|
This chapter describes parameters that you can modify to optimize the session and tunnel scalability on the Cisco 6400 in Cisco IOS Release 12.2(13)T.
Note For supported scalability numbers and the recommended parameter values for achieving those numbers, see the "Important Notes" section of the Cisco 6400 Release Notes. |
This chapter includes the following sections:
See the Cisco 6400 Release Notes for memory recommendations.
Make sure that the NSP and NRP simultaneously run the same software release version.
Disable logging to the console terminal by using the no logging console global configuration command:
Router(config)# no logging console
Also, log messages to an internal buffer by using the logging buffered buffer-size global configuration command. Choose a buffer size appropriate for the available memory and volume of messages logged on your systems:
Router(config)# logging buffered 131072
For more information on system and console logging, see the "Redirecting debug and error message Output" section of the "Using Debug Commands" chapter of the Cisco IOS Debug Command Reference.
For the NRP-1 using 128 MB of DRAM, the total number of precloned interfaces must not exceed 3000.
Downloading policing parameters from a AAA server might reduce the number of PPP sessions that can be established per second. See the Cisco 6400 Release Notes for details.
The input and output hold-queue limits determine the maximum number of incoming and outgoing control packets that the queue can accommodate. The default input and output hold-queue limits depend on the NRP type (see Table 5-1).
NRP Type | Default Input Hold-Queue Limit | Default Output Hold-Queue Limit |
---|---|---|
NRP-1 | 75 packets | 80 packets |
NRP-2 | 75 packets | 40 packets |
Tip If you enter the show interfaces EXEC command and see an excessive number of discarded packets due to input or output hold-queue overflows, then increase the appropriate hold-queue limit. |
To modify the input or output hold-queue limit, enter the following commands beginning in global configuration mode:
Command | Purpose | |
---|---|---|
Step 1 | Router(config)# interface atm 0/0/0
| Selects the ATM interface. |
Step 2 | Router(config-if)#
hold-queue length {in | out}
| Specifies the maximum number of packets in the input or output hold-queue. See Table 5-1 for default values. |
To display the current hold-queue limits and the number of packets discarded because of hold-queue overflows, use the show interface atm 0/0/0 EXEC command.
In the following example, the NRP-2 input and output hold-queue limits are set to 4096 packets:
Router# show interface atm 0/0/0
ATM0/0/0 is up, line protocol is up
Hardware is NRP2 ATM SAR
MTU 1900 bytes, sub MTU 1900, BW 599040 Kbit, DLY 60 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not supported
Keepalive not supported
Encapsulation(s):AAL5
16384 maximum active VCs, 2048 VCs per VP, 4002 current VCCs
VC idle disconnect time:300 seconds
0 carrier transitions
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy:fifo
Output queue 0/4096, 0 drops; input queue 0/4096, 0 drops
30 second input rate 29000 bits/sec, 213 packets/sec
30 second output rate 28000 bits/sec, 253 packets/sec
35846 packets input, 672141 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
81291 packets output, 1110355 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Router#
The first phase of PPP, Link Control Protocol (LCP), is responsible for establishing, configuring, testing, maintaining, and terminating the PPP data-link connection. By default, the NRP does not limit the number of simultaneous LCP session initiations. When a large number of PPP sessions start at the same time (due to an NRP reload or an ATM interface reset), the numerous LCP requests can cause a spike in the CPU utilization. If the CPU is unable to service all the LCP requests simultaneously, LCP sessions begin to timeout and renegotiate. This can result in a chain reaction of LCP session negotiations and excessive session recovery times. The chain reaction can be controlled by limiting the number of simultaneous LCP session initiations.
Note Only follow this procedure if the NRP has problems recovering after a reload or link dropout. |
To limit the number of simultaneous LCP session initiations, enter the following commands in global configuration mode:
Note The nominal values depend on many factors. Check the "Important Notes" section of the Cisco 6400 Release Notes for recommended values to use as a starting point. Try several numbers and select the combination that results in the shortest session recovery time after a link dropout. |
To check the configured load metric and LCP session initiation limits, use the show running-config EXEC command.
