Ich teste vor dem eigentlichen Kauf mehrere Funktionen auf emulierten Cisco 7200-Routern in GNS3.
Eine der Funktionen, die ich getestet habe, ist die LNS-Funktionalität. Ich habe diesen Blog-Beitrag hauptsächlich in Bezug auf meine Topologie und Konfiguration verfolgt, obwohl sich IP-Adressen und Namen geändert haben, als ich meine vorhandene Topologie angepasst habe.
Ich versuche herauszufinden, warum die Aussetzer auftreten oder zumindest was ich mir mehr ansehen könnte, um das Problem zu diagnostizieren. Die Konnektivität zwischen CPE und meinem LNS ist ansonsten in Ordnung, abgesehen von den regulären Verbindungsabbrüchen.
Bevor ich weiter gehe: Ich sollte erwähnen, dass ich mit GNS3 zufällige Ausfälle gesehen habe, wenn die Host-CPU voll ist. In diesem Fall ist die CPU hoch, aber nicht vollständig ausgelastet und scheint in Ordnung zu sein. Ich bin immer noch misstrauisch, dass es sich um ein GNS3-spezifisches Problem handelt, bin mir aber nicht sicher.
In meiner Topologie:
Alle Router (CPE, LAC, LNS) sind:
Cisco IOS-Software, 7200-Software (C7200-ADVIPSERVICESK9-M), Version 15.0 (1) M, RELEASE-SOFTWARE (fc2)
Cisco 7206VXR (NPE400) -Prozessor (Revision A) mit 245760 KB / 16384 KB Speicher.
- EDGE01 ist mein LNS.
- CPE-A ist der Kundenrouter.
- Ich habe zwar den Upstream-Router meines Labors als LAC, aber ich konzentriere mich nicht darauf, da ich die Lösung des Problems simulieren möchte, als ob unser LNS in Produktion wäre - daher wären normalerweise keine LAC-Protokolle verfügbar .
Alles scheint gut zu funktionieren, obwohl ich bemerkt habe, dass das CPE-Gerät alle paar Minuten die Verbindung zu trennen und wieder herzustellen scheint. Obwohl die Zeitüberschreitungen immer ähnlich sind, sind sie nicht genau gleich:
EDGE01#sh logging | inc Foreign Host Close
*Mar 6 13:34:34.000: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 13:36:40.340: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 13:39:38.107: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 13:41:33.003: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
EDGE01#
Hier sind einige Protokollbeispiele, was passiert. Ich lese sie möglicherweise nicht richtig, aber es scheint, als würden sowohl der CPE als auch der LNS sagen: "Der andere Typ hat die Sitzung getrennt, nicht ich."
CPE-Verbindung trennen
*Mar 6 13:30:35.378: Vi1 LCP: I TERMREQ [Open] id 1 len 4
*Mar 6 13:30:35.394: Vi1 IPCP: Event[DOWN] State[Open to Starting]
*Mar 6 13:30:35.394: Vi1 IPCP: Event[CLOSE] State[Starting to Initial]
*Mar 6 13:30:35.398: Vi1 LCP: O TERMACK [Open] id 1 len 4
*Mar 6 13:30:35.398: Vi1 LCP: Event[Receive TermReq] State[Open to
Stopping]
*Mar 6 13:30:35.398: Vi1 PPP DISC: Received LCP TERMREQ from peer
*Mar 6 13:30:35.402: Vi1 PPP: Phase is TERMINATING
*Mar 6 13:30:35.426: Di1 IPCP: Remove route to 172.16.2.1
*Mar 6 13:30:35.650: PPPoE 1544: I PADT R:ca03.0fa0.0008
L:ca0a.13a4.0008 Fa0/0
*Mar 6 13:30:35.650: PPPoE : Shutting down client session
*Mar 6 13:30:35.650: [0]PPPoE 1544: O PADT R:ca03.0fa0.0008
L:ca0a.13a4.0008 Fa0/0
*Mar 6 13:30:35.650: PPPoE: Failed to add PPPoE switching subblock
*Mar 6 13:30:35.650: %DIALER-6-UNBIND: Interface Vi1 unbound from
profile Di1
*Mar 6 13:30:35.650: Vi1 PPP: Block vaccess from being freed [0x10]
*Mar 6 13:30:35.650: Vi1
CPE-A#
LCP: Event[DOWN] State[Stopping to Starting]
