02-10-2015 04:22 AM
Hello,
I am currently setting up bng on 9k with l2-connected subscribers, session is initiated on receipt of dhcp packet. Everything works fine up to the point where asr 9k dhcp proxy has to send ACK to the DCHP request that client send after it gets OFFER from 9k. here are some configs, debugs and shows:
dhcp ipv4 profile PROXY proxy lease proxy client-lease-time XXX class ONE helper-address vrf default XXXX giaddr XXXX ! relay information option relay information policy replace relay information option remote-id 300 relay information option allow-untrusted ! interface TenGigE0/1/0/0.XXX proxy profile PROXY policy-map type control subscriber SUB event session-start match-first class type control subscriber class-default do-all 10 authorize aaa list default identifier source-address-mac password cisco ! class type control subscriber DHCP do-all 10 authorize aaa list default identifier source-address-mac password cisco ! ! end-policy-map interface TenGigE0/1/0/0.XXX ipv4 point-to-point ipv4 address XXXX XXXX arp learning disable service-policy type control subscriber SUB encapsulation dot1q XXX ipsubscriber ipv4 l2-connected initiator dhcp
debug dhcp ipv4 proxy
LC/0/1/CPU0:Feb 9 13:01:27.163 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_DISCOVER state INIT LC/0/1/CPU0:Feb 9 13:01:27.163 : dhcpd[158]: DHCPD PROXY: TP1903: Process packet event in INIT state called for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:01:27.180 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event DPM_SUCCESS state INIT_DPM_WAIT LC/0/1/CPU0:Feb 9 13:01:27.180 : dhcpd[158]: DHCPD PROXY: TP1917: Process client request called for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:01:27.184 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_OFFER state SELECTING LC/0/1/CPU0:Feb 9 13:01:27.184 : dhcpd[158]: DHCPD PROXY: TP1918: Process server reply called for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:01:27.184 : dhcpd[158]: DHCPD PROXY: TP2371: Process OFFER for chaddr 1803.7396.4aae - successful LC/0/1/CPU0:Feb 9 13:01:29.281 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_DISCOVER state OFFER_SENT LC/0/1/CPU0:Feb 9 13:01:29.281 : dhcpd[158]: DHCPD PROXY: TP1917: Process client request called for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:01:29.285 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_OFFER state SELECTING LC/0/1/CPU0:Feb 9 13:01:29.285 : dhcpd[158]: DHCPD PROXY: TP1918: Process server reply called for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:01:29.286 : dhcpd[158]: DHCPD PROXY: TP2371: Process OFFER for chaddr 1803.7396.4aae - successful LC/0/1/CPU0:Feb 9 13:01:32.289 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_REQUEST state OFFER_SENT LC/0/1/CPU0:Feb 9 13:01:32.289 : dhcpd[158]: DHCPD PROXY: TP3412: Stored option 55 response cleared LC/0/1/CPU0:Feb 9 13:01:32.290 : dhcpd[158]: DHCPD PROXY: TP1917: Process client request called for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:01:32.293 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event PACKET_ACK state REQUESTING
this is point where it gets stuck until it expires at this point session is coming UP access-accept is already received and processed successfully.
LC/0/1/CPU0:Feb 9 13:02:32.293 : dhcpd[158]: DHCPD PROXY: TP1955: FSM called for chaddr 1803.7396.4aae with event LEASE_EXPIRE state ACK_DPM_WAIT LC/0/1/CPU0:Feb 9 13:02:32.293 : dhcpd[158]: DHCPD PROXY: TP2805: Client delete called for chaddr 1803.7396.4aae due to reason Client lease expired LC/0/1/CPU0:Feb 9 13:02:32.293 : dhcpd[158]: DHCPD PROXY: TP2821: Client delete called for chaddr 1803.7396.4aae due to reason Client lease expired but DPM in progress, queue on DLC LC/0/1/CPU0:Feb 9 13:02:32.293 : dhcpd[158]: DHCPD PROXY ERROR: TP1518: Lease Expire failed for chaddr 1803.7396.4aae LC/0/1/CPU0:Feb 9 13:02:32.293 : dhcpd[158]: DHCPD PROXY ERROR: TP3647: FSM call returned error for chaddr_string: 1803.7396.4aae, msg_type:0, mode: 4, event: 4
here it end after expiring and session fails to come up.
Any help is appreciated IOS XR version is 5.2.2. I'll gladly provide any detail needed.
I was using this http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-2/bng/configuration/guide/b-bng-cg52xasr9k.html
and this https://supportforums.cisco.com/document/77526/asr9000-bng-training-guide-setting-pppoe-and-ipoe-sessions
as a guide also few other docs from xander.
Solved! Go to Solution.
02-18-2015 08:39 AM
the access-interface in your case
TenGigE0/1/0/0.XXX
needs to have an ip address or needs to be unnumbered to a loopback in order to enable IP on the interface so that an incoming DHCP request is not dropped because of reason "ip not enabled". this address can really be ANY address, as long as IP is enabled that part is happy.
Then when the subscriber is created, we create a new interface off the base interface with a .ip<#> suffix, since this is a new interface it needs to have a local address, in this case we want to be unnumbered to something because:
1) we want to be able to reuse that interface multiple times for multiple subscribers
2) it serves as the gateway address for the subscriber.
So the unnumbered from the template OR passed by radius needs to serve the subnet in the range that you're allocating adds from to the sub.
xander
02-10-2015 05:23 AM
Solution bng needs to know interface on which to operate of sorts....
So either telling it with
dynamic template type ipsubscriber SUB
ipv4 unnumbered lo0
or you can tell it with radius ipv4:ipv4-unnumbered=Loopback0
I do not understand the logic of this since the phy interface or bundle already had IP address.
But it works and the client receives the ACk and IP address is BOUND and session is UP.
02-18-2015 08:39 AM
the access-interface in your case
TenGigE0/1/0/0.XXX
needs to have an ip address or needs to be unnumbered to a loopback in order to enable IP on the interface so that an incoming DHCP request is not dropped because of reason "ip not enabled". this address can really be ANY address, as long as IP is enabled that part is happy.
Then when the subscriber is created, we create a new interface off the base interface with a .ip<#> suffix, since this is a new interface it needs to have a local address, in this case we want to be unnumbered to something because:
1) we want to be able to reuse that interface multiple times for multiple subscribers
2) it serves as the gateway address for the subscriber.
So the unnumbered from the template OR passed by radius needs to serve the subnet in the range that you're allocating adds from to the sub.
xander
02-18-2015 10:10 AM
Thank you for clarification.
As you can see from config snippet interface has ip address assigned, but it still didn't work untill I put unnumbered either in dynamic-template or in AV pair. So i guess it MUST be unnumbered?
02-18-2015 10:38 AM
yeah your address configuration was on the access interface in this config section, and that merely enables the ip routing on that interface to consume the dhcp discover.
separately from that you need the unnumbered either on the template (if activated via the control policy) or passed from radius.
the unnumbered instead of static assignment is key simply because this address is "reused" by all subscriber interfaces leveraging that same pool, hence unnumbered is must to allow multiple "local" interface reusing the same address. unnumbered on bcast media (such as ethernet) is then key as opposed to static assignment.
This is similar to the virtual-template ip unnumbered btw.
In that facinity IOS virtual-template is equivalent to XR dynamic template.
xander
02-18-2015 10:43 AM
I had a rough idea of how and why it worked. You made it clear and consice. Thank you very much :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide