Cisco BNG deployment guide (PPP, IPoE)

https://blog.ine.com/2009/07/22/understanding-dhcp-option-82

https://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Service%20Provider/BRKSPG-2303%20%20Residential%20Broadband%20Subscriber%20Aggregation%20and%20BNG%20Deployment%20Models.pdf

https://supportforums.cisco.com/t5/service-providers-documents/asr9000-xr-bng-deployment-guide/ta-p/3110436#DHCPIP_sessions

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r6-1/bng/configuration/guide/b-bng-cg-asr9k-61x/b-bng-cg-asr9k-61x_chapter_0101.pdf

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-s/dhcp-15-s-book/dhcp-option-82.html

https://supportforums.cisco.com/document/12516486/asr9k-bng-radius-and-coa-deployment-guide
https://supportforums.cisco.com/document/94171/asr9000xr-bng-deployment-guide
https://supportforums.cisco.com/t5/tkb/articleprintpage/tkb-id/4441-docs-service-providers/article-id/1985
https://supportforums.cisco.com/t5/xr-os-and-platforms/asr-9k-bng-dhcp-triggered-session-start-ack-not-received-by/td-p/2641468
https://supportforums.cisco.com/t5/service-providers-documents/asr9000-xr-bng-deployment-guide/ta-p/3110436#DHCPIP_sessions
https://supportforums.cisco.com/t5/service-providers-documents/asr9000-xr-bng-vsa-s-vendor-specific-attributes-and-services/ta-p/3141601
https://supportforums.cisco.com/t5/service-providers-documents/asr9000-bng-training-guide-setting-up-pppoe-and-ipoe-sessions/ta-p/3124670

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iwag/configuration/xe-3s/IWAG_Config_Guide_BookMap/dhcp-option-82-remote-id-format.pdf

Google cloud gateway

https://cloud.google.com/compute/docs/vpn/advanced

https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithCiscoASA.pdf

 

heres a (final/working) config in case anyone else wants to do this:

===================

crypto ikev2 proposal gcp-ikev2-proposal-1

encryption aes-cbc-128 aes-cbc-192 aes-cbc-256

integrity sha1 sha256 sha384 sha512

group 2 5 14 15 16

!

crypto ikev2 policy gcp-ikev2-policy-1

match fvrf any

proposal gcp-ikev2-proposal-1

!

crypto ikev2 profile gcp-ikev2-profile-1

match identity remote address gcp.gcp.gcp.gcp 255.255.255.255

identity local address me.me.me.me

authentication remote pre-share key xxxxxxxxxxxx

authentication local pre-share key xxxxxxxxxxxx

lifetime 10800

!

crypto ipsec transform-set gcp-tset-1 esp-aes esp-sha-hmac

mode tunnel

!

crypto ipsec profile gcp-ipsec-profile-1

set transform-set gcp-tset-1

set pfs group14

set ikev2-profile gcp-ikev2-profile-1

!

interface Tunnel0

ip address 169.254.0.2 255.255.255.252

tunnel source me.me.me.me

tunnel mode ipsec ipv4

tunnel destination gcp.gcp.gcp.gcp

tunnel protection ipsec profile gcp-ipsec-profile-1

!

===================

And then configure BGP or maybe static routes as required.

After adding in the Tunnel0 interface config it just started working

straight away. So I guess my config was right all along, its just some

other aspect of IPSEC that wasnt happy with something missing… Yay

misleading debug output. :-/

Hope that helps someone else.

