Cisco 7200 LNS实验室中的异常辍学

9

在实际购买之前,我正在GNS3中测试仿真的Cisco 7200路由器上的几种功能。

我一直在测试的功能之一是LNS功能。我主要关注此博客文章的拓扑和配置,尽管IP地址和名称已因适应现有拓扑而发生了变化。

我试图弄清楚为什么会出现辍学现象,或者至少是我可以用来诊断问题的东西。除了定期断开连接外,CPE和我的LNS之间的连接也很好。

在继续之前:我应该提到,当主机CPU达到极限时,我已经看到GNS3的随机退出。在这种情况下,CPU较高,但未完全用尽,似乎运行正常。我仍然怀疑这是GNS3的特定问题,但我不确定。

在我的拓扑中:

所有路由器(CPE,LAC,LNS)为:

Cisco IOS软件,7200软件(C7200-ADVIPSERVICESK9-M),版本15.0(1)M,发行软件(fc2)

具有245760K / 16384K字节内存的Cisco 7206VXR(NPE400)处理器(修订版A)。

  • EDGE01是我的LNS。
  • CPE-A是客户路由器。
  • 我确实将实验室的上游路由器用作LAC,但我并没有专注于此,因为我想像解决LNS那样在生产中模拟解决问题-因此,通常我不会轻易获得LAC日志。

尽管我注意到CPE设备似乎每隔几分钟就会断开连接并重新连接,但一切似乎都工作正常。尽管超时总是相似的,但是它们并不完全相同:

EDGE01#sh logging | inc Foreign Host Close
*Mar  6 13:34:34.000: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error 
 Ascend: 41/TCP Foreign Host Close
*Mar  6 13:36:40.340: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error 
 Ascend: 41/TCP Foreign Host Close
*Mar  6 13:39:38.107: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error 
 Ascend: 41/TCP Foreign Host Close
*Mar  6 13:41:33.003: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error 
 Ascend: 41/TCP Foreign Host Close
EDGE01#

这是发生情况的一些日志示例。我可能没有正确阅读它们,但是CPE和LNS似乎都在说:“另一个人断开了会话,而不是我。”

CPE断开连接

*Mar  6 13:30:35.378: Vi1 LCP: I TERMREQ [Open] id 1 len 4
*Mar  6 13:30:35.394: Vi1 IPCP: Event[DOWN] State[Open to Starting]
*Mar  6 13:30:35.394: Vi1 IPCP: Event[CLOSE] State[Starting to Initial]
*Mar  6 13:30:35.398: Vi1 LCP: O TERMACK [Open] id 1 len 4
*Mar  6 13:30:35.398: Vi1 LCP: Event[Receive TermReq] State[Open to 
 Stopping]
*Mar  6 13:30:35.398: Vi1 PPP DISC: Received LCP TERMREQ from peer
*Mar  6 13:30:35.402: Vi1 PPP: Phase is TERMINATING
*Mar  6 13:30:35.426: Di1 IPCP: Remove route to 172.16.2.1
*Mar  6 13:30:35.650: PPPoE 1544: I PADT  R:ca03.0fa0.0008 
 L:ca0a.13a4.0008 Fa0/0
*Mar  6 13:30:35.650:  PPPoE : Shutting down client session
*Mar  6 13:30:35.650: [0]PPPoE 1544: O PADT  R:ca03.0fa0.0008 
 L:ca0a.13a4.0008 Fa0/0
*Mar  6 13:30:35.650: PPPoE: Failed to add PPPoE switching subblock
*Mar  6 13:30:35.650: %DIALER-6-UNBIND: Interface Vi1 unbound from 
 profile Di1
*Mar  6 13:30:35.650: Vi1 PPP: Block vaccess from being freed [0x10]
*Mar  6 13:30:35.650: Vi1
CPE-A#
LCP: Event[DOWN] State[Stopping to Starting]
*Mar  6 13:30:35.650: Vi1 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Mar  6 13:30:35.650: Vi1 PPP: Free previously blocked vaccess
*Mar  6 13:30:35.650: Vi1 PPP: Phase is DOWN
*Mar  6 13:30:35.654: %LINK-3-UPDOWN: Interface Virtual-Access1, changed 
 state to down
*Mar  6 13:30:35.658: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
 Virtual-Access1, changed state to down
*Mar  6 13:30:35.682: PPPoE: Unexpected Event!. PPPoE switching 
 Subblockdestroy called

