Mailing List Archive

Not really, the same principles apply, seeing as you are using vrf's are
you planning on running MP-BGP with MPLS for this? in my experience
EIGRP seems to integrate the nicest out of all the IGP's into this
scenario, but anything will work with proper design.

Also if you plan to run QoS on your L2TP ppp sessions then you will
probably want to look at enabling multilink ppp, last I checked(12.4(18)
7206) this was still required in order to get QoS to work effectively,
without it no shaping would occur on the virtual-access(on the lns), I
really wish they would fix that up...


Jose Bejarano wrote:
> Hi,
>
> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
> Customers are then terminating these sessions in a VRF using Radius attributes.
> Now we are planning to introduce dynamic routing functionality: RIP,OSPF,BGP...
> Any info/experiences/ideas/tips with using routing protocols over L2TP ?
>
> Thanks in advance,
> Jose
>

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Ben,

Not sure why you really need multilink PPP for shaping to work on
virtual-access PPP sessions...

Take a look at "Per-Session QoS", which is supported since 12.2(28)SB
http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbbbrs1b.html

Arie

On Sat, Jul 12, 2008 at 1:05 AM, Ben Steele <ben@internode.com.au> wrote:

> Not really, the same principles apply, seeing as you are using vrf's are
> you planning on running MP-BGP with MPLS for this? in my experience EIGRP
> seems to integrate the nicest out of all the IGP's into this scenario, but
> anything will work with proper design.
>
> Also if you plan to run QoS on your L2TP ppp sessions then you will
> probably want to look at enabling multilink ppp, last I checked(12.4(18)
> 7206) this was still required in order to get QoS to work effectively,
> without it no shaping would occur on the virtual-access(on the lns), I
> really wish they would fix that up...
>
>
> Jose Bejarano wrote:
>
>> Hi,
>>
>> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
>> Customers are then terminating these sessions in a VRF using Radius
>> attributes.
>> Now we are planning to introduce dynamic routing functionality:
>> RIP,OSPF,BGP...
>> Any info/experiences/ideas/tips with using routing protocols over L2TP ?
>>
>> Thanks in advance,
>> Jose
>>
>>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

Hi Arie,

I've read that document quite a few times in the past trying to solve
this :) about the only difference I do is I use the "legacy" av pair
according to the docco, although im sure I tried the sub-qos-policy
way too with no difference.

Essentially I create the child CBWFQ policy I then create a parent
policy with a shape average percent and then the child service policy
under it, the PPP user is assigned a bandwidth and service policy via
RADIUS through authentication, I am able to replicate time after time
that saturating the link with the shape average percent set well below
the full capacity will only show a "shaping active - yes" when ppp
multilink is used.

I've tried this on 1760/2801/7401/720x with various flavours of IOS in
between, is there anything obvious you think I could be missing here,
given it works absolutely beautiful with ppp multilink and not so
beautiful without it, worth noting that the CBWFQ classes will still
match without ppp multilink but the QoS is ineffective given the lack
of artificial bandwidth restraint on the ppp session.

Cheers

Ben

On 13/07/2008, at 1:11 AM, Arie Vayner wrote:

> Ben,
>
> Not sure why you really need multilink PPP for shaping to work on
> virtual-access PPP sessions...
>
> Take a look at "Per-Session QoS", which is supported since 12.2(28)SB
> http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbbbrs1b.html
>
> Arie
>
> On Sat, Jul 12, 2008 at 1:05 AM, Ben Steele <ben@internode.com.au>
> wrote:
> Not really, the same principles apply, seeing as you are using vrf's
> are you planning on running MP-BGP with MPLS for this? in my
> experience EIGRP seems to integrate the nicest out of all the IGP's
> into this scenario, but anything will work with proper design.
>
> Also if you plan to run QoS on your L2TP ppp sessions then you will
> probably want to look at enabling multilink ppp, last I
> checked(12.4(18) 7206) this was still required in order to get QoS
> to work effectively, without it no shaping would occur on the
> virtual-access(on the lns), I really wish they would fix that up...
>
>
>
> Jose Bejarano wrote:
> Hi,
>
> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
> Customers are then terminating these sessions in a VRF using Radius
> attributes.
> Now we are planning to introduce dynamic routing functionality:
> RIP,OSPF,BGP...
> Any info/experiences/ideas/tips with using routing protocols over
> L2TP ?
>
> Thanks in advance,
> Jose
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

