Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. BBA
LNS with 7200 with NPE-G1
cschmit at vo
Oct 18, 2005, 11:20 AM
Post #1 of 20 (13973 views)
Permalink
We are currently running a test setup using a 7200/G1
device as LNS. The telco operates as LAC Juniper ERX
devices.

Everything is working as expected but the CPU load
on the G1 is quite high. Having around 200 PPP sessions
on the LNS the CPU load is already at 11%. In other
words this would mean that around 2000 users would put
the box to 100% CPU usage which is very far away from
the advertised 16 000 broadband sessions for the G1.

Running IP-Plus 12.3(16).

Do I have a CPU killer in my config?

Christian


My config:
-----------
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
no service dhcp
!
hostname LNS
!
boot-start-marker
boot-end-marker
!
enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone GMT 1
clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
aaa new-model
!
!
aaa authentication login default enable
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting delay-start
aaa accounting update periodic 240
aaa accounting network default start-stop group radius
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip cef
no ip domain lookup
ip name-server xxxxxxxxxxxx
ip name-server xxxxxxxxxxxx
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
lcp renegotiation on-mismatch
l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
interface Loopback0
ip address xxxxxxxxxxxxxxxxxxxxx
!
interface Loopback1
ip address xxxxxxxxxxxxxxxxxxxxx
!
interface GigabitEthernet0/1
description Connection to Vlan 13
ip address xxxxxxxxxxxxxxxxxxxx
ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
duplex full
speed 1000
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback1
ip tcp adjust-mss 1420
ip mroute-cache
peer default ip address pool VODSL
ppp mtu adaptive
ppp authentication pap chap
!
router ospf 101
log-adjacency-changes
area 0 authentication message-digest
summary-address xxxxxxxxxxxxxxxxxxxx
summary-address xxxxxxxxxxxxxxxxxxxxx
redistribute connected subnets
redistribute static subnets
passive-interface Virtual-Template1
network xxxxxxxxxxxxxxxxxxx area 0
network xxxxxxxxxxxxxxxxxxx area 0
!
ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
no ip http server
!
!
access-list 1 permit xxxxxxxxxxxxxxxxx
access-list 1 deny any
access-list 50 permit xxxxxxxxxxxxxxxx
access-list 50 deny any
no cdp run
!
snmp-server community xxxxxxxxxxxxxxxxx RW 1
!
radius-server attribute nas-port format d
radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx

radius-server domain-stripping
radius-server unique-ident 3
radius-server vsa send accounting
!
!
gatekeeper
shutdown
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 50 in
!
ntp clock-period 17180061
ntp server xxxxxxxxxxxx
ntp server xxxxxxxxxxxx
!
end
Re: LNS with 7200 with NPE-G1 [ In reply to ]
dpeng at cisco
Oct 18, 2005, 11:34 AM
Post #2 of 20 (13745 views)
Permalink
Your config is very basic, I don't see anything that would cause
process switching or something detrimental to the CPU. How much
traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
sessions is a control-plane limitation, but if you have broadband
traffic, you'll hit the data-plane limit much faster (16k is really
for narrowband). MPF can greatly help improve data-plane performance.

Dennis

Christian Schmit [cschmit@vo.lu] wrote:
>
> We are currently running a test setup using a 7200/G1
> device as LNS. The telco operates as LAC Juniper ERX
> devices.
>
> Everything is working as expected but the CPU load
> on the G1 is quite high. Having around 200 PPP sessions
> on the LNS the CPU load is already at 11%. In other
> words this would mean that around 2000 users would put
> the box to 100% CPU usage which is very far away from
> the advertised 16 000 broadband sessions for the G1.
>
> Running IP-Plus 12.3(16).
>
> Do I have a CPU killer in my config?
>
> Christian
>
>
> My config:
> -----------
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> service password-encryption
> no service dhcp
> !
> hostname LNS
> !
> boot-start-marker
> boot-end-marker
> !
> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> clock timezone GMT 1
> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> aaa new-model
> !
> !
> aaa authentication login default enable
> aaa authentication ppp default group radius
> aaa authorization network default group radius
> aaa accounting delay-start
> aaa accounting update periodic 240
> aaa accounting network default start-stop group radius
> aaa session-id common
> ip subnet-zero
> no ip source-route
> !
> !
> ip cef
> no ip domain lookup
> ip name-server xxxxxxxxxxxx
> ip name-server xxxxxxxxxxxx
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname LAC
> lcp renegotiation on-mismatch
> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback0
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback1
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface GigabitEthernet0/1
> description Connection to Vlan 13
> ip address xxxxxxxxxxxxxxxxxxxx
> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> duplex full
> speed 1000
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/2
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface GigabitEthernet0/3
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface Virtual-Template1
> ip unnumbered Loopback1
> ip tcp adjust-mss 1420
> ip mroute-cache
> peer default ip address pool VODSL
> ppp mtu adaptive
> ppp authentication pap chap
> !
> router ospf 101
> log-adjacency-changes
> area 0 authentication message-digest
> summary-address xxxxxxxxxxxxxxxxxxxx
> summary-address xxxxxxxxxxxxxxxxxxxxx
> redistribute connected subnets
> redistribute static subnets
> passive-interface Virtual-Template1
> network xxxxxxxxxxxxxxxxxxx area 0
> network xxxxxxxxxxxxxxxxxxx area 0
> !
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> ip classless
> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> no ip http server
> !
> !
> access-list 1 permit xxxxxxxxxxxxxxxxx
> access-list 1 deny any
> access-list 50 permit xxxxxxxxxxxxxxxx
> access-list 50 deny any
> no cdp run
> !
> snmp-server community xxxxxxxxxxxxxxxxx RW 1
> !
> radius-server attribute nas-port format d
> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>
> radius-server domain-stripping
> radius-server unique-ident 3
> radius-server vsa send accounting
> !
> !
> gatekeeper
> shutdown
> !
> line con 0
> stopbits 1
> line aux 0
> stopbits 1
> line vty 0 4
> access-class 50 in
> !
> ntp clock-period 17180061
> ntp server xxxxxxxxxxxx
> ntp server xxxxxxxxxxxx
> !
> end
>
>
>
>
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
Re[2]: LNS with 7200 with NPE-G1 [ In reply to ]
cschmit at vo
Oct 18, 2005, 12:12 PM
Post #3 of 20 (13787 views)
Permalink
Current IP traffic is as follows:

5 minute input rate 29094000 bits/sec, 6718 packets/sec
5 minute output rate 29254000 bits/sec, 6702 packets/sec

I noticed that in and out traffic are nearly the same
which is not what I expected for ADSL connections where
the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.

Regarding the CPU the "L2X Data Daemon" uses most. No other
process shown any significant CPU usage.

sh proc cpu:
------------
CPU utilization for five seconds: 13%/9%; one minute: 12%; five minutes: 12%
.
.
14 4.55% 3.93% 3.96% 0 L2X Data Daemon


Regarding the L2TP setup I terminated the 4 LAC devices
from the telco in "vpdn-group 1". Would creating a
separate vpdn-group for each LAC be of any benefit?

Currently I have:

7206VXR#sh vpdn tunnel

L2TP Tunnel Information Total tunnels 4 sessions 207
LocID RemID Remote Name State Remote Address Port Sessions VPDN Group
2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
%No active L2F tunnels
%No active PPTP tunnels


Is there an IOS image supporting MPF that can be recommended in
a production environment for an LNS?

Christian


DP> Your config is very basic, I don't see anything that would cause
DP> process switching or something detrimental to the CPU. How much
DP> traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
DP> sessions is a control-plane limitation, but if you have broadband
DP> traffic, you'll hit the data-plane limit much faster (16k is really
DP> for narrowband). MPF can greatly help improve data-plane performance.

DP> Dennis

DP> Christian Schmit [cschmit@vo.lu] wrote:
>>
>> We are currently running a test setup using a 7200/G1
>> device as LNS. The telco operates as LAC Juniper ERX
>> devices.
>>
>> Everything is working as expected but the CPU load
>> on the G1 is quite high. Having around 200 PPP sessions
>> on the LNS the CPU load is already at 11%. In other
>> words this would mean that around 2000 users would put
>> the box to 100% CPU usage which is very far away from
>> the advertised 16 000 broadband sessions for the G1.
>>
>> Running IP-Plus 12.3(16).
>>
>> Do I have a CPU killer in my config?
>>
>> Christian
>>
>>
>> My config:
>> -----------
>> version 12.3
>> service timestamps debug datetime msec
>> service timestamps log datetime msec
>> service password-encryption
>> no service dhcp
>> !
>> hostname LNS
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
>> !
>> clock timezone GMT 1
>> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
>> aaa new-model
>> !
>> !
>> aaa authentication login default enable
>> aaa authentication ppp default group radius
>> aaa authorization network default group radius
>> aaa accounting delay-start
>> aaa accounting update periodic 240
>> aaa accounting network default start-stop group radius
>> aaa session-id common
>> ip subnet-zero
>> no ip source-route
>> !
>> !
>> ip cef
>> no ip domain lookup
>> ip name-server xxxxxxxxxxxx
>> ip name-server xxxxxxxxxxxx
>> !
>> vpdn enable
>> vpdn ip udp ignore checksum
>> !
>> vpdn-group 1
>> accept-dialin
>> protocol l2tp
>> virtual-template 1
>> terminate-from hostname LAC
>> lcp renegotiation on-mismatch
>> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> !
>> interface Loopback0
>> ip address xxxxxxxxxxxxxxxxxxxxx
>> !
>> interface Loopback1
>> ip address xxxxxxxxxxxxxxxxxxxxx
>> !
>> interface GigabitEthernet0/1
>> description Connection to Vlan 13
>> ip address xxxxxxxxxxxxxxxxxxxx
>> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
>> duplex full
>> speed 1000
>> media-type rj45
>> no negotiation auto
>> !
>> interface GigabitEthernet0/2
>> no ip address
>> shutdown
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>> !
>> interface GigabitEthernet0/3
>> no ip address
>> shutdown
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>> !
>> interface Virtual-Template1
>> ip unnumbered Loopback1
>> ip tcp adjust-mss 1420
>> ip mroute-cache
>> peer default ip address pool VODSL
>> ppp mtu adaptive
>> ppp authentication pap chap
>> !
>> router ospf 101
>> log-adjacency-changes
>> area 0 authentication message-digest
>> summary-address xxxxxxxxxxxxxxxxxxxx
>> summary-address xxxxxxxxxxxxxxxxxxxxx
>> redistribute connected subnets
>> redistribute static subnets
>> passive-interface Virtual-Template1
>> network xxxxxxxxxxxxxxxxxxx area 0
>> network xxxxxxxxxxxxxxxxxxx area 0
>> !
>> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>> ip classless
>> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
>> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> no ip http server
>> !
>> !
>> access-list 1 permit xxxxxxxxxxxxxxxxx
>> access-list 1 deny any
>> access-list 50 permit xxxxxxxxxxxxxxxx
>> access-list 50 deny any
>> no cdp run
>> !
>> snmp-server community xxxxxxxxxxxxxxxxx RW 1
>> !
>> radius-server attribute nas-port format d
>> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>>
>> radius-server domain-stripping
>> radius-server unique-ident 3
>> radius-server vsa send accounting
>> !
>> !
>> gatekeeper
>> shutdown
>> !
>> line con 0
>> stopbits 1
>> line aux 0
>> stopbits 1
>> line vty 0 4
>> access-class 50 in
>> !
>> ntp clock-period 17180061
>> ntp server xxxxxxxxxxxx
>> ntp server xxxxxxxxxxxx
>> !
>> end
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
RE: Re[2]: LNS with 7200 with NPE-G1 [ In reply to ]
vince at cisco
Oct 18, 2005, 12:29 PM
Post #4 of 20 (13779 views)
Permalink
I would also check for fragmentation of the IP packets.