LNS断开连接

EDGE01#
L2X_ADJ: Vi2.1:adj notify change, event 4
L2X_ADJ: Vi2.1:midchain unstacking IP 0.0.0.0
L2X_ADJ: Vi2.1:adj notify change, event 8
*Mar  6 14:39:33.227: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error 
 Ascend: 41/TCP Foreign Host Close
*Mar  6 14:39:33.235: VPDN Vi2.1 vpdn shutdown session, result=2, error=6, 
 vendor_err=0, syslog_error_code=23, syslog_key_type=1
*Mar  6 14:39:33.243: VPDN Vi2.1 VPDN/AAA: accounting stop sent
*Mar  6 14:39:33.255: VPDN Vi2.1 Unbinding session from idb
*Mar  6 14:39:33.263: Vi2.1 VPDN: Resetting interface
L2X_ADJ: Vi2.1:midchain unstacking IP 0.0.0.0
L2X_ADJ: Vi2.1:removed ctx

LNS重新连接

*Mar  6 13:30:58.604: VPDN Received L2TUN socket message <xCRQ - Session 
 Incoming>
*Mar  6 13:30:58.608: VPDN Tnl/Sn 41793 56421 L2TUN socket session accept 
 requested
*Mar  6 13:30:58.612: VPDN Tnl/Sn 41793 56421 Setting up dataplane for 
 L2-L2, no idb
*Mar  6 13:30:58.880: VPDN Received L2TUN socket message <xCCN - Session 
 Connected>
*Mar  6 13:30:58.892: VPDN uid:330 VPDN session up
L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0
L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0
*Mar  6 13:30:59.112: VPDN uid:330 Virtual interface created for 
 cpe-a@isp.com
bandwidth 100000 Kbps