Hi Arie,

thanks, yeap, using a routing protocol between the LNS and CPE, users
are then entering the L3 MPLS/VPN (using vrf Radius attributes). The
idea is to improve convergence and backup functions
adding a routing protocol. Unfortunately there is no much info about.
QoS LNS<--->CPE is of course another big issue and we are thinking to
use per-session QoS using Radius...
Any experience would be appreciated !

Cheers,
Jose



Am 11.07.2008 um 19:56 schrieb Arie Vayner:

> Jose,
>
> Are you asking about using a routing protocol between the LNS and
> the remote user's CPE, or are you talking about redistributing the
> addresses assigned to the PPP session (either the /32 or a static
> route) into the VPN?
>
> Arie
>
> On Fri, Jul 11, 2008 at 5:57 PM, Jose Bejarano
> <Jose.Bejarano@gmx.net> wrote:
> Hi,
>
> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
> Customers are then terminating these sessions in a VRF using Radius
> attributes.
> Now we are planning to introduce dynamic routing functionality:
> RIP,OSPF,BGP...
> Any info/experiences/ideas/tips with using routing protocols over
> L2TP ?
>
> Thanks in advance,
> Jose
> --
> GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
> Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx
> _______________________________________________
> cisco-bba mailing list
>> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

Jose,

I would suggest thinking about other means of implementing what you need
instead of a routing protocol between the CPE and the LNS.
The scalability of routing protocols is not really at the same level as the
number of PPP sessions per LNS (which may be 1000's).

Are you aware of the option to download static route entries from RADIUS as
part of the user's profile? This would allow you to basically get the same
static route on any LNS the user connects to. If they have a failure, and
the PPP session goes down, the route would be also withdrawn, and then
readvertised from the backup connection.
The backup could be another dynamic PPP session (using the same mechanism)
or could be a floating route with a lower preference metric (or higher...
depends on how implemented).

Take a look here:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

You should be looking for the 'cisco-avpair = "ip:route=' examples.

Would this work, or am I missing some critical part of the design?

Arie

On Sun, Jul 13, 2008 at 11:57 AM, Jose Bejarano <Jose.Bejarano@gmx.net>
wrote:

> Hi Arie,
>
> thanks, yeap, using a routing protocol between the LNS and CPE, users are
> then entering the L3 MPLS/VPN (using vrf Radius attributes). The idea is to
> improve convergence and backup functions
> adding a routing protocol. Unfortunately there is no much info about. QoS
> LNS<--->CPE is of course another big issue and we are thinking to use
> per-session QoS using Radius...
> Any experience would be appreciated !
>
> Cheers,
> Jose
>
>
>
> Am 11.07.2008 um 19:56 schrieb Arie Vayner:
>
> Jose,
>
> Are you asking about using a routing protocol between the LNS and the
> remote user's CPE, or are you talking about redistributing the addresses
> assigned to the PPP session (either the /32 or a static route) into the VPN?
>
> Arie
>
> On Fri, Jul 11, 2008 at 5:57 PM, Jose Bejarano <Jose.Bejarano@gmx.net>
> wrote:
>
>> Hi,
>>
>> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
>> Customers are then terminating these sessions in a VRF using Radius
>> attributes.
>> Now we are planning to introduce dynamic routing functionality:
>> RIP,OSPF,BGP...
>> Any info/experiences/ideas/tips with using routing protocols over L2TP ?
>>
>> Thanks in advance,
>> Jose
>> --
>> GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
>> Jetzt dabei sein:
>> http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx
>> _______________________________________________
>> cisco-bba mailing list
>>
>> cisco-bba@puck.nether.net
>>
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>>
>
>
>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>

Hi Arie,

Thanks for the info!
Our customers are still complaining that in some scenarios the backup function doesnt work:
ISDN + FSR and /or another PPP session using in both cases a separate cisco router.
We are already downloading static routes using Radius cisco AV-Pairs "Framed-Route" + "Framed-IP"
Is there any difference using 'cisco-avpair = "ip:route=' ?
We are still thinking that routing functionality would improve the overall performance but scalability
is an issue here. Any other options ?

Thanks again,
Jose

-------- Original-Nachricht --------
> Datum: Sun, 13 Jul 2008 14:07:50 +0300
> Von: "Arie Vayner" <ariev@vayner.net>
> An: "Jose Bejarano" <Jose.Bejarano@gmx.net>
> CC: cisco-bba@puck.nether.net
> Betreff: Re: [cisco-bba] Dynamic routing over L2TP LNS

> Jose,
>
> I would suggest thinking about other means of implementing what you need
> instead of a routing protocol between the CPE and the LNS.
> The scalability of routing protocols is not really at the same level as
> the
> number of PPP sessions per LNS (which may be 1000's).
>
> Are you aware of the option to download static route entries from RADIUS
> as
> part of the user's profile? This would allow you to basically get the same
> static route on any LNS the user connects to. If they have a failure, and
> the PPP session goes down, the route would be also withdrawn, and then
> readvertised from the backup connection.
> The backup could be another dynamic PPP session (using the same mechanism)
> or could be a floating route with a lower preference metric (or higher...
> depends on how implemented).
>
> Take a look here:
> http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html
>
> You should be looking for the 'cisco-avpair = "ip:route=' examples.
>
> Would this work, or am I missing some critical part of the design?
>
> Arie
>
> On Sun, Jul 13, 2008 at 11:57 AM, Jose Bejarano <Jose.Bejarano@gmx.net>
> wrote:
>
> > Hi Arie,
> >
> > thanks, yeap, using a routing protocol between the LNS and CPE, users
> are
> > then entering the L3 MPLS/VPN (using vrf Radius attributes). The idea is
> to
> > improve convergence and backup functions
> > adding a routing protocol. Unfortunately there is no much info about.
> QoS
> > LNS<--->CPE is of course another big issue and we are thinking to use
> > per-session QoS using Radius...
> > Any experience would be appreciated !
> >
> > Cheers,
> > Jose
> >
> >
> >
> > Am 11.07.2008 um 19:56 schrieb Arie Vayner:
> >
> > Jose,
> >
> > Are you asking about using a routing protocol between the LNS and the
> > remote user's CPE, or are you talking about redistributing the addresses
> > assigned to the PPP session (either the /32 or a static route) into the
> VPN?
> >
> > Arie
> >
> > On Fri, Jul 11, 2008 at 5:57 PM, Jose Bejarano <Jose.Bejarano@gmx.net>
> > wrote:
> >
> >> Hi,
> >>
> >> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
> >> Customers are then terminating these sessions in a VRF using Radius
> >> attributes.
> >> Now we are planning to introduce dynamic routing functionality:
> >> RIP,OSPF,BGP...
> >> Any info/experiences/ideas/tips with using routing protocols over L2TP
> ?
> >>
> >> Thanks in advance,
> >> Jose
> >> --
> >> GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
> >> Jetzt dabei sein:
> >> http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx
> >> _______________________________________________
> >> cisco-bba mailing list
> >>
> >> cisco-bba@puck.nether.net
> >>
> >> https://puck.nether.net/mailman/listinfo/cisco-bba
> >>
> >
> >
> >
> > _______________________________________________
> > cisco-bba mailing list
> > cisco-bba@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-bba
> >

--
Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine für Alle: http://www.gmx.net/de/go/messenger03
_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

Jose,

The ip:route= attribute is more or less the same as the Framed-Route option,
but allows some more tricks, such as adding a "tag XXX" at the end of the
command, and then using this tag as a match criteria for redistribution into
some other routing protocol.

In general, running a routing protocol with many peers from a router would
reduce the scalability, as you would introducing another cpu hungry
process... If you have many peers, and you tune down the hello timers, you
may affect the CPU load of the device.

Arie

On Wed, Jul 16, 2008 at 7:16 PM, Jose Bejarano <Jose.Bejarano@gmx.net>
wrote:

> Hi Arie,
>
> Thanks for the info!
> Our customers are still complaining that in some scenarios the backup
> function doesnt work:
> ISDN + FSR and /or another PPP session using in both cases a separate cisco
> router.
> We are already downloading static routes using Radius cisco AV-Pairs
> "Framed-Route" + "Framed-IP"
> Is there any difference using 'cisco-avpair = "ip:route=' ?
> We are still thinking that routing functionality would improve the overall
> performance but scalability
> is an issue here. Any other options ?
>
> Thanks again,
> Jose
>
> -------- Original-Nachricht --------
> > Datum: Sun, 13 Jul 2008 14:07:50 +0300
> > Von: "Arie Vayner" <ariev@vayner.net>
> > An: "Jose Bejarano" <Jose.Bejarano@gmx.net>
> > CC: cisco-bba@puck.nether.net
> > Betreff: Re: [cisco-bba] Dynamic routing over L2TP LNS
>
> > Jose,
> >
> > I would suggest thinking about other means of implementing what you need
> > instead of a routing protocol between the CPE and the LNS.
> > The scalability of routing protocols is not really at the same level as
> > the
> > number of PPP sessions per LNS (which may be 1000's).
> >
> > Are you aware of the option to download static route entries from RADIUS
> > as
> > part of the user's profile? This would allow you to basically get the
> same
> > static route on any LNS the user connects to. If they have a failure, and
> > the PPP session goes down, the route would be also withdrawn, and then
> > readvertised from the backup connection.
> > The backup could be another dynamic PPP session (using the same
> mechanism)
> > or could be a floating route with a lower preference metric (or higher...
> > depends on how implemented).
> >
> > Take a look here:
> >
> http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html
> >
> > You should be looking for the 'cisco-avpair = "ip:route=' examples.
> >
> > Would this work, or am I missing some critical part of the design?
> >
> > Arie
> >
> > On Sun, Jul 13, 2008 at 11:57 AM, Jose Bejarano <Jose.Bejarano@gmx.net>
> > wrote:
> >
> > > Hi Arie,
> > >
> > > thanks, yeap, using a routing protocol between the LNS and CPE, users
> > are
> > > then entering the L3 MPLS/VPN (using vrf Radius attributes). The idea
> is
> > to
> > > improve convergence and backup functions
> > > adding a routing protocol. Unfortunately there is no much info about.
> > QoS
> > > LNS<--->CPE is of course another big issue and we are thinking to use
> > > per-session QoS using Radius...
> > > Any experience would be appreciated !
> > >
> > > Cheers,
> > > Jose
> > >
> > >
> > >
> > > Am 11.07.2008 um 19:56 schrieb Arie Vayner:
> > >
> > > Jose,
> > >
> > > Are you asking about using a routing protocol between the LNS and the
> > > remote user's CPE, or are you talking about redistributing the
> addresses
> > > assigned to the PPP session (either the /32 or a static route) into the
> > VPN?
> > >
> > > Arie
> > >
> > > On Fri, Jul 11, 2008 at 5:57 PM, Jose Bejarano <Jose.Bejarano@gmx.net>
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> we are terminating via L2TP our PPPoE users on a 7206vxr with npe-g1.
> > >> Customers are then terminating these sessions in a VRF using Radius
> > >> attributes.
> > >> Now we are planning to introduce dynamic routing functionality:
> > >> RIP,OSPF,BGP...
> > >> Any info/experiences/ideas/tips with using routing protocols over L2TP
> > ?
> > >>
> > >> Thanks in advance,
> > >> Jose
> > >> --
> > >> GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen!
> > >> Jetzt dabei sein:
> > >> http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx
> > >> _______________________________________________
> > >> cisco-bba mailing list
> > >>
> > >> cisco-bba@puck.nether.net
> > >>
> > >> https://puck.nether.net/mailman/listinfo/cisco-bba
> > >>
> > >
> > >
> > >
> > > _______________________________________________
> > > cisco-bba mailing list
> > > cisco-bba@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-bba
> > >
>
> --
> Psssst! Schon das coole Video vom GMX MultiMessenger gesehen?
> Der Eine für Alle: http://www.gmx.net/de/go/messenger03
>