Table Of Contents
Configuring L2TP HA Session SSO/ISSU on a LAC/LNS
Prerequisites for L2TP HA Session SSO/ISSU on a LAC/LNS
Information About L2TP HA Session SSO/ISSU on a LAC/LNS
How to Configure L2TP HA Session SSO/ISSU on a LAC/LNS
Configuring SSO on a Route Processor
Configuring Global L2TP HA SSO Mode
Configuring VPDN Group-Specific L2TP HA SSO Mode
Controlling Packet Resynchronization for L2TP HA
Verifying the Checkpoint Status of L2TP HA Sessions
Verifying the Checkpoint Status of VPDN Sessions
Configuring Debugging for L2TP or VPDN Redundancy Sessions
Configuration Examples for L2TP HA Session SSO/ISSU on a LAC/LNS
Configuring SSO on a Route Processor: Example
Configuring L2TP High Availability: Example
Displaying L2TP Checkpoint Status: Examples
Displaying L2TP Redundancy Information: Example
Displaying L2TP Redundancy Detail Information: Example
Displaying All L2TP Redundancy Information: Example
Displaying L2TP Redundancy ID Information: Example
Displaying L2TP Redundancy Detail ID Information: Example
Feature Information for L2TP HA Session SSO/ISSU on a LAC/LNS
Configuring L2TP HA Session SSO/ISSU on a LAC/LNS
First Published: September. 22, 2008Last Updated: September. 22, 2008The L2TP HA Session SSO/ISSU on a LAC/LNS feature provides a generic stateful switchover/In Service Software Upgrade (SSO/ISSU) mechanism for Layer 2 Tunneling Protocol (L2TP) on a Layer 2 Access Concentrator (LAC) and a Layer 2 Network Server (LNS). This feature preserves all fully established PPP and L2TP sessions during an SSO switchover or an ISSU upgrade or downgrade.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for L2TP HA Session SSO/ISSU on a LAC/LNS" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for L2TP HA Session SSO/ISSU on a LAC/LNS
•
•
•
•
Prerequisites for L2TP HA Session SSO/ISSU on a LAC/LNS
Before you can provide for the L2TP HA Session SSO/ISSU on a LAC/LNS feature, you must:
•
•
•
Information About L2TP HA Session SSO/ISSU on a LAC/LNS
To implement L2TP HA Session SSO/ISSU on a LAC/LNS feature, you need to understand the following concepts:
Stateful Switchover
Development of the stateful switchover (SSO) feature is an incremental step within an overall program to improve the availability of networks constructed with Cisco IOS routers.
In specific Cisco networking devices that support dual RPs, stateful switchover takes advantage of Route Processor (RP) redundancy to increase network availability. The feature establishes one of the RPs as the active processor and designating the other RP as the standby processor, and then synchronizing critical state information between them. Following an initial synchronization between the two processors, SSO dynamically maintains RP state information between them.
A switchover from the active to the standby processor occurs when the active RP fails, is removed from the networking device, or is manually taken down for maintenance.
SSO is particularly useful at the network edgeSSO provides protection for network edge devices with dual RPs that represent a single point of failure in the network design, and where an outage might result in loss of service for customers.
For complete information of SSO on Cisco IOS routers, see the Stateful Switchover module in the Cisco IOS High Availability Configuration Guide.
Checkpointing Data
SSO always checkpointing or saving and resynchronizing client-specific state data that transfers to a peer client on a remote RP for HA switchover and on the local RP for ION restart. Once a valid checkpointing session is established, the checkpointed state data is established without error.
How to Configure L2TP HA Session SSO/ISSU on a LAC/LNS
You can configure L2TP HA globally using the l2tp sso enable command. You can also configure L2TP HA sessions for a specific VPDN group by using the sso enable command in VPDN group configuration mode. Both global and VPDN group L2TP HA sessions are enabled, by default. You must configure both the l2tp sso enable command and the sso enable command for VPDN groups for protocol L2TP to execute L2TP HA session functionality.
Global and VPDN group-specific L2TP HA sessions are hidden from the output of the show running-config command, because they are enabled by default. If you use the no l2tp sso enable command, the HA commands will display as NVGEN and appear in the output of the show running-config command.