CPE重新连接

*Mar  6 13:30:55.674:  Sending PADI: Interface = FastEthernet0/0
*Mar  6 13:30:55.686: PPPoE 0: I PADO  R:ca03.0fa0.0008 L:ca0a.13a4.0008 
 Fa0/0
CPE-A#
*Mar  6 13:30:57.722:  PPPOE: we've got our pado and the pado timer went off
*Mar  6 13:30:57.722: OUT PADR from PPPoE Session
*Mar  6 13:30:57.822: PPPoE 1545: I PADS  R:ca03.0fa0.0008 L:ca0a.13a4.0008
 Fa0/0
*Mar  6 13:30:57.822: IN PADS from PPPoE Session
*Mar  6 13:30:57.838: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar  6 13:30:57.842: PPPoE: Virtual Access interface obtained.
*Mar  6 13:30:57.842: PPPoE : encap string prepared
*Mar  6 13:30:57.842: [0]PPPoE 1545: data path set to PPPoE Client
*Mar  6 13:30:57.854: %LINK-3-UPDOWN: Interface Virtual-Access1, changed 
 state to up
*Mar  6 13:30:57.854: Vi1 PPP: Sending cstate UP notification
*Mar  6 13:30:57.858: Vi1 PPP: Processing CstateUp message
*Mar  6 13:30:57.906: PPP: Alloc Context [66CDB580]
*Mar  6 13:30:57.906: ppp622 PPP: Phase is ESTABLISHING
*Mar  6 13:30:57.910: Vi1 PPP: Using dialer call direction
*Mar  6 13:30:57.910: Vi1 PPP: Treating connection as a callout
*Mar  6 13:30:57.910: Vi1 PPP:
CPE-A#
Session handle[F400069A] Session id[622]
*Mar  6 13:30:57.914: Vi1 LCP: Event[OPEN] State[Initial to Starting]
*Mar  6 13:30:57.914: Vi1 PPP: No remote authentication for call-out
*Mar  6 13:30:57.918: Vi1 LCP: O CONFREQ [Starting] id 1 len 10
*Mar  6 13:30:57.918: Vi1 LCP:    MagicNumber 0x191D3E68 (0x0506191D3E68)
*Mar  6 13:30:57.922: Vi1 LCP: Event[UP] State[Starting to REQsent]
*Mar  6 13:30:58.042: Vi1 LCP: I CONFREQ [REQsent] id 1 len 18
*Mar  6 13:30:58.046: Vi1 LCP:    MRU 1492 (0x010405D4)
*Mar  6 13:30:58.046: Vi1 LCP:    AuthProto PAP (0x0304C023)
*Mar  6 13:30:58.046: Vi1 LCP:    MagicNumber 0x2686484A (0x05062686484A)
*Mar  6 13:30:58.050: Vi1 LCP: O CONFNAK [REQsent] id 1 len 8
*Mar  6 13:30:58.050: Vi1 LCP:    MRU 1500 (0x010405DC)
*Mar  6 13:30:58.050: Vi1 LCP: Event[Receive ConfReq-] State[REQsent to 
 REQsent]
*Mar  6 13:30:58.106: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
*Mar  6 13:30:58.106: Vi1 LCP:    MagicNumber 0x191D3E68 (0x0506191D3E68)
*Mar  6
CPE-A#13:30:58.106: Vi1 LCP: Event[Receive ConfAck] State[REQsent to 
 ACKrcvd]
*Mar  6 13:30:58.110: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
*Mar  6 13:30:58.110: Vi1 LCP:    MRU 1500 (0x010405DC)
*Mar  6 13:30:58.110: Vi1 LCP:    AuthProto PAP (0x0304C023)
*Mar  6 13:30:58.110: Vi1 LCP:    MagicNumber 0x2686484A (0x05062686484A)
*Mar  6 13:30:58.114: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 18
*Mar  6 13:30:58.114: Vi1 LCP:    MRU 1500 (0x010405DC)