Tom

Cisco VDSL SNMP oid’s

Subtree : .1.3.6.1.2.1.10.94.1.1

Download:
Noise Margin (/10):
.1.3.6.1.2.1.10.94.1.1.3.1.4.21 96 Gauge 192.0.2.254:161
Actual Power:
.1.3.6.1.2.1.10.94.1.1.3.1.7.21 124 Gauge 192.0.2.254:161
Attainable Rate:
.1.3.6.1.2.1.10.94.1.1.3.1.8.21 65969000 Gauge 192.0.2.254:161
Speed (kbps):
.1.3.6.1.2.1.10.94.1.1.4.1.2.21 51998000 Gauge 192.0.2.254:161

Upload:
Noise Margin (/10):
.1.3.6.1.2.1.10.94.1.1.2.1.4.21 126 Gauge 192.0.2.254:161
Actual Power:
.1.3.6.1.2.1.10.94.1.1.2.1.7.21 86 Gauge 192.0.2.254:161
Attainable Rate:
.1.3.6.1.2.1.10.94.1.1.2.1.8.21 23538000 Gauge 192.0.2.254:161
Speed (kbps):
.1.3.6.1.2.1.10.94.1.1.5.1.2.21 10448000 Gauge 192.0.2.254:161

ASR9K Upgrade

admin install add tftp://x.x.x.x/asr9k-mini-px.pie-5.3.2 synchronous

admin install activate disk0:asr9k-mini-px.pie-5.3.2 synchronous

admin install

commit

admin

install remove inactive


 

https://supportforums.cisco.com/document/123576/asr9000xr-understanding-turboboot-and-initial-system-bring


 

Also beware of

http://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63979.html


 

recently did a upgrade on two ASR9k1’s from 4.2.3 to 5.1.3

Thou I didn’t have the space issue, Here is 1 things you can try before hand –

‘admin install remove inactive’

Befogging upgrading you may will want to install the following SMU’s

CSCud98419

CSCud37351

CSCud54093


 

You will need to install the fpd so it will upgrade the fed upon boot or manually.

had ‘fpd auto-upgrade’ in my admin config. So it did it automatically

This is what we installed after we did the pre-requs:

asr9k-fpd-px-5.1.3

asr9k-k9sec-px-5.1.3

asr9k-mgbl-px-5.1.3

asr9k-mini-px-5.1.3

asr9k-px-5.1.3.CSCut52232-1.0.0

asr9k-px-5.1.3.sp7-1.0.0

asr9k-px-5.1.3.CSCur72219-1.0.0

asr9k-px-5.1.3.CSCur83427-1.0.0


 

It’s also possible to re-partitioning the disk to get some extra space(300M). Executing the re-partitioning is not service impacting.

https://tools.cisco.com/bugsearch/bug/CSCub41271

https://supportforums.cisco.com/document/145991/managing-disk-space-rsp-4grsp-8g-aka-rsp2

IPv6 Intelligence – MrLooquer

Please, allow us to introduce MrLooquer -> https://www.mrlooquer.com

 

MrLooquer combines open source intelligence techniques with heuristic and data mining to perform one of the first attempts to create a real map about

IPv6 deployment and its relationship with current networks and protocols.

 

MrLooquer is born as an open initiative with Creative Commons license focused on:

– Data discovery

– Visual intelligence

– Relationship

 

Our main goal is to provide a useful tool for security analysts around the world. MrLooquer allows users to make advanced queries through our big data infrastructure to obtain datasets with relationships between domains, IPv4, IPv6, service informations, geolocation, etc…

 

We’ve released the first version recently. It’s just the bread and butter… We are developing a roadmap that includes, among other things,  threat indicator based on relationships and patterns.

 

Please, feel free to start using it and we would be thankful for any type of feedback.

 

Best regards,

MrLooquer team.

 

Web: https://www.mrlooquer.com

Twitter: https://twitter.com/mrlooquer

Blog: http://blog.mrlooquer.com/

IPv6 HSRP Config

Interface vlan777

ipv6 enable

 

 

Otherwise, the config looks spot on

 

Our config looks like:

 

interface Vlan110

standby version 2

standby 110 ipv6 FE80::1

standby 110 timers 1 3

standby 110 priority 110

standby 110 preempt delay minimum 180

standby 110 authentication xxxx

ipv6 address dead:beef:1::FFFE/64

ipv6 enable

ipv6 nd other-config-flag

ipv6 nd router-preference High

ipv6 pim dr-priority 4294967295

ipv6 dhcp relay destination dead:beef:0::1

ipv6 dhcp relay destination dead:beef:0::2

1 3 4 5 6 7