Wednesday, September 4, 2019

Any ISP DSL PPPoE experts?

I am just looking for someone to help me put this issue to an ISP.

Basically I see an issue all the time with an ISP where the line is DSL using PPPoE.

Topology is this ISP -> bridged dsl/vdsl isp modem -> edge fw pppoe client

The issue arises when the PPPoE goes down and needs to be rebuilt, a reboot with the FW mostly.

When the FW comes back online and the PPPoE client on the WAN interface comes up, internet connectivity is restored but site to site IPsec VPN tunnels frequently do not.

I have narrowed the issue down to the frames coming into the FW pppoe interface via the bridged modem, from the VPN peer, having the wrong PPPoE session ID and are getting dropped by the FW.

All other frames have the correct PPPoE session ID and connectivity is good.

I can get things back working by rebooting the ISP bridged dsl modem, leaving it powered off for a minute or so.

I am guessing the issue is probably related to some PPPoE server load balancing on the ISP end, but in order to ease the pain explaining this to the ISP... does anyone with experience on the ISP end or indeed with a better understanding of PPPoE than me have any suggestions?

The issue only effects VPNs which were established before the PPPoE session goes down (and to UDP traffic in general I am pretty sure). I can successfully build a new VPN to a new peer (which was not established before the PPPoE session died) when the issue is present.

Cheers



No comments:

Post a Comment