Mailing List Archive

There aren't any other people on this listserv using an external DHCP server
to hand out IPs for PPPoA/E customers?

Frank

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Frank Bulk
Sent: Wednesday, October 17, 2007 10:56 PM
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] External DHCP server doesn't work well for PPPoX
customer on Cisco 7206VXR when DHCP address pool constrained


It's the third time this has happened to me, so perhaps someone has heard of
this before.

When our DHCP pool (on an external DHCP server) gets close to 90% we start
encountering IP address conflicts on our BRAS (Cisco 7206VXR) and PPPoA
clients start failing. Because I use the "ppp ipcp unique-address" in my
Virtual-Template I never can have two of the same IP addresses at the same
time.

The external DHCP server starts handing out IP addresses to PPPoA clients
even though those IP addresses are still active on the BRAS. The obvious
question is why the DHCP server is doing that, and I believe it's because it
thinks the previous lease had expired. If I look at the dhcpd.leases file,
almost every time I've checked it's past the 3 day default least time. The
DHCP server is only using recently "expired" IP addresses because the
selection of free IP addresses is so limited. Normally it would use an IP
address that had been expired a log time ago, or an IP that has never been
used.

Is it possible that some PPPoA clients aren't renewing (via IPCP) as they
ought to? Or is that the BRAS' responsibility to manage that DHCP renewal?
My default lease time is 3 days, and maximum lease time is 6 days. Is it
possible that some PPPoA, or the BRAS, is taking advantage of the maximum
lease time and not renewing until 6 days, while the DHCP server will reuse,
in scarce conditions, those lease that are more than 3 days? Should I be
setting my maximum lease time equivalent to default lease time?

Here's some example output from "show dhcp lease"

Temp IP addr: 66.43.x.y for peer on Interface: Virtual-Access1571
Temp sub net mask: 255.255.255.0
DHCP Lease server: a.b.c.d, state: 3 Bound
DHCP transaction id: D98BA
Lease: 259200 secs, Renewal: 129600 secs, Rebind: 226800 secs
Next timer fires after: 1d11h
Retry count: 0 Client-ID: bviper

The way we temporarily work around this is to identify what IP address the
failing client wants, and then find the live client that is using that IP
address and clearing out it's Virtual-Interface, allowing the failing client
to get in. The live client then reconnects within a few seconds and gets a
different IP from the DHCP server. What's challenging is that this can be
recursive, up to a dozen times, until all the discrepancies are worked out.
Long term we get more IPs which gives the external DHCP server a larger
selection which means it doesn't have to use recently "expired" leases.

I'm running c7200-is-mz.122-26.bin.

Kind regards,

Frank

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Frank Bulk wrote:
> There aren't any other people on this listserv using an external DHCP server
> to hand out IPs for PPPoA/E customers?


Maybe, but probably not many as there is no real benefit to do so. Why
rely on something externally that the router can handle either by itself
or via the RADIUS server?

--
Robert Blayzor
INOC
rblayzor@inoc.net
http://www.inoc.net/~rblayzor/

FreeBSD, Putting the 'Operating' back into OS!
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Well, there is some benefit, but I'll admit that I debated it myself. By
using an external DHCP server the help desk person manage all my DHCP pools
from one user interface. He's not familiar with Cisco gear, but now he can
manage the space for BWA, CM, eMTAs, IP TV, and DSL.

Using an external DHCP server also allows me to log DHCP traffic and
requests. When I get an abuse report about a certain IP address I can use
the dhcpd.leases file (I keep some history) to identify the source of the
abuse (the username is in the uid).

Regards,

Frank

-----Original Message-----
From: Robert Blayzor [mailto:rblayzor@inoc.net]
Sent: Saturday, October 20, 2007 3:55 PM
To: frnkblk@iname.com
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] External DHCP server doesn't work well for PPPoX
customer on Cisco 7206VXR when DHCP address pool constrained

Frank Bulk wrote:
> There aren't any other people on this listserv using an external DHCP
server
> to hand out IPs for PPPoA/E customers?

Maybe, but probably not many as there is no real benefit to do so. Why
rely on something externally that the router can handle either by itself
or via the RADIUS server?

--
Robert Blayzor
INOC
rblayzor@inoc.net
http://www.inoc.net/~rblayzor/

FreeBSD, Putting the 'Operating' back into OS!

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Frank Bulk wrote:
> Well, there is some benefit, but I'll admit that I debated it myself. By
> using an external DHCP server the help desk person manage all my DHCP pools
> from one user interface. He's not familiar with Cisco gear, but now he can
> manage the space for BWA, CM, eMTAs, IP TV, and DSL.

The same thing can be done with RADIUS VSA's and pre-configured pools in
the router.

> Using an external DHCP server also allows me to log DHCP traffic and
> requests. When I get an abuse report about a certain IP address I can use
> the dhcpd.leases file (I keep some history) to identify the source of the
> abuse (the username is in the uid).

The same can be done with RADIUS accounting packets.

--
Robert Blayzor
INOC
rblayzor@inoc.net
http://www.inoc.net/~rblayzor/

The opinions expressed herein are not necessarily those of my employer,
not necessarily mine, and probably not necessary.
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Agreed. Except what you described is a different scheme than the other
technologies I listed, and the primary reason I moved DHCP off the BRAS was
to converge a point of management.

If I was only a DSL shop I'm pretty sure I would be using the internal DHCP
server. In fact, for my dialup users I do pretty much you've described.

Frank

-----Original Message-----
From: Robert Blayzor [mailto:rblayzor@inoc.net]
Sent: Sunday, October 21, 2007 1:19 AM
To: frnkblk@iname.com
Cc: cisco-bba@puck.nether.net
Subject: Re: [cisco-bba] External DHCP server doesn't work well for PPPoX
customer on Cisco 7206VXR when DHCP address pool constrained

Frank Bulk wrote:
> Well, there is some benefit, but I'll admit that I debated it myself. By
> using an external DHCP server the help desk person manage all my DHCP
pools
> from one user interface. He's not familiar with Cisco gear, but now he
can
> manage the space for BWA, CM, eMTAs, IP TV, and DSL.

The same thing can be done with RADIUS VSA's and pre-configured pools in
the router.

> Using an external DHCP server also allows me to log DHCP traffic and
> requests. When I get an abuse report about a certain IP address I can use
> the dhcpd.leases file (I keep some history) to identify the source of the
> abuse (the username is in the uid).

The same can be done with RADIUS accounting packets.

--
Robert Blayzor
INOC
rblayzor@inoc.net
http://www.inoc.net/~rblayzor/

The opinions expressed herein are not necessarily those of my employer,
not necessarily mine, and probably not necessary.

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba