considered while determining session inactivity.

 

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/bng/configuration/guide/b-bng-cg-asr9000-64x/b-bng-cg-asr9000-64x_chapter_0111.html

 

So I have an additional question now –is it possible to have two dynamic templates in operation (hosting clients) on ASR9k please?   

 

Yes that is possible, broadly speaking customers define ppp layear 2 parameters at session-start event using a dynamic template and then at session-activation another template is defined to handle LCP/IPCP parameters, then you can  use a class-map type control to define the conditions that would activate the second template, the criteria to activate the template can be match on domain, source mac, username, etc.

 

Maybe your policy-map type control was not properly defined to activate your second dynamic template. Can you share your configuration?

  

Thx,

Douglas 

Hello

did you solve this problem? i also have same issue

Douglas Ramirez
Cisco Employee
Cisco Employee

Hey, Adam 

 

At CPE side, you can also try to change ppp keepailve timer and make it match asr9k side (120sec), as far as I know CPE will declare interface down only after losing 5 ppp echo-req packets.

 

Thx,

Douglas    

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: