Cisco BNG deployment guide (PPP, IPoE)

Google cloud gateway


heres a (final/working) config in case anyone else wants to do this:


crypto ikev2 proposal gcp-ikev2-proposal-1

encryption aes-cbc-128 aes-cbc-192 aes-cbc-256

integrity sha1 sha256 sha384 sha512

group 2 5 14 15 16


crypto ikev2 policy gcp-ikev2-policy-1

match fvrf any

proposal gcp-ikev2-proposal-1


crypto ikev2 profile gcp-ikev2-profile-1

match identity remote address gcp.gcp.gcp.gcp

identity local address

authentication remote pre-share key xxxxxxxxxxxx

authentication local pre-share key xxxxxxxxxxxx

lifetime 10800


crypto ipsec transform-set gcp-tset-1 esp-aes esp-sha-hmac

mode tunnel


crypto ipsec profile gcp-ipsec-profile-1

set transform-set gcp-tset-1

set pfs group14

set ikev2-profile gcp-ikev2-profile-1


interface Tunnel0

ip address

tunnel source

tunnel mode ipsec ipv4

tunnel destination gcp.gcp.gcp.gcp

tunnel protection ipsec profile gcp-ipsec-profile-1



And then configure BGP or maybe static routes as required.

After adding in the Tunnel0 interface config it just started working

straight away. So I guess my config was right all along, its just some

other aspect of IPSEC that wasnt happy with something missing… Yay

misleading debug output. :-/

Hope that helps someone else.


Cisco VDSL SNMP oid’s

Subtree : .

Noise Margin (/10):
. 96 Gauge
Actual Power:
. 124 Gauge
Attainable Rate:
. 65969000 Gauge
Speed (kbps):
. 51998000 Gauge

Noise Margin (/10):
. 126 Gauge
Actual Power:
. 86 Gauge
Attainable Rate:
. 23538000 Gauge
Speed (kbps):
. 10448000 Gauge

ASR9K Upgrade

admin install add tftp://x.x.x.x/asr9k-mini-px.pie-5.3.2 synchronous

admin install activate disk0:asr9k-mini-px.pie-5.3.2 synchronous

admin install



install remove inactive


Also beware of


recently did a upgrade on two ASR9k1’s from 4.2.3 to 5.1.3

Thou I didn’t have the space issue, Here is 1 things you can try before hand –

‘admin install remove inactive’

Befogging upgrading you may will want to install the following SMU’s





You will need to install the fpd so it will upgrade the fed upon boot or manually.

had ‘fpd auto-upgrade’ in my admin config. So it did it automatically

This is what we installed after we did the pre-requs:










It’s also possible to re-partitioning the disk to get some extra space(300M). Executing the re-partitioning is not service impacting.

IPv6 Intelligence – MrLooquer

Please, allow us to introduce MrLooquer ->


MrLooquer combines open source intelligence techniques with heuristic and data mining to perform one of the first attempts to create a real map about

IPv6 deployment and its relationship with current networks and protocols.


MrLooquer is born as an open initiative with Creative Commons license focused on:

– Data discovery

– Visual intelligence

– Relationship


Our main goal is to provide a useful tool for security analysts around the world. MrLooquer allows users to make advanced queries through our big data infrastructure to obtain datasets with relationships between domains, IPv4, IPv6, service informations, geolocation, etc…


We’ve released the first version recently. It’s just the bread and butter… We are developing a roadmap that includes, among other things,  threat indicator based on relationships and patterns.


Please, feel free to start using it and we would be thankful for any type of feedback.


Best regards,

MrLooquer team.





IPv6 HSRP Config

Interface vlan777

ipv6 enable



Otherwise, the config looks spot on


Our config looks like:


interface Vlan110

standby version 2

standby 110 ipv6 FE80::1

standby 110 timers 1 3

standby 110 priority 110

standby 110 preempt delay minimum 180

standby 110 authentication xxxx

ipv6 address dead:beef:1::FFFE/64

ipv6 enable

ipv6 nd other-config-flag

ipv6 nd router-preference High

ipv6 pim dr-priority 4294967295

ipv6 dhcp relay destination dead:beef:0::1

ipv6 dhcp relay destination dead:beef:0::2

1 3 4 5 6 7