*Mar  6 13:30:58.114: Vi1 LCP:    AuthProto PAP (0x0304C023)
*Mar  6 13:30:58.114: Vi1 LCP:    MagicNumber 0x2686484A (0x05062686484A)
*Mar  6 13:30:58.118: Vi1 LCP: Event[Receive ConfReq+] State[ACKrcvd to 
 Open]
*Mar  6 13:30:58.122: Vi1 PPP: No authorization without authentication
*Mar  6 13:30:58.126: Vi1 PPP: Phase is AUTHENTICATING, by the peer
*Mar  6 13:30:58.126: Vi1 PAP: Using hostname from interface PAP
*Mar  6 13:30:58.126: Vi1 PAP: Using password from interface PAP
*Mar  6 13:30:58.126: Vi1 PAP: O AUTH-REQ id 1 len 26 from
CPE-A# "cpe-a@isp.com"
*Mar  6 13:30:58.130: Vi1 LCP: State is Open
*Mar  6 13:30:59.390: Vi1 PAP: I AUTH-ACK id 1 len 5
*Mar  6 13:30:59.394: Vi1 PPP: Phase is FORWARDING, Attempting Forward
*Mar  6 13:30:59.394: Vi1 PPP: Queue IPCP code[1] id[1]
*Mar  6 13:30:59.422: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
*Mar  6 13:30:59.426: Vi1 PPP: Phase is UP
*Mar  6 13:30:59.426: Vi1 IPCP: Protocol configured, start CP. 
 state[Initial]
*Mar  6 13:30:59.426: Vi1 IPCP: Event[OPEN] State[Initial to Starting]
*Mar  6 13:30:59.430: Vi1 IPCP: O CONFREQ [Starting] id 1 len 10
*Mar  6 13:30:59.430: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Mar  6 13:30:59.434: Vi1 IPCP: Event[UP] State[Starting to REQsent]
*Mar  6 13:30:59.434: Vi1 PPP: Process pending ncp packets
*Mar  6 13:30:59.434: Vi1 IPCP: Redirect packet to Vi1
*Mar  6 13:30:59.434: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar  6 13:30:59.438: Vi1 IPCP:    Address 172.16.2.1 (0x0306AC100201)
*Mar  6 13:30:59.442: Vi1 IPCP:
CPE-A# O CONFACK [REQsent] id 1 len 10
*Mar  6 13:30:59.442: Vi1 IPCP:    Address 172.16.2.1 (0x0306AC100201)
*Mar  6 13:30:59.442: Vi1 IPCP: Event[Receive ConfReq+] State[REQsent to 
 ACKsent]
*Mar  6 13:30:59.446: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
 Virtual-Access1, changed state to up
*Mar  6 13:30:59.602: Vi1 IPCP: I CONFNAK [ACKsent] id 1 len 10
*Mar  6 13:30:59.602: Vi1 IPCP:    Address 172.16.2.19 (0x0306AC100213)
*Mar  6 13:30:59.606: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
*Mar  6 13:30:59.606: Vi1 IPCP:    Address 172.16.2.19 (0x0306AC100213)
*Mar  6 13:30:59.606: Vi1 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to
 ACKsent]
*Mar  6 13:30:59.826: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
*Mar  6 13:30:59.826: Vi1 IPCP:    Address 172.16.2.19 (0x0306AC100213)
*Mar  6 13:30:59.826: Vi1 IPCP: Event[Receive ConfAck] State[ACKsent to 
 Open]
*Mar  6 13:30:59.842: Vi1 IPCP: State is Open
*Mar  6 13:30:59.846: Di1 IPCP: Install negotiated IP interface address 
 172.16.2.19
*Mar  6 13:30:59.854: Di1 IPCP: Install route to 172.16.2.1
CPE-A#

相关配置...

LAC:

no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
vpdn search-order domain
!
vpdn-group PPP-Customers
 request-dialin
  protocol l2tp
  domain isp.com
 initiate-to ip 10.27.200.2
 local name LAC
 l2tp tunnel password 0 tunnel123
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
bba-group pppoe isp
 virtual-template 1
!
!
interface Loopback0
 description Management Loopback
 ip address 10.27.100.1 255.255.255.255
 !
!
interface FastEthernet0/0
 description PtP to CPE
 no ip address
 duplex auto
 speed auto
 pppoe enable group isp
 !
!
!
interface FastEthernet1/0
 description PtP LAC-EDGE01
 ip address 10.27.200.1 255.255.255.252
 duplex full
 speed 100
 !
!
interface Virtual-Template1
 ip unnumbered Loopback0
 ppp authentication pap chap
 !
!
router bgp 100
 no synchronization
 bgp router-id 10.27.100.1
 bgp log-neighbor-changes
 neighbor 10.27.200.2 remote-as 165535
 neighbor 10.27.200.2 password BGP123
 no auto-summary
!

LNS:

EDGE01#sh调试

VPN:

VPDN事件调试已打开

aaa new-model
!
!
aaa authentication ppp default local
aaa authentication ppp PPPNetBlock local
!
!
!
!
!
aaa session-id common
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group PPP-Customers
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC
 local name LNS
 no l2tp tunnel authentication
 l2tp tunnel password 0 tunnel123
 l2tp tunnel timeout no-session 15
!
!
!
!
!
username cpe-a@isp.com password 0 cpe123
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
 description Management Loopback
 ip address 172.16.3.1 255.255.255.255
 !
 !
interface Loopback1
 description PPP Customers GW Loopback
 ip address 172.16.2.1 255.255.255.255
 !
!
interface FastEthernet0/0
 description PtP EDGE01-LAC
 ip address 10.27.200.2 255.255.255.252
 duplex full
 speed 100
 !
!
interface Virtual-Template1
 description PPP Customers Template
 ip unnumbered Loopback1
 peer default ip address pool PPPNetBlock
 ppp authentication pap chap
 !
!
! For this lab, I am redistributing CPE IPs into OSPF instead of BGP.
router ospf 1
 router-id 172.16.3.1
 log-adjacency-changes
 auto-cost reference-bandwidth 512000
 redistribute connected subnets
 network 172.16.3.0 0.0.0.255 area 0
 default-information originate
!
! BGP with upstream router, which is also the LAC.
! BGP session is kind of irrelevant, though.
router bgp 165535
 no synchronization
 bgp router-id 10.27.200.2
 bgp log-neighbor-changes
 neighbor 10.27.200.1 remote-as 100
 neighbor 10.27.200.1 password BGP123
 no auto-summary
!
ip local pool PPPNetBlock 172.16.2.2 172.16.2.254
ip forward-protocol nd

CPE:

CPE-A#sh调试

PPP:

PPP身份验证调试已打开

PPP协议错误调试已打开

PPP协议协商调试已打开

PPPoE:

PPPoE协议事件调试已打开

PPPoE协议错误调试已打开

no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
 description DSL
 no ip address
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
 !
!
interface Dialer1
 description DSL Dialer
 ip address negotiated
 ip mtu 1492
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname cpe-a@isp.com
 ppp chap password 0 cpe123
 ppp pap sent-username cpe-a@isp.com password 0 cpe123
 no cdp enable
!
!
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
cisco  troubleshooting  cisco-ios-15  pppoe  l2tp 
极客
source
尝试将拨号程序持久性和拨号程序空闲超时0放在CPE的拨号程序接口上。

Answers:

4

使用GNS3测试这种功能只是浪费时间。您正在模拟运行时复杂的软件,最重要的是,您添加了复杂的功能。

“尝试” 7200是没有道理的,因为7200是长时间的EoS:http : //www.cisco.com/c/en/us/products/collat​​eral/routers/7200-series-routers/end_of_life_c51-681414.html

下载CSR 1000v并在一些不错的虚拟机管理程序中进行测试,可能会比较幸运,但是在IOS-XE上,您将拥有不同的配置模板。

ŁukaszBromirski
source
是的我明白。作为一种概念证明,更多的情况是希望确保7200系列能够用作LNS。而且我以前从未配置过LNS或使用过7200。我基本上已经实现了,但是我不确定退出是否是我的配置,或者仅仅是GNS3。但我倾向于同意它是GNS3。
Geekman
是的,我知道7200系列是停产产品。不幸的是,目前我们还远远没有达到ASR1K或瞻博网络MX系列所需的预算,因此必须做出折衷。
Geekman
ASR1001的价格与7200 / NPE-G2完全相同,并且具有硬件转发路径,因此您可以以相同的价格获得更多的花销。对于7200-是的,正如Internet上显示的数千种此类安装所示,7200可以充当LNS。
卢卡斯Bromirski
您开始觉得自己居高临下,但我不确定我为保证这一点所做的事情。是的,我知道互联网上有很多指南,但是我想自己提供概念证明,以确保我理解这些示例并可以自己使用。叫我学究。
Geekman'3
我同意ASR1001物有所值,但我也知道现在这对于满足我们的需求而言是过高的,就像您只需要一个机架时就购买整个机架一样。从技术上讲,您可能会获得更好的$ / RU,但如果笼子超出您的预算,那么它实际上是无关紧要的。也许7200曾经是同一价位,但现在已经不一样了,所以这就是为什么我们可以买到7200(甚至是新的)而不是ASR1K的原因。我同意您的建议,但是我花了几个月的时间在研究各种硬件上,因此知道我们可以负担得起和不能承受的东西。
Geekman'3
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.