*Mar 6 13:30:35.650: Vi1 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Mar 6 13:30:35.650: Vi1 PPP: Free previously blocked vaccess
*Mar 6 13:30:35.650: Vi1 PPP: Phase is DOWN
*Mar 6 13:30:35.654: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
state to down
*Mar 6 13:30:35.658: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to down
*Mar 6 13:30:35.682: PPPoE: Unexpected Event!. PPPoE switching
Subblockdestroy called
LNS wird getrennt
EDGE01#
L2X_ADJ: Vi2.1:adj notify change, event 4
L2X_ADJ: Vi2.1:midchain unstacking IP 0.0.0.0
L2X_ADJ: Vi2.1:adj notify change, event 8
*Mar 6 14:39:33.227: VPDN Vi2.1 disconnect (AAA) IETF: 8/port-error
Ascend: 41/TCP Foreign Host Close
*Mar 6 14:39:33.235: VPDN Vi2.1 vpdn shutdown session, result=2, error=6,
vendor_err=0, syslog_error_code=23, syslog_key_type=1
*Mar 6 14:39:33.243: VPDN Vi2.1 VPDN/AAA: accounting stop sent
*Mar 6 14:39:33.255: VPDN Vi2.1 Unbinding session from idb
*Mar 6 14:39:33.263: Vi2.1 VPDN: Resetting interface
L2X_ADJ: Vi2.1:midchain unstacking IP 0.0.0.0
L2X_ADJ: Vi2.1:removed ctx
LNS erneut verbinden
*Mar 6 13:30:58.604: VPDN Received L2TUN socket message <xCRQ - Session
Incoming>
*Mar 6 13:30:58.608: VPDN Tnl/Sn 41793 56421 L2TUN socket session accept
requested
*Mar 6 13:30:58.612: VPDN Tnl/Sn 41793 56421 Setting up dataplane for
L2-L2, no idb
*Mar 6 13:30:58.880: VPDN Received L2TUN socket message <xCCN - Session
Connected>
*Mar 6 13:30:58.892: VPDN uid:330 VPDN session up
L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0
L2X_ADJ: Vi2.1:midchain adj reqd for ip 0.0.0.0, cid 0
*Mar 6 13:30:59.112: VPDN uid:330 Virtual interface created for
[email protected]
bandwidth 100000 Kbps
CPE erneut verbinden
*Mar 6 13:30:55.674: Sending PADI: Interface = FastEthernet0/0
*Mar 6 13:30:55.686: PPPoE 0: I PADO R:ca03.0fa0.0008 L:ca0a.13a4.0008
Fa0/0
CPE-A#
*Mar 6 13:30:57.722: PPPOE: we've got our pado and the pado timer went off
*Mar 6 13:30:57.722: OUT PADR from PPPoE Session
*Mar 6 13:30:57.822: PPPoE 1545: I PADS R:ca03.0fa0.0008 L:ca0a.13a4.0008
Fa0/0
*Mar 6 13:30:57.822: IN PADS from PPPoE Session
*Mar 6 13:30:57.838: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Mar 6 13:30:57.842: PPPoE: Virtual Access interface obtained.
*Mar 6 13:30:57.842: PPPoE : encap string prepared
*Mar 6 13:30:57.842: [0]PPPoE 1545: data path set to PPPoE Client
*Mar 6 13:30:57.854: %LINK-3-UPDOWN: Interface Virtual-Access1, changed
state to up
*Mar 6 13:30:57.854: Vi1 PPP: Sending cstate UP notification
*Mar 6 13:30:57.858: Vi1 PPP: Processing CstateUp message
*Mar 6 13:30:57.906: PPP: Alloc Context [66CDB580]
*Mar 6 13:30:57.906: ppp622 PPP: Phase is ESTABLISHING
*Mar 6 13:30:57.910: Vi1 PPP: Using dialer call direction
*Mar 6 13:30:57.910: Vi1 PPP: Treating connection as a callout
*Mar 6 13:30:57.910: Vi1 PPP:
CPE-A#
Session handle[F400069A] Session id[622]
*Mar 6 13:30:57.914: Vi1 LCP: Event[OPEN] State[Initial to Starting]
*Mar 6 13:30:57.914: Vi1 PPP: No remote authentication for call-out
*Mar 6 13:30:57.918: Vi1 LCP: O CONFREQ [Starting] id 1 len 10
*Mar 6 13:30:57.918: Vi1 LCP: MagicNumber 0x191D3E68 (0x0506191D3E68)
*Mar 6 13:30:57.922: Vi1 LCP: Event[UP] State[Starting to REQsent]
*Mar 6 13:30:58.042: Vi1 LCP: I CONFREQ [REQsent] id 1 len 18
*Mar 6 13:30:58.046: Vi1 LCP: MRU 1492 (0x010405D4)
*Mar 6 13:30:58.046: Vi1 LCP: AuthProto PAP (0x0304C023)
*Mar 6 13:30:58.046: Vi1 LCP: MagicNumber 0x2686484A (0x05062686484A)
