MX enabled for enhanced subscriber management will be unable to terminate L2TP sessions originating over a GRE tunnel.
Topology:
PPPoE-client---ERX-LAC------GRE-TUNNEL-----------MX480-LNS
Using the basic topology note above, the MX480 acting as an LNS will be unable to terminate any L2TP sessions. The L2TP tunnel will establish fine. When the LAC sends a ICRQ (incoming call request) to initiate the session phase, the LNS does respond with a ICRP (incoming call reply). At this point the LAC will send an ICCN (incoming call connected) which will be seen at the kernel (RE) but the jl2tpd will not. This will cause the LNS to retransmit the ICRP until the tunnel expires.
Monitoring traffic on the LAC facing GRE interface:
On the MX480, monitoring traffic on the LAC facing GRE interface, it is seen that the ICCN is received to the kernel (RE).
labroot@MX480-R060> monitor traffic interface gr-5/3/0.2 no-resolve
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on gr-5/3/0.2, capture size 96 bytes
13:36:50.503116 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) |...
13:36:50.517180 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=1,Nr=1 *MSGTYPE(SCCCN)
13:36:50.520893 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=2,Nr=1 *MSGTYPE(ICRQ) *ASSND_SESS_ID(37994) |...
13:36:50.687164 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/19146)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000) |...
13:36:51.544618 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=4,Nr=2 ZLB
13:36:51.701215 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/19146)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000) |...
13:36:53.644800 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=4,Nr=2 ZLB
13:36:53.801205 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/19146)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000) |...
13:36:57.744849 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=4,Nr=2 ZLB
13:36:57.901292 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/19146)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000) |...
13:37:00.298147 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[](13084/19146)[hdlc|]
13:37:05.844556 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=4,Nr=2 ZLB
13:37:06.001333 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/19146)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000) |...
13:37:10.602478 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[](13084/19146)[hdlc|]
13:37:20.669479 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[](13084/19146)[hdlc|]
13:37:21.944807 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/0)Ns=4,Nr=2 ZLB
13:37:22.101554 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[TLS](13084/19146)Ns=3,Nr=2 *MSGTYPE(ICCN) *TX_CONN_SPEED(1000000000) |...
13:37:30.394079 In IP 35.35.35.35.1701 > 192.164.1.1.1701: l2tp:[](13084/19146)[hdlc|
However, jl2tpd (on the MX480) does not see the ICCN and is showing the retransmits of the ICRP.
Nov 9 13:36:50.509930 allocateLocalTunnelId: got localTunnelId 13084
Nov 9 13:36:50.510084 receive: received L2TP packet type sccrq, from remote address 35.35.35.35, remote port 1701, for local address 192.164.1.1, local port 1701, tunnel Id 0x0, session Id 0x0
Nov 9 13:36:50.510218 send: send L2TP packet type sccrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 0, local session Id 0, Ns 0, Nr 1, re-tries 0
Nov 9 13:36:50.517255 receive: received L2TP packet type scccn, from remote address 35.35.35.35, remote port 1701, for local address 192.164.1.1, local port 1701, tunnel Id 0x13084, session Id 0x0
Nov 9 13:36:50.517558 sendZLB: send L2TP packet type zlb, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, tunnel Id 24596, session Id 0, Ns 1, Nr 2
Nov 9 13:36:50.520961 receive: received L2TP packet type icrq, from remote address 35.35.35.35, remote port 1701, for local address 192.164.1.1, local port 1701, tunnel Id 0x13084, session Id 0x0
Nov 9 13:36:50.527771 allocateLocalSessionId: got localSessionId 19146
Nov 9 13:36:50.528132 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 0
Nov 9 13:36:51.542825 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 0
Nov 9 13:36:53.642831 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 1
Nov 9 13:36:57.742834 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 2
Nov 9 13:37:05.842853 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 3
Nov 9 13:37:21.942827 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 4
Nov 9 13:37:38.042811 send: send L2TP packet type icrp, for remote address 35.35.35.35, remote port 1701, from local address 192.164.1.1, local port 1701, L2tpTunnel 0xa, remote tunnel Id 24596, local tunnel Id 13084, remote session Id 37994, local session Id 19146, Ns 1, Nr 3, re-tries 5
In this set up, the GRE header is encapsulated at the LAC and removed at the LNS. The GRE tunnel is between the LAC and the LNS only. During the GRE driver packet processing, the GRE header is removed and the underlying L2TP packet is sent to the jL2tpd daemon in the legacy RTSOCK path. These packets reach directly to jL2tpd by-passing bbe-smgd. However, it is expected to receive Tunnel Control Packets (SCCRQ , SCCCN) and the first session control packet (ICRQ) at jL2tpd which is happening correctly. But after the installation of /120 bit Tunnel Control Route, the ICCN packet is not being sent from the RE kernel to jL2tpd.
This is because after the /120 bit route installation, the GRE Driver at the kernel performs a route lookup on the underlying L2TP packet. Since the route lookup at the kernel points to Pseudo-Ifl Next-hop, packets are dropped at the kernel itself. If no route is found, the packet is injected back to Raw IP Processing, thus reaching the jL2tpd daemon. (Raw_IP -> IP - > UDP -> jL2tpd ).
In enhanced subscriber management, the correct packet path for the L2TP session packet is that PFE adds PACKET_TAG_VBF to L2TP control packet and it is being sent from the kernel raw socket driver to bbe-smgd.