The PPP authentication timeout determines how long the system waits for a response from the remote peer before retransmitting one of the following packets:
The PPP retry timeout determines how long the PPP state machine (for LCP and all NCP's) waits for a response from the remote peer before retransmitting one of the following packets:
The default PPP authentication timeout is 10 seconds, and the default PPP retry timeout is 2 seconds. By modifying these values, you can help to optimize the number of stable PPP sessions.
To modify the PPP timeouts, enter the following commands beginning in global configuration mode:
Note The nominal value depends on many factors. Check the "Important Notes" section of the Cisco 6400 Release Notes for recommended values to use as a starting point. Try several values and select the combination that results in the highest number of stable sessions. |
To check the configured PPP authentication and retry timeouts, use the show running-config EXEC command.
You can configure the keepalive interval, which is the frequency at which the Cisco IOS software sends messages to ensure that a network interface or L2TP tunnel is alive. By default, the interface keepalive is 10 seconds, and the L2TP tunnel keepalive is 60 seconds. An interface is declared down after the fourth successive keepalive is sent without an echo reply.
The L2TP tunnel keepalive timers do not have to use the same value on both sides of the tunnel. For example, a LAC can use a keepalive value of 30 seconds, and an LNS can use the default value of 60 seconds.
A high interface keepalive interval is required when scaling up your session count. As rough examples, a value around 120 seconds may be best for an NRP-1 with 2000 sessions, while 200 seconds may be best for an NRP-2 with 8000 sessions. See the Cisco 6400 Release Notes for specific recommended values.
Keepalive interval configuration consists of the following tasks:
To configure the interface keepalive interval, enter the following commands beginning in global configuration mode:
To verify the interface keepalive interval, use the show interface virtual-template EXEC command.
In the following example, the interface keepalive interval is set to 200 seconds:
Router# show interface virtual-template 1
Virtual-Template1 is down, line protocol is down
Hardware is Virtual Template interface
Interface is unnumbered. Using address of GigabitEthernet0/0/0 (10.24.24.1)
MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (200 sec)
DTR is pulsed for 5 seconds on reset
LCP Closed
Last input never, output never, output hang never
Last clearing of "show interface" counters 02:11:27
Queueing strategy:fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Router#
To configure the L2TP tunnel keepalive interval, enter the following commands beginning in global configuration mode:
To verify the L2TP tunnel keepalive interval, use the show running-config EXEC command.
Precloning (or allocating) virtual access interfaces when you start the system reduces the load on the system during call setup. Precloning is required to optimize scalability on:
Note Do not use precloning with PPPoA terminated. |
Note The precloning operation might take a long time to complete (on the order of minutes for a large number of interfaces). Avoid incoming calls at the LNS until precloning is finished. You can monitor the precloning operation with the show vtemplate privileged EXEC command. |
To preclone a virtual access interface, enter the following command in global configuration mode.
Command | Purpose |
---|---|
Router(config)#
virtual-template
template-number pre-clone number
| Specifies the number of virtual access interfaces to be created and cloned from a specific virtual template. |
To check the successful precloning of virtual access interfaces, enter the privileged EXEC command show vtemplate. In the following example, precloning is on for Virtual-Template 1, 250 virtual access interfaces have been precloned, and 249 virtual access interfaces are available for new L2TP sessions. Only one virtual access interface is in use by L2TP, and no virtual access interfaces were cloned during call setup.
Router# show vtemplate
Virtual-Template 1, pre-cloning is on
Pre-clone limit: 250, current number: 249
Active vaccess number: 1
Generic free vaccess number:0
By default, the NRP attempts 10 L2TP control channel retransmissions that follow an exponential backoff (such as 1, 2, 4, 8, 8, 8 seconds), starting at the minimum retransmission timeout (1 second by default), and ending at the maximum retransmission timeout (8 seconds by default).