This section contains the following procedures:
•
•
•
•
•
•
•
Configuring SSO on a Route Processor
Cisco series Internet routers operate in SSO mode by default after reloading the same version of SSO-aware images on the device.
Before you can use SSO, use must enable SSO on an RP. This task explains how to use the redundancy command to enable SSO on an RP. This task ensures that all redundancy session data, following a SSO, is used to re-create and reestablishes existing sessions to their peer connections.
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Configuring Global L2TP HA SSO Mode
Cisco series Internet routers operate in L2TP HA SSO mode by default after reloading the same version of SSO-aware images on the device. No configuration is necessary to enable L2TP HA SSO sessions.
The following procedure shows how to use the l2tp sso enable command to enable or disable HA globally. The l2tp sso enable command is enabled by default.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Configuring VPDN Group-Specific L2TP HA SSO Mode
The following procedure shows how to use the l2tp sso enable and sso enable commands to enable or disable high availability (HA) for a VPDN group. For HA functionality for a VPDN group, both the l2tp sso enable and sso enable commands must be enabled (default). If either command is disabled, no HA functionality is available for the VPDN group.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Controlling Packet Resynchronization for L2TP HA
After a SSO switchover, L2TP HA determines the sequence numbers used by L2TP peers. Determining sequence numbers can be time consuming, if peers send a large number of unacknowledged messages. You can use the l2tp tunnel resync command to control the number of unacknowledged messages sent by a peer. Increasing the value of the number of packets can improve the session setup rate for L2TP HA tunnels with a large number of sessions.
Note
The following procedure shows how to use the l2tp tunnel resync command, in VPDN-group configuration mode, to control the number of packets a L2TP HA tunnel sends before waiting for an acknowledgement.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Verifying the Checkpoint Status of L2TP HA Sessions
The show l2tp redundancy command provides information regarding the global state of the L2TP or specific L2TP sessions, with regard to their checkpointing status. You can display detailed information on:
•
–
–
–
–
•
–
–
–
–
–
–
•
–
–
–
–
The L2TP HA protocol state information for tunnels configured for HA (HA-enabled) and HA tunnels established successfully (HA-established) should match on the active and standby RP, unless there is a failure.
The output of the show l2tp redundancy command on the standby RP does not display total counter values or values for L2TP resynchized tunnels. Total counter values would include non-HA protected tunnels and sessions, and these are not present on the standby RP.
To display global L2TP or specific L2TP sessions having checkpoint status, follow this procedure.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Verifying the Checkpoint Status of VPDN Sessions
To verify the checkpoint status of VPDN sessions, follow this procedure.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Configuring Debugging for L2TP or VPDN Redundancy Sessions
There is extensive debugging for L2TP or VPDN redundancy sessions. For example, if the standby RP does not initialize, the show l2tp redundancy command displays a warning message and will display no tunnel or session information.
Router> enableRouter# show l2tp redundancyL2TP HA support: Silent FailoverL2TP HA Status:Checkpoint Messaging on: FALSEStandby RP is up: TRUERecv'd Message Count: 0No HA CC of Session data to display until Standby RP is up.You can use the debug l2tp redundancy or debug vpdn redundancy commands to display debug information relating to L2TP- or VPDN-checkpointing events or errors. Debug information includes:
•
•
•
•
•
•
•
To debug an L2TP or VPDN session having redundancy event errors, follow this procedure.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Configuration Examples for L2TP HA Session SSO/ISSU on a LAC/LNS
This section includes the following examples:
•
•
Configuring SSO on a Route Processor: Example
This example shows how to configure L2TP SSO:
Router> enableRouter# configure terminalRouter(config)# redundancyRouter (config-red)# mode ssoRouter (config-red)# exitConfiguring L2TP High Availability: Example
This example shows how to configure L2TP SSO:
Router> enableRouter# configure terminalRouter(config)# l2tp sso enableRouter (config-red)# exitDisplaying L2TP Checkpoint Status: Examples
This section provides the following configuration examples:
•
•
•
•
•
Displaying L2TP Redundancy Information: Example
The following example shows an L2TP redundancy information request:
Router> enableRouter# show l2tp redundancyL2TP HA support: Silent FailoverL2TP HA Status:Checkpoint Messaging on: FALSEStandby RP is up: TRUERecv'd Message Count: 0L2TP Active Tunnels: 1/1/0 (total/HA-enabled/resync)L2TP Active Sessions: 1/1 (total/HA-enabled)L2TP Resynced Tunnels: 1/0 (success/fail)Displaying L2TP Redundancy Detail Information: Example
The following example shows an L2TP redundancy detail information request:
Router> enableRouter# show l2tp redundancy detailL2TP HA support: Silent FailoverL2TP HA Status:Checkpoint Messaging on: FALSEStandby RP is up: TRUERecv'd Message Count: 0L2TP Active Tunnels: 1/1/0 (total/HA-enabled/resync)L2TP Active Sessions: 1/1 (total/HA-enabled)L2TP Resynced Tunnels: 1/0 (success/fail)L2TP HA CC Check Point Status:Local ID : 33003Remote ID : 26355Control Channel state: establishedRemote name : LAC-1Class Name : 1Number of sessions : 1Logical CC ID : 4096Local UDP port : 1701Remote UDP port : 1701Current Ns : 8Currect Nr : 10Check pointed Ns/Nr values available on Standby RPLocal session ID : 28017Remote session ID : 10Local CC ID : 33003Local UDP port : 1701Remote UDP port : 1701Waiting for VPDN application: NoWaiting for L2TP protocol : NoDisplaying All L2TP Redundancy Information: Example
The following example shows an L2TP redundancy all-information request:
Router> enableRouter# show l2tp redundancy allL2TP HA support: Silent FailoverL2TP HA Status:Checkpoint Messaging on: FALSEStandby RP is up: TRUERecv'd Message Count: 0L2TP Active Tunnels: 1/1/0 (total/HA-enabled/resync)L2TP Active Sessions: 1/1 (total/HA-enabled)L2TP Resynced Tunnels: 1/0 (success/fail)L2TP HA CC Check Point Status:State LocID RemID Remote Name Class/Group Num. Sessionsest 33003 26355 LAC-1 1 1L2TP HA Session Status:LocID RemID TunID Waiting for Waiting forVPDN app? L2TP proto?28017 10 33003 No NoDisplaying L2TP Redundancy ID Information: Example
The following example shows an L2TP redundancy information request for ID 33003:
Router> enableRouter# show l2tp redundancy id 33003L2TP HA Session Status:LocID RemID TunID Waiting for Waiting forVPDN app? L2TP proto?28017 10 33003 No NoDisplaying L2TP Redundancy Detail ID Information: Example
The following example shows an L2TP redundancy detail information request for ID 33003:
Router> enableRouter# show vpdn redundancy detail id 33003Local session ID : 28017Remote session ID : 10Local CC ID : 33003Local UDP port : 1701Remote UDP port : 1701Waiting for VPDN application: NoWaiting for L2TP protocol : NoTroubleshooting Tips
This section provides debugging commands you can use to help troubleshoot an L2TP HA SSO session.
The following example configuration shows a debugging session for an LNS:
LNS1> debug enableLNS1# debug l2tp redundancy cfL2TP redundancy cf debugging is onLNS1# debug l2tp redundancy detailL2TP redundancy details debugging is onLNS1# debug l2tp redundancy errorL2TP redundancy errors debugging is onLNS1# debug l2tp redundancy eventL2TP redundancy events debugging is onLNS1# debug l2tp redundancy fsmL2TP redundancy fsm debugging is onLNS1# debug l2tp redundancy resyncL2TP redundancy resync debugging is onLNS1# debug l2tp redundancy rfL2TP redundancy rf debugging is onAdditional References
The following sections provide references related to the L2TP HA Session SSO/ISSU on a LAC/LNS feature.
Related Documents
Layer 2 Tunnel Protocol
Cisco IOS high availability
VPDN technology overview
"VPDN Technology Overview," Cisco VPDN Configuration Guide
Standards
MIBs
None
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
RFC 2661
Layer 2 Tunneling Protocol (L2TP)
RFC 4591
Fail Over for Layer 2 Tunneling Protocol (L2TP)
Technical Assistance
Feature Information for L2TP HA Session SSO/ISSU on a LAC/LNS
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0801R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008 Cisco Systems, Inc. All rights reserved.
Guest