show ip traffic

V.

> -----Original Message-----
> From: cisco-bba-bounces@puck.nether.net
> [mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of
> Christian Schmit
> Sent: Tue Oct 18, 2005 3:13 PM
> To: cisco-bba@puck.nether.net
> Subject: Re[2]: [cisco-bba] LNS with 7200 with NPE-G1
>
>
> Current IP traffic is as follows:
>
> 5 minute input rate 29094000 bits/sec, 6718 packets/sec
> 5 minute output rate 29254000 bits/sec, 6702 packets/sec
>
> I noticed that in and out traffic are nearly the same which
> is not what I expected for ADSL connections where the max
> upstream is 192 kbit/s and max downstream is 3 Mbit/s.
>
> Regarding the CPU the "L2X Data Daemon" uses most. No other
> process shown any significant CPU usage.
>
> sh proc cpu:
> ------------
> CPU utilization for five seconds: 13%/9%; one minute: 12%;
> five minutes: 12% .
> .
> 14 4.55% 3.93% 3.96% 0 L2X Data Daemon
>
>
> Regarding the L2TP setup I terminated the 4 LAC devices from
> the telco in "vpdn-group 1". Would creating a separate
> vpdn-group for each LAC be of any benefit?
>
> Currently I have:
>
> 7206VXR#sh vpdn tunnel
>
> L2TP Tunnel Information Total tunnels 4 sessions 207
> LocID RemID Remote Name State Remote Address Port
> Sessions VPDN Group
> 2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
> 55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
> 29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
> 18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
> %No active L2F tunnels
> %No active PPTP tunnels
>
>
> Is there an IOS image supporting MPF that can be recommended
> in a production environment for an LNS?
>
> Christian
>
>
> DP> Your config is very basic, I don't see anything that would cause
> DP> process switching or something detrimental to the CPU. How much
> DP> traffic, in aggregate, are these 200 users pushing (bps and pps)?
> DP> 16k sessions is a control-plane limitation, but if you have
> DP> broadband traffic, you'll hit the data-plane limit much
> faster (16k
> DP> is really for narrowband). MPF can greatly help improve
> data-plane performance.
>
> DP> Dennis
>
> DP> Christian Schmit [cschmit@vo.lu] wrote:
> >>
> >> We are currently running a test setup using a 7200/G1
> device as LNS.
> >> The telco operates as LAC Juniper ERX devices.
> >>
> >> Everything is working as expected but the CPU load on the
> G1 is quite
> >> high. Having around 200 PPP sessions on the LNS the CPU load is
> >> already at 11%. In other words this would mean that around
> 2000 users
> >> would put the box to 100% CPU usage which is very far away
> from the
> >> advertised 16 000 broadband sessions for the G1.
> >>
> >> Running IP-Plus 12.3(16).
> >>
> >> Do I have a CPU killer in my config?
> >>
> >> Christian
> >>
> >>
> >> My config:
> >> -----------
> >> version 12.3
> >> service timestamps debug datetime msec service timestamps log
> >> datetime msec service password-encryption no service dhcp !
> >> hostname LNS
> >> !
> >> boot-start-marker
> >> boot-end-marker
> >> !
> >> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx !
> >> clock timezone GMT 1
> >> clock summer-time MET recurring last Sun Mar 3:00 last Sun
> Oct 3:00
> >> aaa new-model !
> >> !
> >> aaa authentication login default enable aaa authentication ppp
> >> default group radius aaa authorization network default
> group radius
> >> aaa accounting delay-start aaa accounting update periodic 240 aaa
> >> accounting network default start-stop group radius aaa session-id
> >> common ip subnet-zero no ip source-route !
> >> !
> >> ip cef
> >> no ip domain lookup
> >> ip name-server xxxxxxxxxxxx
> >> ip name-server xxxxxxxxxxxx
> >> !
> >> vpdn enable
> >> vpdn ip udp ignore checksum
> >> !
> >> vpdn-group 1
> >> accept-dialin
> >> protocol l2tp
> >> virtual-template 1
> >> terminate-from hostname LAC
> >> lcp renegotiation on-mismatch
> >> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >> !
> >> interface Loopback0
> >> ip address xxxxxxxxxxxxxxxxxxxxx
> >> !
> >> interface Loopback1
> >> ip address xxxxxxxxxxxxxxxxxxxxx
> >> !
> >> interface GigabitEthernet0/1
> >> description Connection to Vlan 13
> >> ip address xxxxxxxxxxxxxxxxxxxx
> >> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> duplex full
> >> speed 1000 media-type rj45 no negotiation auto !
> >> interface GigabitEthernet0/2
> >> no ip address
> >> shutdown
> >> duplex auto
> >> speed auto
> >> media-type rj45
> >> negotiation auto
> >> !
> >> interface GigabitEthernet0/3
> >> no ip address
> >> shutdown
> >> duplex auto
> >> speed auto
> >> media-type rj45
> >> negotiation auto
> >> !
> >> interface Virtual-Template1
> >> ip unnumbered Loopback1
> >> ip tcp adjust-mss 1420
> >> ip mroute-cache
> >> peer default ip address pool VODSL
> >> ppp mtu adaptive
> >> ppp authentication pap chap
> >> !
> >> router ospf 101
> >> log-adjacency-changes
> >> area 0 authentication message-digest summary-address
> >> xxxxxxxxxxxxxxxxxxxx summary-address xxxxxxxxxxxxxxxxxxxxx
> >> redistribute connected subnets redistribute static subnets
> >> passive-interface Virtual-Template1 network
> xxxxxxxxxxxxxxxxxxx area
> >> 0 network xxxxxxxxxxxxxxxxxxx area 0 !
> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx ip local pool VODSL
> >> xxxxxxxxxxxxxxxxxxxx ip classless ip route 0.0.0.0 0.0.0.0
> >> xxxxxxxxxxxxxxxxx ip route xxxxxxxxxxxxxxxxxxxxxxxxx
> Loopback0 10 ip
> >> route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10 ip route
> >> xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10 no ip http server !
> >> !
> >> access-list 1 permit xxxxxxxxxxxxxxxxx
> >> access-list 1 deny any
> >> access-list 50 permit xxxxxxxxxxxxxxxx
> >> access-list 50 deny any
> >> no cdp run
> >> !
> >> snmp-server community xxxxxxxxxxxxxxxxx RW 1 !
> >> radius-server attribute nas-port format d radius-server host
> >> xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
> >>
> >> radius-server domain-stripping
> >> radius-server unique-ident 3
> >> radius-server vsa send accounting
> >> !
> >> !
> >> gatekeeper
> >> shutdown
> >> !
> >> line con 0
> >> stopbits 1
> >> line aux 0
> >> stopbits 1
> >> line vty 0 4
> >> access-class 50 in
> >> !
> >> ntp clock-period 17180061
> >> ntp server xxxxxxxxxxxx
> >> ntp server xxxxxxxxxxxx
> >> !
> >> end
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> cisco-bba mailing list
> >> cisco-bba@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-bba
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
Re: LNS with 7200 with NPE-G1 [ In reply to ]
sthaug at nethelp
Oct 18, 2005, 1:34 PM
Post #5 of 20 (13746 views)
Permalink
> Current IP traffic is as follows:
>
> 5 minute input rate 29094000 bits/sec, 6718 packets/sec
> 5 minute output rate 29254000 bits/sec, 6702 packets/sec
>
> I noticed that in and out traffic are nearly the same
> which is not what I expected for ADSL connections where
> the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.

Unless you have more configuration on the box than specified in previous
messages, all traffic is going in *and* out through physical interface
GigabitEthernet0/1 - your router is a "router on a stick". And in such
cases, having input and output nearly the same is expected.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Re[2]: LNS with 7200 with NPE-G1 [ In reply to ]
cschmit at vo
Oct 18, 2005, 1:47 PM
Post #6 of 20 (13760 views)
Permalink
>> Current IP traffic is as follows:
>>
>> 5 minute input rate 29094000 bits/sec, 6718 packets/sec
>> 5 minute output rate 29254000 bits/sec, 6702 packets/sec
>>
>> I noticed that in and out traffic are nearly the same
>> which is not what I expected for ADSL connections where
>> the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.

snn> Unless you have more configuration on the box than specified in previous
snn> messages, all traffic is going in *and* out through physical interface
snn> GigabitEthernet0/1 - your router is a "router on a stick". And in such
snn> cases, having input and output nearly the same is expected.

snn> Steinar Haug, Nethelp consulting, sthaug@nethelp.no

Yes, the router only serves as LNS and only gig0/1 is connected.
Re: LNS with 7200 with NPE-G1 [ In reply to ]
achatz at forthnet
Oct 18, 2005, 1:57 PM
Post #7 of 20 (13748 views)
Permalink
We are also using 7200's as LNS and they are maxing out cpu (95%) at around 3000 L2TP sessions when
tunnels are coming through atm interface and 3500 L2TP sessions when coming through GE interface.

We are now trying 10k, but we already have 25% cpu at 3000 sessions, so 12000 sessions (1/5 of
what's advertised) will probably max its capacity. Also 10k can't do (because of PXF) a lot of
things 7200 does, which is another drawback.

We gonna have some look at Juniper's ERX series during the next months and see how it compares too.

Christian Schmit wrote on 18/10/2005 9:20 μμ:

> We are currently running a test setup using a 7200/G1
> device as LNS. The telco operates as LAC Juniper ERX
> devices.
>
> Everything is working as expected but the CPU load
> on the G1 is quite high. Having around 200 PPP sessions
> on the LNS the CPU load is already at 11%. In other
> words this would mean that around 2000 users would put
> the box to 100% CPU usage which is very far away from
> the advertised 16 000 broadband sessions for the G1.
>
> Running IP-Plus 12.3(16).
>
> Do I have a CPU killer in my config?
>
> Christian
>
>
> My config:
> -----------
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> service password-encryption
> no service dhcp
> !
> hostname LNS
> !
> boot-start-marker
> boot-end-marker
> !
> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> clock timezone GMT 1
> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> aaa new-model
> !
> !
> aaa authentication login default enable
> aaa authentication ppp default group radius
> aaa authorization network default group radius
> aaa accounting delay-start
> aaa accounting update periodic 240
> aaa accounting network default start-stop group radius
> aaa session-id common
> ip subnet-zero
> no ip source-route
> !
> !
> ip cef
> no ip domain lookup
> ip name-server xxxxxxxxxxxx
> ip name-server xxxxxxxxxxxx
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname LAC
> lcp renegotiation on-mismatch
> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback0
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback1
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface GigabitEthernet0/1
> description Connection to Vlan 13
> ip address xxxxxxxxxxxxxxxxxxxx
> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> duplex full
> speed 1000
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/2
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface GigabitEthernet0/3
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface Virtual-Template1
> ip unnumbered Loopback1
> ip tcp adjust-mss 1420
> ip mroute-cache
> peer default ip address pool VODSL
> ppp mtu adaptive
> ppp authentication pap chap
> !
> router ospf 101
> log-adjacency-changes
> area 0 authentication message-digest
> summary-address xxxxxxxxxxxxxxxxxxxx
> summary-address xxxxxxxxxxxxxxxxxxxxx
> redistribute connected subnets
> redistribute static subnets
> passive-interface Virtual-Template1
> network xxxxxxxxxxxxxxxxxxx area 0
> network xxxxxxxxxxxxxxxxxxx area 0
> !
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> ip classless
> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> no ip http server
> !
> !
> access-list 1 permit xxxxxxxxxxxxxxxxx
> access-list 1 deny any
> access-list 50 permit xxxxxxxxxxxxxxxx
> access-list 50 deny any
> no cdp run
> !
> snmp-server community xxxxxxxxxxxxxxxxx RW 1
> !
> radius-server attribute nas-port format d
> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>
> radius-server domain-stripping
> radius-server unique-ident 3
> radius-server vsa send accounting
> !
> !
> gatekeeper
> shutdown
> !
> line con 0
> stopbits 1
> line aux 0
> stopbits 1
> line vty 0 4
> access-class 50 in
> !
> ntp clock-period 17180061
> ntp server xxxxxxxxxxxx
> ntp server xxxxxxxxxxxx
> !
> end
>
>
>
>
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
Re: Re[2]: LNS with 7200 with NPE-G1 [ In reply to ]
dpeng at cisco
Oct 18, 2005, 2:11 PM
Post #8 of 20 (13777 views)
Permalink
L2X Data Daemon would indicate that stuff is getting process
switched. Separate vpdn-groups won't help in this case. What do your
RADIUS profiles look like? RADIUS can pass down configurations which
can cause problems (like Framed-Compression). Can you do a "show
derived-config interface Virtual-Access X"?

Dennis

Christian Schmit [cschmit@vo.lu] wrote:
>
> Current IP traffic is as follows:
>
> 5 minute input rate 29094000 bits/sec, 6718 packets/sec
> 5 minute output rate 29254000 bits/sec, 6702 packets/sec
>
> I noticed that in and out traffic are nearly the same
> which is not what I expected for ADSL connections where
> the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.
>
> Regarding the CPU the "L2X Data Daemon" uses most. No other
> process shown any significant CPU usage.
>
> sh proc cpu:
> ------------
> CPU utilization for five seconds: 13%/9%; one minute: 12%; five minutes: 12%
> .
> .
> 14 4.55% 3.93% 3.96% 0 L2X Data Daemon
>
>
> Regarding the L2TP setup I terminated the 4 LAC devices
> from the telco in "vpdn-group 1". Would creating a
> separate vpdn-group for each LAC be of any benefit?
>
> Currently I have:
>
> 7206VXR#sh vpdn tunnel
>
> L2TP Tunnel Information Total tunnels 4 sessions 207
> LocID RemID Remote Name State Remote Address Port Sessions VPDN Group
> 2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
> 55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
> 29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
> 18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
> %No active L2F tunnels
> %No active PPTP tunnels
>
>
> Is there an IOS image supporting MPF that can be recommended in
> a production environment for an LNS?
>
> Christian
>
>
> DP> Your config is very basic, I don't see anything that would cause
> DP> process switching or something detrimental to the CPU. How much
> DP> traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
> DP> sessions is a control-plane limitation, but if you have broadband
> DP> traffic, you'll hit the data-plane limit much faster (16k is really
> DP> for narrowband). MPF can greatly help improve data-plane performance.
>
> DP> Dennis
>
> DP> Christian Schmit [cschmit@vo.lu] wrote:
> >>
> >> We are currently running a test setup using a 7200/G1
> >> device as LNS. The telco operates as LAC Juniper ERX
> >> devices.
> >>
> >> Everything is working as expected but the CPU load
> >> on the G1 is quite high. Having around 200 PPP sessions
> >> on the LNS the CPU load is already at 11%. In other
> >> words this would mean that around 2000 users would put
> >> the box to 100% CPU usage which is very far away from
> >> the advertised 16 000 broadband sessions for the G1.
> >>
> >> Running IP-Plus 12.3(16).
> >>
> >> Do I have a CPU killer in my config?
> >>
> >> Christian
> >>
> >>
> >> My config:
> >> -----------
> >> version 12.3
> >> service timestamps debug datetime msec
> >> service timestamps log datetime msec
> >> service password-encryption
> >> no service dhcp
> >> !
> >> hostname LNS
> >> !
> >> boot-start-marker
> >> boot-end-marker
> >> !
> >> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
> >> !
> >> clock timezone GMT 1
> >> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> >> aaa new-model
> >> !
> >> !
> >> aaa authentication login default enable
> >> aaa authentication ppp default group radius
> >> aaa authorization network default group radius
> >> aaa accounting delay-start
> >> aaa accounting update periodic 240
> >> aaa accounting network default start-stop group radius
> >> aaa session-id common
> >> ip subnet-zero
> >> no ip source-route
> >> !
> >> !
> >> ip cef
> >> no ip domain lookup
> >> ip name-server xxxxxxxxxxxx
> >> ip name-server xxxxxxxxxxxx
> >> !
> >> vpdn enable
> >> vpdn ip udp ignore checksum
> >> !
> >> vpdn-group 1
> >> accept-dialin
> >> protocol l2tp
> >> virtual-template 1
> >> terminate-from hostname LAC
> >> lcp renegotiation on-mismatch
> >> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >> !
> >> interface Loopback0
> >> ip address xxxxxxxxxxxxxxxxxxxxx
> >> !
> >> interface Loopback1
> >> ip address xxxxxxxxxxxxxxxxxxxxx
> >> !
> >> interface GigabitEthernet0/1
> >> description Connection to Vlan 13
> >> ip address xxxxxxxxxxxxxxxxxxxx
> >> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> >> duplex full
> >> speed 1000
> >> media-type rj45
> >> no negotiation auto
> >> !
> >> interface GigabitEthernet0/2
> >> no ip address
> >> shutdown
> >> duplex auto
> >> speed auto
> >> media-type rj45
> >> negotiation auto
> >> !
> >> interface GigabitEthernet0/3
> >> no ip address
> >> shutdown
> >> duplex auto
> >> speed auto
> >> media-type rj45
> >> negotiation auto
> >> !
> >> interface Virtual-Template1
> >> ip unnumbered Loopback1
> >> ip tcp adjust-mss 1420
> >> ip mroute-cache
> >> peer default ip address pool VODSL
> >> ppp mtu adaptive
> >> ppp authentication pap chap
> >> !
> >> router ospf 101
> >> log-adjacency-changes
> >> area 0 authentication message-digest
> >> summary-address xxxxxxxxxxxxxxxxxxxx
> >> summary-address xxxxxxxxxxxxxxxxxxxxx
> >> redistribute connected subnets
> >> redistribute static subnets
> >> passive-interface Virtual-Template1
> >> network xxxxxxxxxxxxxxxxxxx area 0
> >> network xxxxxxxxxxxxxxxxxxx area 0
> >> !
> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> >> ip classless
> >> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> >> no ip http server
> >> !
> >> !
> >> access-list 1 permit xxxxxxxxxxxxxxxxx
> >> access-list 1 deny any
> >> access-list 50 permit xxxxxxxxxxxxxxxx
> >> access-list 50 deny any
> >> no cdp run
> >> !
> >> snmp-server community xxxxxxxxxxxxxxxxx RW 1
> >> !
> >> radius-server attribute nas-port format d
> >> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
> >>
> >> radius-server domain-stripping
> >> radius-server unique-ident 3
> >> radius-server vsa send accounting
> >> !
> >> !
> >> gatekeeper
> >> shutdown
> >> !
> >> line con 0
> >> stopbits 1
> >> line aux 0
> >> stopbits 1
> >> line vty 0 4
> >> access-class 50 in
> >> !
> >> ntp clock-period 17180061
> >> ntp server xxxxxxxxxxxx
> >> ntp server xxxxxxxxxxxx
> >> !
> >> end
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> cisco-bba mailing list
> >> cisco-bba@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-bba
RE: LNS with 7200 with NPE-G1 [ In reply to ]
rlicon at cisco
Oct 18, 2005, 2:43 PM
Post #9 of 20 (13772 views)
Permalink
As Dennis mentions, MPF might be a good fit here for this config,
especially since the interfaces appear to be only ethernet.
More can be found here:
http://cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_feat
ure_guide09186a00804c2d31.html

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Dennis Peng
(dpeng)
Sent: Tuesday, October 18, 2005 11:34 AM
To: Christian Schmit
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] LNS with 7200 with NPE-G1

Your config is very basic, I don't see anything that would cause process
switching or something detrimental to the CPU. How much traffic, in
aggregate, are these 200 users pushing (bps and pps)? 16k sessions is a
control-plane limitation, but if you have broadband traffic, you'll hit
the data-plane limit much faster (16k is really for narrowband). MPF can
greatly help improve data-plane performance.

Dennis

Christian Schmit [cschmit@vo.lu] wrote:
>
> We are currently running a test setup using a 7200/G1 device as LNS.
> The telco operates as LAC Juniper ERX devices.
>
> Everything is working as expected but the CPU load on the G1 is quite
> high. Having around 200 PPP sessions on the LNS the CPU load is
> already at 11%. In other words this would mean that around 2000 users
> would put the box to 100% CPU usage which is very far away from the
> advertised 16 000 broadband sessions for the G1.
>
> Running IP-Plus 12.3(16).
>
> Do I have a CPU killer in my config?
>
> Christian
>
>
> My config:
> -----------
> version 12.3
> service timestamps debug datetime msec service timestamps log datetime

> msec service password-encryption no service dhcp !
> hostname LNS
> !
> boot-start-marker
> boot-end-marker
> !
> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx !
> clock timezone GMT 1
> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> aaa new-model !
> !
> aaa authentication login default enable aaa authentication ppp default

> group radius aaa authorization network default group radius aaa
> accounting delay-start aaa accounting update periodic 240 aaa
> accounting network default start-stop group radius aaa session-id
> common ip subnet-zero no ip source-route !
> !
> ip cef
> no ip domain lookup
> ip name-server xxxxxxxxxxxx
> ip name-server xxxxxxxxxxxx
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname LAC
> lcp renegotiation on-mismatch
> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback0
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback1
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface GigabitEthernet0/1
> description Connection to Vlan 13
> ip address xxxxxxxxxxxxxxxxxxxx
> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx duplex full
> speed 1000 media-type rj45 no negotiation auto !
> interface GigabitEthernet0/2
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface GigabitEthernet0/3
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface Virtual-Template1
> ip unnumbered Loopback1
> ip tcp adjust-mss 1420
> ip mroute-cache
> peer default ip address pool VODSL
> ppp mtu adaptive
> ppp authentication pap chap
> !
> router ospf 101
> log-adjacency-changes
> area 0 authentication message-digest
> summary-address xxxxxxxxxxxxxxxxxxxx
> summary-address xxxxxxxxxxxxxxxxxxxxx redistribute connected subnets

> redistribute static subnets passive-interface Virtual-Template1
> network xxxxxxxxxxxxxxxxxxx area 0 network xxxxxxxxxxxxxxxxxxx area 0

> !
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx ip local pool VODSL
> xxxxxxxxxxxxxxxxxxxx ip classless ip route 0.0.0.0 0.0.0.0
> xxxxxxxxxxxxxxxxx ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10 ip
> route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10 ip route
> xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10 no ip http server !
> !
> access-list 1 permit xxxxxxxxxxxxxxxxx
> access-list 1 deny any
> access-list 50 permit xxxxxxxxxxxxxxxx
> access-list 50 deny any
> no cdp run
> !
> snmp-server community xxxxxxxxxxxxxxxxx RW 1 !
> radius-server attribute nas-port format d radius-server host
> xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>
> radius-server domain-stripping
> radius-server unique-ident 3
> radius-server vsa send accounting
> !
> !
> gatekeeper
> shutdown
> !
> line con 0
> stopbits 1
> line aux 0
> stopbits 1
> line vty 0 4
> access-class 50 in
> !
> ntp clock-period 17180061
> ntp server xxxxxxxxxxxx
> ntp server xxxxxxxxxxxx
> !
> end
>
>
>
>
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: LNS with 7200 with NPE-G1 [ In reply to ]
cisco-bba at mls
Oct 18, 2005, 4:43 PM
Post #10 of 20 (13778 views)
Permalink
Bonjour Christian,

It's not sure that there is a linear relation between number of sessions and
cpu load. I mean increasing the number of ppp session to 2000 should
not load cpu to 100% but to around 40%

We experienced about 33% cpu for 1600 users when we were in similar
configuration. What did most load our cpu was routing and queue when
the link was congested or when there is a lot of "signalling" traffic
(connexion/disconnexion of users)

Le mercredi 19 octobre 2005 à 05:20:23, vous écriviez :

CS> We are currently running a test setup using a 7200/G1
CS> device as LNS. The telco operates as LAC Juniper ERX
CS> devices.

CS> Everything is working as expected but the CPU load
CS> on the G1 is quite high. Having around 200 PPP sessions
CS> on the LNS the CPU load is already at 11%. In other
CS> words this would mean that around 2000 users would put
CS> the box to 100% CPU usage which is very far away from
CS> the advertised 16 000 broadband sessions for the G1.

CS> Running IP-Plus 12.3(16).

CS> Do I have a CPU killer in my config?

CS> Christian


CS> My config:
CS> -----------
CS> version 12.3
CS> service timestamps debug datetime msec
CS> service timestamps log datetime msec
CS> service password-encryption
CS> no service dhcp
CS> !
CS> hostname LNS
CS> !
CS> boot-start-marker
CS> boot-end-marker
CS> !
CS> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
CS> !
CS> clock timezone GMT 1
CS> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
CS> aaa new-model
CS> !
CS> !
CS> aaa authentication login default enable
CS> aaa authentication ppp default group radius
CS> aaa authorization network default group radius
CS> aaa accounting delay-start
CS> aaa accounting update periodic 240
CS> aaa accounting network default start-stop group radius
CS> aaa session-id common
CS> ip subnet-zero
CS> no ip source-route
CS> !
CS> !
CS> ip cef
CS> no ip domain lookup
CS> ip name-server xxxxxxxxxxxx
CS> ip name-server xxxxxxxxxxxx
CS> !
CS> vpdn enable
CS> vpdn ip udp ignore checksum
CS> !
CS> vpdn-group 1
CS> accept-dialin
CS> protocol l2tp
CS> virtual-template 1
CS> terminate-from hostname LAC
CS> lcp renegotiation on-mismatch
CS> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
CS> !
CS> interface Loopback0
CS> ip address xxxxxxxxxxxxxxxxxxxxx
CS> !
CS> interface Loopback1
CS> ip address xxxxxxxxxxxxxxxxxxxxx
CS> !
CS> interface GigabitEthernet0/1
CS> description Connection to Vlan 13
CS> ip address xxxxxxxxxxxxxxxxxxxx
CS> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
CS> duplex full
CS> speed 1000
CS> media-type rj45
CS> no negotiation auto
CS> !
CS> interface GigabitEthernet0/2
CS> no ip address
CS> shutdown
CS> duplex auto
CS> speed auto
CS> media-type rj45
CS> negotiation auto
CS> !
CS> interface GigabitEthernet0/3
CS> no ip address
CS> shutdown
CS> duplex auto
CS> speed auto
CS> media-type rj45
CS> negotiation auto
CS> !
CS> interface Virtual-Template1
CS> ip unnumbered Loopback1
CS> ip tcp adjust-mss 1420
CS> ip mroute-cache
CS> peer default ip address pool VODSL
CS> ppp mtu adaptive
CS> ppp authentication pap chap
CS> !
CS> router ospf 101
CS> log-adjacency-changes
CS> area 0 authentication message-digest
CS> summary-address xxxxxxxxxxxxxxxxxxxx
CS> summary-address xxxxxxxxxxxxxxxxxxxxx
CS> redistribute connected subnets
CS> redistribute static subnets
CS> passive-interface Virtual-Template1
CS> network xxxxxxxxxxxxxxxxxxx area 0
CS> network xxxxxxxxxxxxxxxxxxx area 0
CS> !
CS> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
CS> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
CS> ip classless
CS> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
CS> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
CS> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
CS> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
CS> no ip http server
CS> !
CS> !
CS> access-list 1 permit xxxxxxxxxxxxxxxxx
CS> access-list 1 deny any
CS> access-list 50 permit xxxxxxxxxxxxxxxx
CS> access-list 50 deny any
CS> no cdp run
CS> !
CS> snmp-server community xxxxxxxxxxxxxxxxx RW 1
CS> !
CS> radius-server attribute nas-port format d
CS> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx

CS> radius-server domain-stripping
CS> radius-server unique-ident 3
CS> radius-server vsa send accounting
CS> !
CS> !
CS> gatekeeper
CS> shutdown
CS> !
CS> line con 0
CS> stopbits 1
CS> line aux 0
CS> stopbits 1
CS> line vty 0 4
CS> access-class 50 in
CS> !
CS> ntp clock-period 17180061
CS> ntp server xxxxxxxxxxxx
CS> ntp server xxxxxxxxxxxx
CS> !
CS> end







CS> _______________________________________________
CS> cisco-bba mailing list
CS> cisco-bba@puck.nether.net
CS> https://puck.nether.net/mailman/listinfo/cisco-bba


--
Cordialement,
xlr8 mailto:cisco-bba@mls.nc
RE: LNS with 7200 with NPE-G1 [ In reply to ]
ash at telstra
Oct 18, 2005, 5:02 PM
Post #11 of 20 (13740 views)
Permalink
Tassos, what traffic levels are you doing?