To determine the best minimum and maximum retransmission timeouts for a given topology, enter the privileged EXEC command show vpdn tunnel all. Check the displayed retransmit time distribution:
Retransmit time distribution: 0 0 0 0 1 0 0 0 1
Each value corresponds to the number of retransmissions at 0, 1, 2,..., 8 seconds, respectively, displaying a histogram of all tunnel retransmission times.
The local control channel receive window size (RWS) determines how many incoming control messages can be acknowledged and waiting on the recipient's queue, instead of waiting on the peer's queue. Large values enable the NRP to open PPP sessions more quickly. The default local RWS is 3000 packets, which allows the L2TP control channel to send requests as fast as possible.
By improving L2TP control channel processing, the following tasks can provide resilience to dropouts between the LAC and the LNS:
To configure the L2TP control channel retransmission parameters, enter the following commands beginning in global configuration mode:
To check the configured L2TP control channel retransmission parameters, enter the show running-config EXEC command.
To check general control channel retransmission parameters, enter the show vpdn tunnel all privileged EXEC command.
To configure the local control channel RWS, enter the following commands beginning in global configuration mode:
To display the local control channel RWS, use the show vpdn tunnel all privileged EXEC command.
Router# show vpdn tunnel all
L2TP Tunnel Information (Total tunnels=1 sessions=500)
Tunnel id 20 is up, remote id is 12, 500 active sessions
Tunnel state is established, time since change 00:00:33
Remote tunnel name is LAC
Internet Address 10.1.1.1, port 1701
Local tunnel name is LNS
Internet Address 10.1.1.2, port 1701
971 packets sent, 1259 received, 19892 bytes sent, 37787 received
Control Ns 501, Nr 746
Local RWS 3000 (default), Remote RWS 3000 (max)
Retransmission time 4, max 8 seconds
Unsent queuesize 0, max 0
Resend queuesize 251, max 261
Total resends 390, ZLB ACKs 251
Current nosession queue check 0 of 5
Retransmit time distribution: 0 0 0 0 1 0 0 0 1
Sessions disconnected due to lack of resources 0
The tunnel timeout determines how long a tunnel lingers after all its sessions are gone. The default tunnel timeout is 10 seconds for an LNS and 15 seconds for a LAC. Configuring a longer tunnel timeout is useful:
To configure the L2TP tunnel timeout, enter the following commands beginning in global configuration mode.
To check the configured tunnel timeout, use the show running-config EXEC command.
For general L2TP configuration examples, see the Layer 2 Tunnel Protocol feature module and the "Configuring Virtual Private Networks" chapter in the "Virtual Templates, Profiles, and Networks" part of the Cisco IOS Dial Technologies Configuration Guide.
The following example shows a configuration implementing the session and tunnel scalability optimization commands described in this chapter.The input hold queue limit on an ATM interface is set to 1200, and virtual template 1 is used to preclone 2000 virtual access interfaces. VPDN group 1 is set to use 7 retransmission attempts, with the retransmission timeouts beginning at 2 seconds and ending at 4 seconds. The L2TP tunnel timeout is set to 10 seconds. The local RWS is set to 500 packets. The number of simultaneous LCP session initiations are limited to 100, and the load metric is limited to 100. Both the PPP authentication and retry timeouts are set to 15 seconds.
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate from hostname LAC1
local name LNS1
l2tp tunnel receive-window 500
l2tp tunnel nosession-timeout 10
l2tp tunnel retransmit retries 7
l2tp tunnel retransmit timeout min 2
l2tp tunnel retransmit timeout max 4
!