*Mar 6 13:30:58.050: Vi1 LCP: O CONFNAK [REQsent] id 1 len 8
*Mar 6 13:30:58.050: Vi1 LCP: MRU 1500 (0x010405DC)
*Mar 6 13:30:58.050: Vi1 LCP: Event[Receive ConfReq-] State[REQsent to
REQsent]
*Mar 6 13:30:58.106: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
*Mar 6 13:30:58.106: Vi1 LCP: MagicNumber 0x191D3E68 (0x0506191D3E68)
*Mar 6
CPE-A#13:30:58.106: Vi1 LCP: Event[Receive ConfAck] State[REQsent to
ACKrcvd]
*Mar 6 13:30:58.110: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18
*Mar 6 13:30:58.110: Vi1 LCP: MRU 1500 (0x010405DC)
*Mar 6 13:30:58.110: Vi1 LCP: AuthProto PAP (0x0304C023)
*Mar 6 13:30:58.110: Vi1 LCP: MagicNumber 0x2686484A (0x05062686484A)
*Mar 6 13:30:58.114: Vi1 LCP: O CONFACK [ACKrcvd] id 2 len 18
*Mar 6 13:30:58.114: Vi1 LCP: MRU 1500 (0x010405DC)
*Mar 6 13:30:58.114: Vi1 LCP: AuthProto PAP (0x0304C023)
*Mar 6 13:30:58.114: Vi1 LCP: MagicNumber 0x2686484A (0x05062686484A)
*Mar 6 13:30:58.118: Vi1 LCP: Event[Receive ConfReq+] State[ACKrcvd to
Open]
*Mar 6 13:30:58.122: Vi1 PPP: No authorization without authentication
*Mar 6 13:30:58.126: Vi1 PPP: Phase is AUTHENTICATING, by the peer
*Mar 6 13:30:58.126: Vi1 PAP: Using hostname from interface PAP
*Mar 6 13:30:58.126: Vi1 PAP: Using password from interface PAP
*Mar 6 13:30:58.126: Vi1 PAP: O AUTH-REQ id 1 len 26 from
CPE-A# "[email protected]"
*Mar 6 13:30:58.130: Vi1 LCP: State is Open
*Mar 6 13:30:59.390: Vi1 PAP: I AUTH-ACK id 1 len 5
*Mar 6 13:30:59.394: Vi1 PPP: Phase is FORWARDING, Attempting Forward
*Mar 6 13:30:59.394: Vi1 PPP: Queue IPCP code[1] id[1]
*Mar 6 13:30:59.422: Vi1 PPP: Phase is ESTABLISHING, Finish LCP
*Mar 6 13:30:59.426: Vi1 PPP: Phase is UP
*Mar 6 13:30:59.426: Vi1 IPCP: Protocol configured, start CP.
state[Initial]
*Mar 6 13:30:59.426: Vi1 IPCP: Event[OPEN] State[Initial to Starting]
*Mar 6 13:30:59.430: Vi1 IPCP: O CONFREQ [Starting] id 1 len 10
*Mar 6 13:30:59.430: Vi1 IPCP: Address 0.0.0.0 (0x030600000000)
*Mar 6 13:30:59.434: Vi1 IPCP: Event[UP] State[Starting to REQsent]
*Mar 6 13:30:59.434: Vi1 PPP: Process pending ncp packets
*Mar 6 13:30:59.434: Vi1 IPCP: Redirect packet to Vi1
*Mar 6 13:30:59.434: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar 6 13:30:59.438: Vi1 IPCP: Address 172.16.2.1 (0x0306AC100201)
*Mar 6 13:30:59.442: Vi1 IPCP:
CPE-A# O CONFACK [REQsent] id 1 len 10
*Mar 6 13:30:59.442: Vi1 IPCP: Address 172.16.2.1 (0x0306AC100201)
*Mar 6 13:30:59.442: Vi1 IPCP: Event[Receive ConfReq+] State[REQsent to
ACKsent]
*Mar 6 13:30:59.446: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access1, changed state to up
*Mar 6 13:30:59.602: Vi1 IPCP: I CONFNAK [ACKsent] id 1 len 10
*Mar 6 13:30:59.602: Vi1 IPCP: Address 172.16.2.19 (0x0306AC100213)
*Mar 6 13:30:59.606: Vi1 IPCP: O CONFREQ [ACKsent] id 2 len 10
*Mar 6 13:30:59.606: Vi1 IPCP: Address 172.16.2.19 (0x0306AC100213)
*Mar 6 13:30:59.606: Vi1 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to
ACKsent]
*Mar 6 13:30:59.826: Vi1 IPCP: I CONFACK [ACKsent] id 2 len 10
*Mar 6 13:30:59.826: Vi1 IPCP: Address 172.16.2.19 (0x0306AC100213)
*Mar 6 13:30:59.826: Vi1 IPCP: Event[Receive ConfAck] State[ACKsent to
Open]
*Mar 6 13:30:59.842: Vi1 IPCP: State is Open
*Mar 6 13:30:59.846: Di1 IPCP: Install negotiated IP interface address
172.16.2.19
*Mar 6 13:30:59.854: Di1 IPCP: Install route to 172.16.2.1
CPE-A#
Relevante Konfigurationen ...
