Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
PDIF Session Recovery
▀ Session Recovery
▄ Cisco ASR 5000 Series Enhanced Feature Configuration Guide
OL-22982-01
Session Recovery
This section examines how the PDIF recovers from two types of failure: migration failures and task failures.
How Session Recovery Works in PDIF
PDIF call traffic is encrypted by the IPSec protocol. When the encrypted packet arrives on the ASR 5000, it first needs
to be decrypted in the data path. The Daughter Card has an IPSec SA to do the decryption. Consequently, it is very
important to have the Daughter Card recover before any software recovery in order to continue call traffic processing.
to be decrypted in the data path. The Daughter Card has an IPSec SA to do the decryption. Consequently, it is very
important to have the Daughter Card recover before any software recovery in order to continue call traffic processing.
IPSec Controller does not send an IPSec Manager death notification to any subsystem. This allows both the Session
Manager and Daughter Card to continue carrying subscriber traffic using NPU flows and IPSec SAs to transmit the data.
Manager and Daughter Card to continue carrying subscriber traffic using NPU flows and IPSec SAs to transmit the data.
It also allows the Daughter Card to continue to receive and decrypt IPSec tunnel data.
When IPSec Manager recovers, IPSec Controller sends the configured PDIF crypto template to the IPSec Manager.
Upon receiving the template, IPSec Manager initializes the template policy and creates the service entry for this
template policy. It also initializes an IKEv2 stack instance. IPSec Manager uses the AAA API to recover calls in bulk.
On receiving a response from the AAA, IPSec Manager repopulates each subscriber policy data structure. It also takes
care of information that needs to be generated dynamically, (reprogramming the Datapath, creating skip lists, etc.)
Upon receiving the template, IPSec Manager initializes the template policy and creates the service entry for this
template policy. It also initializes an IKEv2 stack instance. IPSec Manager uses the AAA API to recover calls in bulk.
On receiving a response from the AAA, IPSec Manager repopulates each subscriber policy data structure. It also takes
care of information that needs to be generated dynamically, (reprogramming the Datapath, creating skip lists, etc.)
To provide faster Datapath recovery without affecting call traffic, Daughter Card Manager is used to repopulate the
Daughter Cards with the SAs faster and more efficiently; meanwhile IPSec Manager and Session Manager can recover
in the background at relatively slower pace without the call data being interrupted.
Daughter Cards with the SAs faster and more efficiently; meanwhile IPSec Manager and Session Manager can recover
in the background at relatively slower pace without the call data being interrupted.
On restart, IPSec Manager allocates the Datapath instance used to update the Daughter Card with the IPSec SAs and to
create an NPU flow mapped to the Daughter Card IPSec SA entry.
create an NPU flow mapped to the Daughter Card IPSec SA entry.
When an IPSec tunnel is established, two IPSec SAs are created: one for receiving encrypted data and another for
encrypting and transmitting encrypted data. In the interests of speed, a standby Daughter Card Manager on a standby
PSC stores IPSec SAs for the whole system.
encrypting and transmitting encrypted data. In the interests of speed, a standby Daughter Card Manager on a standby
PSC stores IPSec SAs for the whole system.
Once the PSC becomes active, Daughter Card Manager quickly programs the Daughter Card with available IPSec SAs.
The most active calls are given priority in order to prevent traffic interruption.
The most active calls are given priority in order to prevent traffic interruption.
Migration vs. Task Failure
Planned migration requires that all the task data be transferred over the new CPU. Task migration time (hence total
outage time) depends upon task size. In general, a longer outage can be anticipated since the whole task has to be
successfully migrated before it can be executed. Task failure, on the other hand, creates a new task that is operational
right away. Thus, it can recover its own session while it services other sessions as they are recovered. So, the perceived
outage is shorter in the case of failure recovery than for a migration.
outage time) depends upon task size. In general, a longer outage can be anticipated since the whole task has to be
successfully migrated before it can be executed. Task failure, on the other hand, creates a new task that is operational
right away. Thus, it can recover its own session while it services other sessions as they are recovered. So, the perceived
outage is shorter in the case of failure recovery than for a migration.