Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Subscriber Management] MX PPPoE session terminates with 'reply-code=4 (INTERNAL ERROR), result-subopcode=3 (SESSION_ACTIVATE_ACK)'



Article ID: KB32539 KB Last Updated: 30 Apr 2018Version: 2.0

This article explains how to triage a PPPoE session login failure with the following error:

SEQ SendClientMsg:jpppd-client session-id:42013086 reply-code=4 (INTERNAL ERROR), result-subopcode=3 (SESSION_ACTIVATE_ACK), cookie=22828527, ex_cookie=69, rply_len=28, num_tlv_blocks=0



After an authentication failure, enabling traceoptions for general-authentication-service will provide the log message indicating an "INTERNAL ERROR".

Feb 14 11:40:47.040800 SEQ SendClientMsg:jpppd-client session-id:42013086 reply-code=4 (INTERNAL ERROR), result-subopcode=3 (SESSION_ACTIVATE_ACK), cookie=22828527, ex_cookie=69, rply_len=28, num_tlv_blocks=0



This "INTERNAL ERROR" is a generic failure and will require additional review of log messages to determine the specific cause of the failure.

When the session-id is known, additional logs can be examined to determine the reason the client failed to log in.  The Enhanced Subscriber Management (bbe-smgd) traceoptions can provide additional information.  Reviewing the output below, it can be seen that adding the access-internal route failed:

Feb 14 11:40:46 PppoeBbePlugin::bbeFlowNotifyHandler: pp0.3221293648 ==> Change
Feb 14 11:40:46 PppoeBbePlugin::processIflNotificationChange: type unsupported - 0x6
Feb 14 11:40:46 clientAddRoute:, lsri default:default, flags 0x00000000, iff 0x1900d7fc, nhGwType 0
Feb 14 11:40:46 ERR: clientAddRoute: Route prefix exists. routeIndex 1505076,
Feb 14 11:40:46 ERR: bbe_route_enqueue_add_failure_msg: Destination plugin Central

Searching bbesmgd for that route prefix reveals that it had recently been successfully released from another subscriber: 

Feb 14 11:38:53 PppoeBbePlugin::bbeFlowNotifyHandler: pp0.3221292912 ==> Destroyed
Feb 14 11:38:53 PppoeBbePlugin::processIflNotificationDelete: PPPoE IFL pp0.3221292912
Feb 14 11:38:53 bbe_mcast_flow_notify_handler: Flow Notify, Name: pp0.3221292912 ==> Destroyed change_bits 0x0
Feb 14 11:38:53 bbe_stats_plugin_flow_msg_received: Flow notify type Destroyed for plugin STATS ifl pp0.3221292912
Feb 14 11:38:53 bbe_stats_plugin_process_ifl_stats_db_del_request: sent req for ifl:67653 stats del in db to PFED
Feb 14 11:38:53 NOTE: bbe_route_process_del_request: Process delete route request msg from Central, rtt_index 0 for

When a subscriber logs out, releasing it's IP address, that address is returned to the address pool.  Additionally, the access-internal route must be removed from the routing table.

In this scenario, AUTHD cleaned up and returned the address to the pool. Before RPD completed it's cleanup duties, removed the prefix from the routing-table, another subscriber logged in and received that same prefix.  RPD failed the post authentication check because it found that address in it's table.

This is a transient event and any subsequent login attempt which results in that same address being assigned will be successful.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search