We have a number of 7200 G1s running SSG software in LNS mode with 3000 sessions and 105Mbits of traffic. The cpu peaks at 88%. Sometimes we have done 95%+ CPU with 4400 sessions and 150Mbits of traffic.

However majority of our CPU load is due to the regular SNMP Polling of the device, interfaces and VPDN mibs.


Ash



-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net]On Behalf Of Tassos
Chatzithomaoglou
Sent: Wednesday, 19 October 2005 6:57 AM
To: Christian Schmit
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] LNS with 7200 with NPE-G1


We are also using 7200's as LNS and they are maxing out cpu (95%) at around 3000 L2TP sessions when
tunnels are coming through atm interface and 3500 L2TP sessions when coming through GE interface.

We are now trying 10k, but we already have 25% cpu at 3000 sessions, so 12000 sessions (1/5 of
what's advertised) will probably max its capacity. Also 10k can't do (because of PXF) a lot of
things 7200 does, which is another drawback.

We gonna have some look at Juniper's ERX series during the next months and see how it compares too.

Christian Schmit wrote on 18/10/2005 9:20 µµ:

> We are currently running a test setup using a 7200/G1
> device as LNS. The telco operates as LAC Juniper ERX
> devices.
>
> Everything is working as expected but the CPU load
> on the G1 is quite high. Having around 200 PPP sessions
> on the LNS the CPU load is already at 11%. In other
> words this would mean that around 2000 users would put
> the box to 100% CPU usage which is very far away from
> the advertised 16 000 broadband sessions for the G1.
>
> Running IP-Plus 12.3(16).
>
> Do I have a CPU killer in my config?
>
> Christian
>
>
> My config:
> -----------
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> service password-encryption
> no service dhcp
> !
> hostname LNS
> !
> boot-start-marker
> boot-end-marker
> !
> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> clock timezone GMT 1
> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> aaa new-model
> !
> !
> aaa authentication login default enable
> aaa authentication ppp default group radius
> aaa authorization network default group radius
> aaa accounting delay-start
> aaa accounting update periodic 240
> aaa accounting network default start-stop group radius
> aaa session-id common
> ip subnet-zero
> no ip source-route
> !
> !
> ip cef
> no ip domain lookup
> ip name-server xxxxxxxxxxxx
> ip name-server xxxxxxxxxxxx
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname LAC
> lcp renegotiation on-mismatch
> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback0
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface Loopback1
> ip address xxxxxxxxxxxxxxxxxxxxx
> !
> interface GigabitEthernet0/1
> description Connection to Vlan 13
> ip address xxxxxxxxxxxxxxxxxxxx
> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> duplex full
> speed 1000
> media-type rj45
> no negotiation auto
> !
> interface GigabitEthernet0/2
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface GigabitEthernet0/3
> no ip address
> shutdown
> duplex auto
> speed auto
> media-type rj45
> negotiation auto
> !
> interface Virtual-Template1
> ip unnumbered Loopback1
> ip tcp adjust-mss 1420
> ip mroute-cache
> peer default ip address pool VODSL
> ppp mtu adaptive
> ppp authentication pap chap
> !
> router ospf 101
> log-adjacency-changes
> area 0 authentication message-digest
> summary-address xxxxxxxxxxxxxxxxxxxx
> summary-address xxxxxxxxxxxxxxxxxxxxx
> redistribute connected subnets
> redistribute static subnets
> passive-interface Virtual-Template1
> network xxxxxxxxxxxxxxxxxxx area 0
> network xxxxxxxxxxxxxxxxxxx area 0
> !
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> ip classless
> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> no ip http server
> !
> !
> access-list 1 permit xxxxxxxxxxxxxxxxx
> access-list 1 deny any
> access-list 50 permit xxxxxxxxxxxxxxxx
> access-list 50 deny any
> no cdp run
> !
> snmp-server community xxxxxxxxxxxxxxxxx RW 1
> !
> radius-server attribute nas-port format d
> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>
> radius-server domain-stripping
> radius-server unique-ident 3
> radius-server vsa send accounting
> !
> !
> gatekeeper
> shutdown
> !
> line con 0
> stopbits 1
> line aux 0
> stopbits 1
> line vty 0 4
> access-class 50 in
> !
> ntp clock-period 17180061
> ntp server xxxxxxxxxxxx
> ntp server xxxxxxxxxxxx
> !
> end
>
>
>
>
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re[4]: LNS with 7200 with NPE-G1 [ In reply to ]
cschmit at vo
Oct 19, 2005, 2:03 AM
Post #12 of 20 (13846 views)
Permalink
> L2X Data Daemon would indicate that stuff is getting process
> switched. Separate vpdn-groups won't help in this case. What do your
> RADIUS profiles look like? RADIUS can pass down configurations which
> can cause problems (like Framed-Compression). Can you do a "show
> derived-config interface Virtual-Access X"?

We set the following attributes in radius for DSL accounts:

Framed-Protocol = PPP
User-Service-Type = Framed-User
Framed-Routing = none
Port-Limit = 2
Framed-Netmask = 255.255.255.255


7206VXRL#sh derived-config interface virtual-access 2.3
Building configuration...

Derived configuration : 197 bytes
!
interface Virtual-Access2.3
ip unnumbered Loopback1
ip mtu 1460
ip tcp adjust-mss 1420
ip mroute-cache
peer default ip address pool VODSL
ppp mtu adaptive
ppp authentication pap chap
end


Christian



> Christian Schmit [cschmit@vo.lu] wrote:
>>
>> Current IP traffic is as follows:
>>
>> 5 minute input rate 29094000 bits/sec, 6718 packets/sec
>> 5 minute output rate 29254000 bits/sec, 6702 packets/sec
>>
>> I noticed that in and out traffic are nearly the same
>> which is not what I expected for ADSL connections where
>> the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.
>>
>> Regarding the CPU the "L2X Data Daemon" uses most. No other
>> process shown any significant CPU usage.
>>
>> sh proc cpu:
>> ------------
>> CPU utilization for five seconds: 13%/9%; one minute: 12%; five minutes: 12%
>> .
>> .
>> 14 4.55% 3.93% 3.96% 0 L2X Data Daemon
>>
>>
>> Regarding the L2TP setup I terminated the 4 LAC devices
>> from the telco in "vpdn-group 1". Would creating a
>> separate vpdn-group for each LAC be of any benefit?
>>
>> Currently I have:
>>
>> 7206VXR#sh vpdn tunnel
>>
>> L2TP Tunnel Information Total tunnels 4 sessions 207
>> LocID RemID Remote Name State Remote Address Port Sessions VPDN Group
>> 2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
>> 55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
>> 29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
>> 18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
>> %No active L2F tunnels
>> %No active PPTP tunnels
>>
>>
>> Is there an IOS image supporting MPF that can be recommended in
>> a production environment for an LNS?
>>
>> Christian
>>
>>
>> DP> Your config is very basic, I don't see anything that would cause
>> DP> process switching or something detrimental to the CPU. How much
>> DP> traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
>> DP> sessions is a control-plane limitation, but if you have broadband
>> DP> traffic, you'll hit the data-plane limit much faster (16k is really
>> DP> for narrowband). MPF can greatly help improve data-plane performance.
>>
>> DP> Dennis
>>
>> DP> Christian Schmit [cschmit@vo.lu] wrote:
>> >>
>> >> We are currently running a test setup using a 7200/G1
>> >> device as LNS. The telco operates as LAC Juniper ERX
>> >> devices.
>> >>
>> >> Everything is working as expected but the CPU load
>> >> on the G1 is quite high. Having around 200 PPP sessions
>> >> on the LNS the CPU load is already at 11%. In other
>> >> words this would mean that around 2000 users would put
>> >> the box to 100% CPU usage which is very far away from
>> >> the advertised 16 000 broadband sessions for the G1.
>> >>
>> >> Running IP-Plus 12.3(16).
>> >>
>> >> Do I have a CPU killer in my config?
>> >>
>> >> Christian
>> >>
>> >>
>> >> My config:
>> >> -----------
>> >> version 12.3
>> >> service timestamps debug datetime msec
>> >> service timestamps log datetime msec
>> >> service password-encryption
>> >> no service dhcp
>> >> !
>> >> hostname LNS
>> >> !
>> >> boot-start-marker
>> >> boot-end-marker
>> >> !
>> >> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> clock timezone GMT 1
>> >> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
>> >> aaa new-model
>> >> !
>> >> !
>> >> aaa authentication login default enable
>> >> aaa authentication ppp default group radius
>> >> aaa authorization network default group radius
>> >> aaa accounting delay-start
>> >> aaa accounting update periodic 240
>> >> aaa accounting network default start-stop group radius
>> >> aaa session-id common
>> >> ip subnet-zero
>> >> no ip source-route
>> >> !
>> >> !
>> >> ip cef
>> >> no ip domain lookup
>> >> ip name-server xxxxxxxxxxxx
>> >> ip name-server xxxxxxxxxxxx
>> >> !
>> >> vpdn enable
>> >> vpdn ip udp ignore checksum
>> >> !
>> >> vpdn-group 1
>> >> accept-dialin
>> >> protocol l2tp
>> >> virtual-template 1
>> >> terminate-from hostname LAC
>> >> lcp renegotiation on-mismatch
>> >> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> interface Loopback0
>> >> ip address xxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> interface Loopback1
>> >> ip address xxxxxxxxxxxxxxxxxxxxx
>> >> !
>> >> interface GigabitEthernet0/1
>> >> description Connection to Vlan 13
>> >> ip address xxxxxxxxxxxxxxxxxxxx
>> >> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
>> >> duplex full
>> >> speed 1000
>> >> media-type rj45
>> >> no negotiation auto
>> >> !
>> >> interface GigabitEthernet0/2
>> >> no ip address
>> >> shutdown
>> >> duplex auto
>> >> speed auto
>> >> media-type rj45
>> >> negotiation auto
>> >> !
>> >> interface GigabitEthernet0/3
>> >> no ip address
>> >> shutdown
>> >> duplex auto
>> >> speed auto
>> >> media-type rj45
>> >> negotiation auto
>> >> !
>> >> interface Virtual-Template1
>> >> ip unnumbered Loopback1
>> >> ip tcp adjust-mss 1420
>> >> ip mroute-cache
>> >> peer default ip address pool VODSL
>> >> ppp mtu adaptive
>> >> ppp authentication pap chap
>> >> !
>> >> router ospf 101
>> >> log-adjacency-changes
>> >> area 0 authentication message-digest
>> >> summary-address xxxxxxxxxxxxxxxxxxxx
>> >> summary-address xxxxxxxxxxxxxxxxxxxxx
>> >> redistribute connected subnets
>> >> redistribute static subnets
>> >> passive-interface Virtual-Template1
>> >> network xxxxxxxxxxxxxxxxxxx area 0
>> >> network xxxxxxxxxxxxxxxxxxx area 0
>> >> !
>> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>> >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>> >> ip classless
>> >> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
>> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>> >> no ip http server
>> >> !
>> >> !
>> >> access-list 1 permit xxxxxxxxxxxxxxxxx
>> >> access-list 1 deny any
>> >> access-list 50 permit xxxxxxxxxxxxxxxx
>> >> access-list 50 deny any
>> >> no cdp run
>> >> !
>> >> snmp-server community xxxxxxxxxxxxxxxxx RW 1
>> >> !
>> >> radius-server attribute nas-port format d
>> >> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>> >>
>> >> radius-server domain-stripping
>> >> radius-server unique-ident 3
>> >> radius-server vsa send accounting
>> >> !
>> >> !
>> >> gatekeeper
>> >> shutdown
>> >> !
>> >> line con 0
>> >> stopbits 1
>> >> line aux 0
>> >> stopbits 1
>> >> line vty 0 4
>> >> access-class 50 in
>> >> !
>> >> ntp clock-period 17180061
>> >> ntp server xxxxxxxxxxxx
>> >> ntp server xxxxxxxxxxxx
>> >> !
>> >> end
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> cisco-bba mailing list
>> >> cisco-bba@puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/cisco-bba
RE: LNS with 7200 with NPE-G1 [ In reply to ]
kristo at ipf
Oct 19, 2005, 2:09 AM
Post #13 of 20 (13763 views)
Permalink
Hi,

On Tue, 2005-10-18 at 14:43 -0700, Richard Licon (rlicon) wrote:
> As Dennis mentions, MPF might be a good fit here for this config,
> especially since the interfaces appear to be only ethernet.
> More can be found here:
> http://cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_feat
> ure_guide09186a00804c2d31.html

A pretty informational document. However, a few questions:

1. A ROMmon upgrade. How big a deal? Can one download the image
somewhere on CCO? I seem to be unable to find it.

2. Price of the software. Last time I checked it was around USD
$10,000?

3. Stability. Quoting the document, "The MPF image should not be used
as a general purpose router image.". What does this mean? Is it not
reliable enough?

4. Restrictions. According to the document, MPF does not support
MPLS. Does this mean if I'm using MPLS, I will get no acceleration,
or just "less acceleration" (will other features still be accelerated?).
What I'm looking for is really an acceleration on the data plane for
customer's traffic.

Is Cisco recommending the use of MPF in a live service provider network
right now?

Thanks,
Kristofer

--
Kristófer Sigurðsson Tel: +354 414 1600
Netrekstur/Network Operations IP Fjarskipti ehf.
RE: LNS with 7200 with NPE-G1 [ In reply to ]
rlicon at cisco
Oct 19, 2005, 2:37 AM
Post #14 of 20 (13775 views)
Permalink
Hi Kristofer,

Please see inline @ #RL ...

-----Original Message-----
From: Kristofer Sigurdsson [mailto:kristo@ipf.is]
Sent: Wednesday, October 19, 2005 2:10 AM
To: Richard Licon (rlicon)
Cc: Dennis Peng (dpeng); Christian Schmit; cisco-bba@puck.nether.net
Subject: RE: [cisco-bba] LNS with 7200 with NPE-G1

Hi,

On Tue, 2005-10-18 at 14:43 -0700, Richard Licon (rlicon) wrote:
> As Dennis mentions, MPF might be a good fit here for this config,
> especially since the interfaces appear to be only ethernet.
> More can be found here:
> http://cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_fe
> at
> ure_guide09186a00804c2d31.html

A pretty informational document. However, a few questions:

1. A ROMmon upgrade. How big a deal? Can one download the image somewhere on CCO? I seem to be unable to find it.

#RL - A big deal if not done properly, but it's pretty straight forward procedure. One needs to purchase the MPF license.

2. Price of the software. Last time I checked it was around USD $10,000?
#RL - Yes.

3. Stability. Quoting the document, "The MPF image should not be used as a general purpose router image.". What does this mean? Is it not reliable enough?

#RL - MPF should be used for "specific" configurations or applications. If a customer sees a fit for the accelerated features, then MPF makes sense. Customers can take advantage of the MPF software for high speed internet access with MPF providing the accelerated performance via CPU1 i.e, L2TP traffic with ACLs/uRPF/Policing configured and add value-added services to be switched by CPU0; i.e, per-user Firewall with CBAC.
"General purpose router image" meaning MPF software is not a swiss army knife type image.

4. Restrictions. According to the document, MPF does not support MPLS. Does this mean if I'm using MPLS, I will get no acceleration, or just "less acceleration" (will other features still be accelerated?).

#RL - Today, MPLS is not supported in the MPF images (-is- and -i12o3s), however VRF-lite is accelerated.

What I'm looking for is really an acceleration on the data plane for customer's traffic.

Is Cisco recommending the use of MPF in a live service provider network right now?

#RL - We have customers using MPF in their production network.

Thanks,
Richard

Thanks,
Kristofer

--
Kristófer Sigurðsson Tel: +354 414 1600
Netrekstur/Network Operations IP Fjarskipti ehf.
Re: LNS with 7200 with NPE-G1 [ In reply to ]
achatz at forthnet
Oct 19, 2005, 3:12 AM
Post #15 of 20 (13785 views)
Permalink
~3000 sessions, 70% cpu.

GigabitEthernet0/1 is up, line protocol is up
30 second input rate 121057000 bits/sec, 21379 packets/sec
30 second output rate 52865000 bits/sec, 19767 packets/sec
GigabitEthernet0/2 is up, line protocol is up
30 second input rate 54558000 bits/sec, 19618 packets/sec
30 second output rate 124335000 bits/sec, 21226 packets/sec


Ash Garg wrote on 19/10/2005 3:02 πμ:
> Tassos, what traffic levels are you doing?
>
> We have a number of 7200 G1s running SSG software in LNS mode with 3000 sessions and 105Mbits of traffic. The cpu peaks at 88%. Sometimes we have done 95%+ CPU with 4400 sessions and 150Mbits of traffic.
>
> However majority of our CPU load is due to the regular SNMP Polling of the device, interfaces and VPDN mibs.
>
>
> Ash
>
>
>
> -----Original Message-----
> From: cisco-bba-bounces@puck.nether.net
> [mailto:cisco-bba-bounces@puck.nether.net]On Behalf Of Tassos
> Chatzithomaoglou
> Sent: Wednesday, 19 October 2005 6:57 AM
> To: Christian Schmit
> Cc: cisco-bba@puck.nether.net
> Subject: Re: [cisco-bba] LNS with 7200 with NPE-G1
>
>
> We are also using 7200's as LNS and they are maxing out cpu (95%) at around 3000 L2TP sessions when
> tunnels are coming through atm interface and 3500 L2TP sessions when coming through GE interface.
>
> We are now trying 10k, but we already have 25% cpu at 3000 sessions, so 12000 sessions (1/5 of
> what's advertised) will probably max its capacity. Also 10k can't do (because of PXF) a lot of
> things 7200 does, which is another drawback.
>
> We gonna have some look at Juniper's ERX series during the next months and see how it compares too.
>
> Christian Schmit wrote on 18/10/2005 9:20 µµ:
>
>
>>We are currently running a test setup using a 7200/G1
>>device as LNS. The telco operates as LAC Juniper ERX
>>devices.
>>
>>Everything is working as expected but the CPU load
>>on the G1 is quite high. Having around 200 PPP sessions
>>on the LNS the CPU load is already at 11%. In other
>>words this would mean that around 2000 users would put
>>the box to 100% CPU usage which is very far away from
>>the advertised 16 000 broadband sessions for the G1.
>>
>>Running IP-Plus 12.3(16).
>>
>>Do I have a CPU killer in my config?
>>
>>Christian
>>
>>
>>My config:
>>-----------
>>version 12.3
>>service timestamps debug datetime msec
>>service timestamps log datetime msec
>>service password-encryption
>>no service dhcp
>>!
>>hostname LNS
>>!
>>boot-start-marker
>>boot-end-marker
>>!
>>enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
>>!
>>clock timezone GMT 1
>>clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
>>aaa new-model
>>!
>>!
>>aaa authentication login default enable
>>aaa authentication ppp default group radius
>>aaa authorization network default group radius
>>aaa accounting delay-start
>>aaa accounting update periodic 240
>>aaa accounting network default start-stop group radius
>>aaa session-id common
>>ip subnet-zero
>>no ip source-route
>>!
>>!
>>ip cef
>>no ip domain lookup
>>ip name-server xxxxxxxxxxxx
>>ip name-server xxxxxxxxxxxx
>>!
>>vpdn enable
>>vpdn ip udp ignore checksum
>>!
>>vpdn-group 1
>> accept-dialin
>> protocol l2tp
>> virtual-template 1
>> terminate-from hostname LAC
>> lcp renegotiation on-mismatch
>> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>!
>>interface Loopback0
>> ip address xxxxxxxxxxxxxxxxxxxxx
>>!
>>interface Loopback1
>> ip address xxxxxxxxxxxxxxxxxxxxx
>>!
>>interface GigabitEthernet0/1
>> description Connection to Vlan 13
>> ip address xxxxxxxxxxxxxxxxxxxx
>> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
>> duplex full
>> speed 1000
>> media-type rj45
>> no negotiation auto
>>!
>>interface GigabitEthernet0/2
>> no ip address
>> shutdown
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>>!
>>interface GigabitEthernet0/3
>> no ip address
>> shutdown
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>>!
>>interface Virtual-Template1
>> ip unnumbered Loopback1
>> ip tcp adjust-mss 1420
>> ip mroute-cache
>> peer default ip address pool VODSL
>> ppp mtu adaptive
>> ppp authentication pap chap
>>!
>>router ospf 101
>> log-adjacency-changes
>> area 0 authentication message-digest
>> summary-address xxxxxxxxxxxxxxxxxxxx
>> summary-address xxxxxxxxxxxxxxxxxxxxx
>> redistribute connected subnets
>> redistribute static subnets
>> passive-interface Virtual-Template1
>> network xxxxxxxxxxxxxxxxxxx area 0
>> network xxxxxxxxxxxxxxxxxxx area 0
>>!
>>ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>>ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
>>ip classless
>>ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
>>ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>>ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>>ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
>>no ip http server
>>!
>>!
>>access-list 1 permit xxxxxxxxxxxxxxxxx
>>access-list 1 deny any
>>access-list 50 permit xxxxxxxxxxxxxxxx
>>access-list 50 deny any
>>no cdp run
>>!
>>snmp-server community xxxxxxxxxxxxxxxxx RW 1
>>!
>>radius-server attribute nas-port format d
>>radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
>>
>>radius-server domain-stripping
>>radius-server unique-ident 3
>>radius-server vsa send accounting
>>!
>>!
>>gatekeeper
>> shutdown
>>!
>>line con 0
>> stopbits 1
>>line aux 0
>> stopbits 1
>>line vty 0 4
>> access-class 50 in
>>!
>>ntp clock-period 17180061
>>ntp server xxxxxxxxxxxx
>>ntp server xxxxxxxxxxxx
>>!
>>end
>>
>>
>>
>>
>>
>>
>>
>>_______________________________________________
>>cisco-bba mailing list
>>cisco-bba@puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-bba
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
Re: LNS with 7200 with NPE-G1 [ In reply to ]
mandrews at bit0
Oct 19, 2005, 11:24 AM
Post #16 of 20 (13764 views)
Permalink
On Tue, 18 Oct 2005, sthaug@nethelp.no wrote:

> Unless you have more configuration on the box than specified in previous
> messages, all traffic is going in *and* out through physical interface
> GigabitEthernet0/1 - your router is a "router on a stick". And in such
> cases, having input and output nearly the same is expected.


Maybe "ip route-cache same-interface" would help cut CPU, then?
RE: LNS with 7200 with NPE-G1 [ In reply to ]
oboehmer at cisco
Oct 19, 2005, 11:28 AM
Post #17 of 20 (13760 views)
Permalink
Mike Andrews <> wrote on Wednesday, October 19, 2005 8:25 PM:

> On Tue, 18 Oct 2005, sthaug@nethelp.no wrote:
>
>> Unless you have more configuration on the box than specified in
>> previous messages, all traffic is going in *and* out through
>> physical interface GigabitEthernet0/1 - your router is a "router on
>> a stick". And in such cases, having input and output nearly the same
>> is expected.
>
>
> Maybe "ip route-cache same-interface" would help cut CPU, then?

no, this is a legacy fast-switching command not applicable to CEF/MPF..

There is nothing wrong with router-on-a-stick configurations.. actually
it is quite common.

oli
Re: LNS with 7200 with NPE-G1 [ In reply to ]
achatz at forthnet
Oct 26, 2005, 8:17 AM
Post #18 of 20 (13759 views)
Permalink
We got the following error:

%MPF-4-IGNOREDFEATURES: Interface Gi0/1: Input "NetFlow" configurations are not MPF supported and
are IGNORED.


Does this mean netflow won't be enabled at all or netflow will be enabled but won't get any benefit
from MPF?


Richard Licon (rlicon) wrote on 19/10/2005 12:37:

> Hi Kristofer,
>
> Please see inline @ #RL ...
>
> -----Original Message-----
> From: Kristofer Sigurdsson [mailto:kristo@ipf.is]
> Sent: Wednesday, October 19, 2005 2:10 AM
> To: Richard Licon (rlicon)
> Cc: Dennis Peng (dpeng); Christian Schmit; cisco-bba@puck.nether.net
> Subject: RE: [cisco-bba] LNS with 7200 with NPE-G1
>
> Hi,
>
> On Tue, 2005-10-18 at 14:43 -0700, Richard Licon (rlicon) wrote:
>
>>As Dennis mentions, MPF might be a good fit here for this config,
>>especially since the interfaces appear to be only ethernet.
>>More can be found here:
>>http://cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_fe
>>at
>>ure_guide09186a00804c2d31.html
>
>
> A pretty informational document. However, a few questions:
>
> 1. A ROMmon upgrade. How big a deal? Can one download the image somewhere on CCO? I seem to be unable to find it.
>
> #RL - A big deal if not done properly, but it's pretty straight forward procedure. One needs to purchase the MPF license.
>
> 2. Price of the software. Last time I checked it was around USD $10,000?
> #RL - Yes.
>
> 3. Stability. Quoting the document, "The MPF image should not be used as a general purpose router image.". What does this mean? Is it not reliable enough?
>
> #RL - MPF should be used for "specific" configurations or applications. If a customer sees a fit for the accelerated features, then MPF makes sense. Customers can take advantage of the MPF software for high speed internet access with MPF providing the accelerated performance via CPU1 i.e, L2TP traffic with ACLs/uRPF/Policing configured and add value-added services to be switched by CPU0; i.e, per-user Firewall with CBAC.
> "General purpose router image" meaning MPF software is not a swiss army knife type image.
>
> 4. Restrictions. According to the document, MPF does not support MPLS. Does this mean if I'm using MPLS, I will get no acceleration, or just "less acceleration" (will other features still be accelerated?).
>
> #RL - Today, MPLS is not supported in the MPF images (-is- and -i12o3s), however VRF-lite is accelerated.
>
> What I'm looking for is really an acceleration on the data plane for customer's traffic.
>
> Is Cisco recommending the use of MPF in a live service provider network right now?
>
> #RL - We have customers using MPF in their production network.
>
> Thanks,
> Richard
>
> Thanks,
> Kristofer
>

--
***************************************
Tassos Chatzithomaoglou
Network Design & Development Department
FORTHnet S.A.
<achatz@forthnet.gr>
***************************************
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: LNS with 7200 with NPE-G1 [ In reply to ]
werber at cisco
Oct 26, 2005, 9:15 AM
Post #19 of 20 (13786 views)
Permalink
Hello Tassos,

from:
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_feature_guide09186a00804c2d31.html#wp1102888

--------------
Ignored MPF Features

Ignored features in an MPF network are those Cisco IOS features that are
neither accelerated by MPF nor punted for Cisco IOS processing. When an
ignored MPF feature is applied to a native GE interface on an MPF
system, the system accepts the configuration. However the unsupported
MPF feature is ignored for traffic going through that native GE interface.

An ignored MPF feature is not punted and not processed by Cisco IOS
software. The feature is ignored and does not cause any unexpected Cisco
IOS drops, crashes, network instability, or major behavioral differences.

Ignored Warning Message

When an ignored MPF feature is configured, the system issues a console
warning message for main physical interfaces and virtual templates. To
avoid console loading issues, a single warning message is issued only
for the first occurrence of the specific ignored feature for
subinterfaces (VLANs) and virtual accesses (sessions).
-------------------

Since the description says, the features will not be punted to the IOS
CPU, they will not be used at all (punt would be the slow path, which is
used for some other features that cannot be done in MPF).

kind regards,
Waltraud


Tassos Chatzithomaoglou wrote:
> We got the following error:
>
> %MPF-4-IGNOREDFEATURES: Interface Gi0/1: Input "NetFlow" configurations are not MPF supported and
> are IGNORED.
>
>
> Does this mean netflow won't be enabled at all or netflow will be enabled but won't get any benefit
> from MPF?
>
>
> Richard Licon (rlicon) wrote on 19/10/2005 12:37:
>
>
>>Hi Kristofer,
>>
>>Please see inline @ #RL ...
>>
>>-----Original Message-----
>>From: Kristofer Sigurdsson [mailto:kristo@ipf.is]
>>Sent: Wednesday, October 19, 2005 2:10 AM
>>To: Richard Licon (rlicon)
>>Cc: Dennis Peng (dpeng); Christian Schmit; cisco-bba@puck.nether.net
>>Subject: RE: [cisco-bba] LNS with 7200 with NPE-G1
>>
>>Hi,
>>
>>On Tue, 2005-10-18 at 14:43 -0700, Richard Licon (rlicon) wrote:
>>
>>
>>>As Dennis mentions, MPF might be a good fit here for this config,
>>>especially since the interfaces appear to be only ethernet.
>>>More can be found here:
>>>http://cisco.com/en/US/partner/products/sw/iosswrel/ps5413/products_fe
>>>at
>>>ure_guide09186a00804c2d31.html
>>
>>
>>A pretty informational document. However, a few questions:
>>
>>1. A ROMmon upgrade. How big a deal? Can one download the image somewhere on CCO? I seem to be unable to find it.
>>
>>#RL - A big deal if not done properly, but it's pretty straight forward procedure. One needs to purchase the MPF license.
>>
>>2. Price of the software. Last time I checked it was around USD $10,000?
>>#RL - Yes.
>>
>>3. Stability. Quoting the document, "The MPF image should not be used as a general purpose router image.". What does this mean? Is it not reliable enough?
>>
>>#RL - MPF should be used for "specific" configurations or applications. If a customer sees a fit for the accelerated features, then MPF makes sense. Customers can take advantage of the MPF software for high speed internet access with MPF providing the accelerated performance via CPU1 i.e, L2TP traffic with ACLs/uRPF/Policing configured and add value-added services to be switched by CPU0; i.e, per-user Firewall with CBAC.
>>"General purpose router image" meaning MPF software is not a swiss army knife type image.
>>
>>4. Restrictions. According to the document, MPF does not support MPLS. Does this mean if I'm using MPLS, I will get no acceleration, or just "less acceleration" (will other features still be accelerated?).
>>
>>#RL - Today, MPLS is not supported in the MPF images (-is- and -i12o3s), however VRF-lite is accelerated.
>>
>>What I'm looking for is really an acceleration on the data plane for customer's traffic.
>>
>>Is Cisco recommending the use of MPF in a live service provider network right now?
>>
>>#RL - We have customers using MPF in their production network.
>>
>>Thanks,
>>Richard
>>
>>Thanks,
>>Kristofer
>>
>
>