!
virtual-template 1 pre-clone 2000
!
interface ATM 0/0/0
hold-queue 1200 in
!
interface FastEthernet 0/0/0
ip address negotiated
no ip directed-broadcast
!
interface Virtual-Template 1
ip unnumbered FastEthernet 0/0/0
no ip directed-broadcast
no logging event link-status
no keepalive
peer default ip address pool pool-1
ppp authentication chap
ppp timeout retry 15
ppp timeout authentication 15
!
lcp max-session-starts 100
lcp max-load-metric 100
!
Use the following commands to monitor and maintaining PPP scalability:
Router# show atm pvc ppp
VCD / Peak Avg/Min Burst
ATM Int. Name VPI VCI Type VA VASt SC Kbps Kbps Cells VCSt
0/0/0.101 2 1 41 PVC 1 DOWN UBR 599040 UP
0/0/0.101 3 1 42 PVC 2 DOWN UBR 599040 UP
0/0/0.101 4 1 43 PVC 3 DOWN UBR 599040 UP
0/0/0.101 5 1 44 PVC 4 DOWN UBR 599040 UP
0/0/0.101 6 1 45 PVC 5 DOWN UBR 599040 UP
0/0/0.101 7 1 46 PVC 6 DOWN UBR 599040 UP
0/0/0.101 8 1 47 PVC 7 DOWN UBR 599040 UP
0/0/0.101 9 1 48 PVC 8 DOWN UBR 599040 UP
0/0/0.101 10 1 49 PVC 9 DOWN UBR 599040 UP
0/0/0.101 11 1 50 PVC 10 DOWN UBR 599040 UP
0/0/0.101 12 1 51 PVC 11 DOWN UBR 599040 UP
0/0/0.101 13 1 52 PVC 12 DOWN UBR 599040 UP
0/0/0.101 14 1 53 PVC 13 DOWN UBR 599040 UP
Router# show ip local pool
Pool Begin End Free In use
pool1 110.1.1.1 110.1.1.250 10 240
110.1.2.1 110.1.2.250 3 247
110.1.3.1 110.1.3.250 1 249
110.1.4.1 110.1.4.250 6 244
110.1.5.1 110.1.5.250 1 249
110.1.6.1 110.1.6.250 4 246
110.1.7.1 110.1.7.250 2 248
110.1.8.1 110.1.8.250 2 248
110.1.9.1 110.1.9.250 3 247
110.1.10.1 110.1.10.250 3 247
110.1.11.1 110.1.11.250 3 247
110.1.12.1 110.1.12.250 7 243
110.1.13.1 110.1.13.250 2
248
For general information on monitoring and maintaining L2TP, see the Layer 2 Tunnel Protocol feature module and the "Configuring Virtual Private Networks" chapter in the "Virtual Templates, Profiles, and Networks" part of the Cisco IOS Dial Technologies Configuration Guide.
Use the following commands to monitor and maintain L2TP scalability:
The show vpdn tunnel all privileged EXEC command output includes scalability parameters. Scalability-related fields are described in Table 5-2.
Router# show vpdn tunnel all
L2TP Tunnel Information (Total tunnels=1 sessions=500)
Tunnel id 20 is up, remote id is 12, 500 active sessions
Tunnel state is established, time since change 00:00:33
Remote tunnel name is LAC
Internet Address 10.1.1.1, port 1701
Local tunnel name is LNS
Internet Address 10.1.1.2, port 1701
971 packets sent, 1259 received, 19892 bytes sent, 37787 received
Control Ns 501, Nr 746
Local RWS 3000 (default), Remote RWS 3000 (max)
Retransmission time 4, max 8 seconds
Unsent queuesize 0, max 0
Resend queuesize 251, max 261
Total resends 390, ZLB ACKs 251
Current nosession queue check 0 of 5
Retransmit time distribution: 0 0 0 0 1 0 0 0 1
Sessions disconnected due to lack of resources 0
Posted: Sun Nov 24 13:59:44 PST 2002
Copyright 1989-2000©Cisco Systems Inc.