Das LAC:
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
vpdn search-order domain
!
vpdn-group PPP-Customers
request-dialin
protocol l2tp
domain isp.com
initiate-to ip 10.27.200.2
local name LAC
l2tp tunnel password 0 tunnel123
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
bba-group pppoe isp
virtual-template 1
!
!
interface Loopback0
description Management Loopback
ip address 10.27.100.1 255.255.255.255
!
!
interface FastEthernet0/0
description PtP to CPE
no ip address
duplex auto
speed auto
pppoe enable group isp
!
!
!
interface FastEthernet1/0
description PtP LAC-EDGE01
ip address 10.27.200.1 255.255.255.252
duplex full
speed 100
!
!
interface Virtual-Template1
ip unnumbered Loopback0
ppp authentication pap chap
!
!
router bgp 100
no synchronization
bgp router-id 10.27.100.1
bgp log-neighbor-changes
neighbor 10.27.200.2 remote-as 165535
neighbor 10.27.200.2 password BGP123
no auto-summary
!
Das LNS:
EDGE01 # sh debuggen
VPN:
Das Debuggen von VPDN-Ereignissen ist aktiviert
aaa new-model
!
!
aaa authentication ppp default local
aaa authentication ppp PPPNetBlock local
!
!
!
!
!
aaa session-id common
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group PPP-Customers
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS
no l2tp tunnel authentication
l2tp tunnel password 0 tunnel123
l2tp tunnel timeout no-session 15
!
!
!
!
!
username [email protected] password 0 cpe123
!
redundancy
!
!
ip tcp synwait-time 5
!
!
interface Loopback0
description Management Loopback
ip address 172.16.3.1 255.255.255.255
!
!
interface Loopback1
description PPP Customers GW Loopback
ip address 172.16.2.1 255.255.255.255
!
!
interface FastEthernet0/0
description PtP EDGE01-LAC
ip address 10.27.200.2 255.255.255.252
duplex full
speed 100
!
!
interface Virtual-Template1
description PPP Customers Template
ip unnumbered Loopback1
peer default ip address pool PPPNetBlock
ppp authentication pap chap
!
!
! For this lab, I am redistributing CPE IPs into OSPF instead of BGP.
router ospf 1
router-id 172.16.3.1
log-adjacency-changes
auto-cost reference-bandwidth 512000
redistribute connected subnets
network 172.16.3.0 0.0.0.255 area 0
default-information originate
!
! BGP with upstream router, which is also the LAC.
! BGP session is kind of irrelevant, though.
router bgp 165535
no synchronization
bgp router-id 10.27.200.2
bgp log-neighbor-changes
neighbor 10.27.200.1 remote-as 100
neighbor 10.27.200.1 password BGP123
no auto-summary
!
ip local pool PPPNetBlock 172.16.2.2 172.16.2.254
ip forward-protocol nd
Das CPE:
CPE-A # sh-Debug
PPP:
Das Debuggen der PPP-Authentifizierung ist aktiviert
Das Debuggen von PPP-Protokollfehlern ist aktiviert
Das Debuggen der PPP-Protokollaushandlung ist aktiviert
PPPoE:
Das Debuggen von PPPoE-Protokollereignissen ist aktiviert
Das Debuggen von PPPoE-Protokollfehlern ist aktiviert
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
description DSL
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
!
interface Dialer1
description DSL Dialer
ip address negotiated
ip mtu 1492
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 0 cpe123
ppp pap sent-username [email protected] password 0 cpe123
no cdp enable
!
!
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
quelle
Antworten:
Das Testen dieser Art von Funktionen mit GNS3 ist einfach Zeitverschwendung. Sie emulieren zur Laufzeit komplexe Software und fügen darüber hinaus komplexe Funktionen hinzu.
Es macht keinen Sinn, 7200 zu versuchen, da 7200 lange EoS sind: http://www.cisco.com/c/en/us/products/collateral/routers/7200-series-routers/end_of_life_c51-681414.html
Laden Sie CSR 1000v herunter und testen Sie es auf einem anständigen Hypervisor. Sie haben vielleicht mehr Glück, aber unter IOS-XE haben Sie verschiedene Konfigurationsvorlagen.
quelle