--
Waltraud Erber <werber@cisco.com> - Network Consulting Engineer
Cisco Systems Am Soeldnermoos 17, 85399 Hallbergmoos, Germany
Phone: +49 811 559 5301 Mobile: +49 171 861 4922
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: Re[2]: LNS with 7200 with NPE-G1 [ In reply to ]
dpeng at cisco
Oct 28, 2005, 5:20 PM
Post #20 of 20 (13750 views)
Permalink
Just to close on this issue on the alias, the high CPU in L2X Data
Daemon was resolved by removing the configuration "l2tp ip udp
checksum" and re-initiating the tunnels (necessary for the
configuration to take effect). Sending or receiving UDP checksums for
L2TP traffic will cause packets to be punted to process switching
where it is handled by the L2X Data Daemon process.

Dennis

Dennis Peng [dpeng@cisco.com] wrote:
> L2X Data Daemon would indicate that stuff is getting process
> switched. Separate vpdn-groups won't help in this case. What do your
> RADIUS profiles look like? RADIUS can pass down configurations which
> can cause problems (like Framed-Compression). Can you do a "show
> derived-config interface Virtual-Access X"?
>
> Dennis
>
> Christian Schmit [cschmit@vo.lu] wrote:
> >
> > Current IP traffic is as follows:
> >
> > 5 minute input rate 29094000 bits/sec, 6718 packets/sec
> > 5 minute output rate 29254000 bits/sec, 6702 packets/sec
> >
> > I noticed that in and out traffic are nearly the same
> > which is not what I expected for ADSL connections where
> > the max upstream is 192 kbit/s and max downstream is 3 Mbit/s.
> >
> > Regarding the CPU the "L2X Data Daemon" uses most. No other
> > process shown any significant CPU usage.
> >
> > sh proc cpu:
> > ------------
> > CPU utilization for five seconds: 13%/9%; one minute: 12%; five minutes: 12%
> > .
> > .
> > 14 4.55% 3.93% 3.96% 0 L2X Data Daemon
> >
> >
> > Regarding the L2TP setup I terminated the 4 LAC devices
> > from the telco in "vpdn-group 1". Would creating a
> > separate vpdn-group for each LAC be of any benefit?
> >
> > Currently I have:
> >
> > 7206VXR#sh vpdn tunnel
> >
> > L2TP Tunnel Information Total tunnels 4 sessions 207
> > LocID RemID Remote Name State Remote Address Port Sessions VPDN Group
> > 2999 12 LAC est xxxxxxxxxxxxx 1701 21 1
> > 55524 5516 LAC est xxxxxxxxxxxxx 1701 78 1
> > 29502 14 LAC est xxxxxxxxxxxxx 1701 53 1
> > 18896 82 LAC est xxxxxxxxxxxxx 1701 55 1
> > %No active L2F tunnels
> > %No active PPTP tunnels
> >
> >
> > Is there an IOS image supporting MPF that can be recommended in
> > a production environment for an LNS?
> >
> > Christian
> >
> >
> > DP> Your config is very basic, I don't see anything that would cause
> > DP> process switching or something detrimental to the CPU. How much
> > DP> traffic, in aggregate, are these 200 users pushing (bps and pps)? 16k
> > DP> sessions is a control-plane limitation, but if you have broadband
> > DP> traffic, you'll hit the data-plane limit much faster (16k is really
> > DP> for narrowband). MPF can greatly help improve data-plane performance.
> >
> > DP> Dennis
> >
> > DP> Christian Schmit [cschmit@vo.lu] wrote:
> > >>
> > >> We are currently running a test setup using a 7200/G1
> > >> device as LNS. The telco operates as LAC Juniper ERX
> > >> devices.
> > >>
> > >> Everything is working as expected but the CPU load
> > >> on the G1 is quite high. Having around 200 PPP sessions
> > >> on the LNS the CPU load is already at 11%. In other
> > >> words this would mean that around 2000 users would put
> > >> the box to 100% CPU usage which is very far away from
> > >> the advertised 16 000 broadband sessions for the G1.
> > >>
> > >> Running IP-Plus 12.3(16).
> > >>
> > >> Do I have a CPU killer in my config?
> > >>
> > >> Christian
> > >>
> > >>
> > >> My config:
> > >> -----------
> > >> version 12.3
> > >> service timestamps debug datetime msec
> > >> service timestamps log datetime msec
> > >> service password-encryption
> > >> no service dhcp
> > >> !
> > >> hostname LNS
> > >> !
> > >> boot-start-marker
> > >> boot-end-marker
> > >> !
> > >> enable password xxxxxxxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> clock timezone GMT 1
> > >> clock summer-time MET recurring last Sun Mar 3:00 last Sun Oct 3:00
> > >> aaa new-model
> > >> !
> > >> !
> > >> aaa authentication login default enable
> > >> aaa authentication ppp default group radius
> > >> aaa authorization network default group radius
> > >> aaa accounting delay-start
> > >> aaa accounting update periodic 240
> > >> aaa accounting network default start-stop group radius
> > >> aaa session-id common
> > >> ip subnet-zero
> > >> no ip source-route
> > >> !
> > >> !
> > >> ip cef
> > >> no ip domain lookup
> > >> ip name-server xxxxxxxxxxxx
> > >> ip name-server xxxxxxxxxxxx
> > >> !
> > >> vpdn enable
> > >> vpdn ip udp ignore checksum
> > >> !
> > >> vpdn-group 1
> > >> accept-dialin
> > >> protocol l2tp
> > >> virtual-template 1
> > >> terminate-from hostname LAC
> > >> lcp renegotiation on-mismatch
> > >> l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> interface Loopback0
> > >> ip address xxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> interface Loopback1
> > >> ip address xxxxxxxxxxxxxxxxxxxxx
> > >> !
> > >> interface GigabitEthernet0/1
> > >> description Connection to Vlan 13
> > >> ip address xxxxxxxxxxxxxxxxxxxx
> > >> ip ospf message-digest-key 10 md5 7 xxxxxxxxxxxxxxxxxx
> > >> duplex full
> > >> speed 1000
> > >> media-type rj45
> > >> no negotiation auto
> > >> !
> > >> interface GigabitEthernet0/2
> > >> no ip address
> > >> shutdown
> > >> duplex auto
> > >> speed auto
> > >> media-type rj45
> > >> negotiation auto
> > >> !
> > >> interface GigabitEthernet0/3
> > >> no ip address
> > >> shutdown
> > >> duplex auto
> > >> speed auto
> > >> media-type rj45
> > >> negotiation auto
> > >> !
> > >> interface Virtual-Template1
> > >> ip unnumbered Loopback1
> > >> ip tcp adjust-mss 1420
> > >> ip mroute-cache
> > >> peer default ip address pool VODSL
> > >> ppp mtu adaptive
> > >> ppp authentication pap chap
> > >> !
> > >> router ospf 101
> > >> log-adjacency-changes
> > >> area 0 authentication message-digest
> > >> summary-address xxxxxxxxxxxxxxxxxxxx
> > >> summary-address xxxxxxxxxxxxxxxxxxxxx
> > >> redistribute connected subnets
> > >> redistribute static subnets
> > >> passive-interface Virtual-Template1
> > >> network xxxxxxxxxxxxxxxxxxx area 0
> > >> network xxxxxxxxxxxxxxxxxxx area 0
> > >> !
> > >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> > >> ip local pool VODSL xxxxxxxxxxxxxxxxxxxx
> > >> ip classless
> > >> ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxxx
> > >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> > >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> > >> ip route xxxxxxxxxxxxxxxxxxxxxxxxx Loopback0 10
> > >> no ip http server
> > >> !
> > >> !
> > >> access-list 1 permit xxxxxxxxxxxxxxxxx
> > >> access-list 1 deny any
> > >> access-list 50 permit xxxxxxxxxxxxxxxx
> > >> access-list 50 deny any
> > >> no cdp run
> > >> !
> > >> snmp-server community xxxxxxxxxxxxxxxxx RW 1
> > >> !
> > >> radius-server attribute nas-port format d
> > >> radius-server host xxxxxxxxxx auth-port 1645 acct-port 1646 key 7 xxxxx
> > >>
> > >> radius-server domain-stripping
> > >> radius-server unique-ident 3
> > >> radius-server vsa send accounting
> > >> !
> > >> !
> > >> gatekeeper
> > >> shutdown
> > >> !
> > >> line con 0
> > >> stopbits 1
> > >> line aux 0
> > >> stopbits 1
> > >> line vty 0 4
> > >> access-class 50 in
> > >> !
> > >> ntp clock-period 17180061
> > >> ntp server xxxxxxxxxxxx
> > >> ntp server xxxxxxxxxxxx
> > >> !
> > >> end
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> cisco-bba mailing list
> > >> cisco-bba@puck.nether.net
> > >> https://puck.nether.net/mailman/listinfo/cisco-bba
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal