Re: [AusNOG] Superloop Connect LNS config

[Rhys Hanrahan]

Hey Nathan, thanks for your advice!

I was thinking the same thing about not being reachable. Already confirmed I am 
getting LAC prefixes over BGP and advertising my loopback IP.

However – just to be clear I eventually figured out that as long as I ping with 
a source IP of the loopback address (instead of the interface address) I _can_ 
talk to the LACs. This had me thinking my L2TP traffic is using the interface 
address instead of the loopback as it’s source – however I don’t believe I am 
even getting inbound packets, so my replies aren’t even the issue yet.

I just remembered that there was some mis-understanding during provisioning of 
our Sydney port (because I was asking for a bit of a non-standard config). And 
they ended up changing my allocated inter-connect IPs mid-way through – they 
are entirely different. So it seems entirely likely that someone forgot to 
update some IP addresses on Superloop’s side when that happened.

So maybe it’s not my issue after all. Unfortunately may have to wait for them!

Thanks everyone for your input! Especially on a Friday night.

Rhys Hanrahan | Chief Information Officer
e: r...@nexusone.com.au<mailto:r...@nexusone.com.au>

[www.nexusone.com.au]<http://www.nexusone.com.au/>   [signature_1116663581] 
<http://www.fusiontech.com.au/>

NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS
p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 
Elizabeth Street, Sydney NSW 2000
www.nexusone.com.au<http://www.nexusone.com.au/> | 
www.fusiontech.com.au<http://www.fusiontech.com.au/>

The information in this email and any accompanying attachments may contain; a. 
Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty 
Ltd or third parties; b. Legally privileged information of Fusion Technology 
Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright 
material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third 
parties. If you have received this email in error, please notify the sender 
immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus 
One Pty Ltd does not accept any responsibility for loss or damage arising from 
the use or distribution of this email.

Please consider the environment before printing this email.

From: Nathan Brookfield [mailto:nathan.brookfi...@iperium.com.au]
Sent: Friday, 10 December 2021 7:02 PM
To: Rhys Hanrahan <r...@nexusone.com.au>
Cc: 'ausnog@lists.ausnog.net' <ausnog@lists.ausnog.net>
Subject: RE: [AusNOG] Superloop Connect LNS config

“I couldn’t even ping any LAC addresses with the source IP of my BGP interface”.

Okay that says a lot and if you’re not getting ICMP responses, I’d say the 
LAC’s can’t reach your LNS’s loopback which is either going to be a BGP 
advertisement issue from your end ‘Check your loop is visible in as show ip bgp 
neighbor x.x.x advertised-routes’ and then if it is, absolutely open a case 
with SLC for them to check that they’re accepting it and distributing it to 
there LAC’s.

Nathan Brookfield
General Manager

p: 02 4749 4949 |  1300 592 330  |
e: 
nathan.brookfi...@simtronic.com.au<mailto:nathan.brookfi...@simtronic.com.au>  
|  w: iperium.co

Suite 702, 82 Elizabeth Street, Sydney NSW 2000

[cid:image003.png@01D7EDFF.BBE55010]
Your Connectivity Distributor

DISCLAIMER: This document is intended solely for the named addressee. This 
electronic communication, which includes any files or attachments thereto, 
contains proprietary or confidential information and may be privileged and 
otherwise protected under copyright or other applicable intellectual property 
laws. The use, disclosure, copying or distribution of any of the information 
contained in this document, by any person other than the addressee, is strictly 
prohibited. If you received this document in error, please contact the sender 
immediately and delete all the material from any computer. Confidentiality and 
legal privilege are not waived or lost by reason of mistaken delivery to you. 
Any views or opinions presented are solely those of the author and do not 
necessarily represent those of Iperium.

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. Iperium 
accepts no liability for any damage caused by any virus transmitted by this 
email.

From: Rhys Hanrahan <r...@nexusone.com.au<mailto:r...@nexusone.com.au>>
Sent: Friday, December 10, 2021 6:56 PM
To: Nathan Brookfield 
<nathan.brookfi...@iperium.com.au<mailto:nathan.brookfi...@iperium.com.au>>
Cc: ausnog@lists.ausnog.net<mailto:ausnog@lists.ausnog.net>
Subject: Re: [AusNOG] Superloop Connect LNS config

Hey Nathan,

Unfortunately not seeing any attempts. Possible that my CPE is an issue as I 
pre-configured it and left in plugged in at home this morning on a spare UNI-D 
port, am about to head home to check that. I haven’t setup a capture yet but I 
did setup an ACL and can’t see ANY traffic counters incrementing for anything 
coming from Superloop’s LAC range (unless I do a ping). Good to hear though 
that it’s meant to be identical. I just hope I’ve done something, otherwise 
I’ll be waiting till Monday! Argh.

I’ve done an identical config to what I have for NWB. The only difference now 
is I specified a source-ip of one of the assigned loopback addresses, as 
Superloop’s LACs seem to be a bit more strict about that – I couldn’t even ping 
any LAC addresses with the source IP of my BGP interface – had to be the 
loopback. Source-ip is the only way I found to specify a source address for the 
L2TP traffic – but I might be wrong?

lns-01-eqx-sy3#sh access-lists 110
Extended IP access list 110
    10 permit ip 202.130.216.0 0.0.0.255 any log
    20 permit ip any any (14954 matches)
lns-01-eqx-sy3#

vpdn-group SL_CONNECT_NSW
accept-dialin
  protocol l2tp
  virtual-template 1
dsl-line-info-forwarding
vpn vrf SL_CONNECT_NSW
source-ip 202.130.223.x
local name lns01-eqx-sy3
lcp renegotiation always
l2tp tunnel password 7 xxxx
l2tp tunnel timeout no-session 86400
ip pmtu
ip mtu adjust




Rhys Hanrahan | Chief Information Officer
e: r...@nexusone.com.au<mailto:r...@nexusone.com.au>

[cid:image001.png@01D7EDFF.BBE55010]<http://www.nexusone.com.au/>   
[signature_666662715] <http://www.fusiontech.com.au/>

NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS
p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 
Elizabeth Street, Sydney NSW 2000
www.nexusone.com.au<http://www.nexusone.com.au/> | 
www.fusiontech.com.au<http://www.fusiontech.com.au/>

The information in this email and any accompanying attachments may contain; a. 
Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty 
Ltd or third parties; b. Legally privileged information of Fusion Technology 
Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright 
material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third 
parties. If you have received this email in error, please notify the sender 
immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus 
One Pty Ltd does not accept any responsibility for loss or damage arising from 
the use or distribution of this email.

Please consider the environment before printing this email.


From: Nathan Brookfield 
<nathan.brookfi...@iperium.com.au<mailto:nathan.brookfi...@iperium.com.au>>
Date: Friday, 10 December 2021 at 6:41 pm
To: Rhys Hanrahan <r...@nexusone.com.au<mailto:r...@nexusone.com.au>>
Cc: "ausnog@lists.ausnog.net<mailto:ausnog@lists.ausnog.net>" 
<ausnog@lists.ausnog.net<mailto:ausnog@lists.ausnog.net>>
Subject: Re: [AusNOG] Superloop Connect LNS config

Hi Rhys,

Are you seeing any L2TP tunnels trying to establish, if your moving from NWB 
the VPDN configuration should literally be identical once you put in the local 
address and secrets etc.
Nathan Brookfield
General Manager

p: 1300 592 330  |  m: 0412 266 008 | w: https://Iperium.com.au

Level 7, 82 Elizabeth Street, Sydney NSW 2000<x-apple-data-detectors://4>

Your Connectivity Team


DISCLAIMER: This document is intended solely for the named addressee. This 
electronic communication, which includes any files or attachments thereto, 
contains proprietary or confidential information and may be privileged and 
otherwise protected under copyright or other applicable intellectual property 
laws. The use, disclosure, copying or distribution of any of the information 
contained in this document, by any person other than the addressee, is strictly 
prohibited. If you received this document in error, please contact the sender 
immediately and delete all the material from any computer. Confidentiality and 
legal privilege are not waived or lost by reason of mistaken delivery to you. 
Any views or opinions presented are solely those of the author and do not 
necessarily represent those of Iperium.

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. Iperium 
accepts no liability for any damage caused by any virus transmitted by this 
email.

On 10 Dec 2021, at 18:17, Rhys Hanrahan 
<r...@nexusone.com.au<mailto:r...@nexusone.com.au>> wrote:
Hi Everyone,

Happy Friday.

Just wondering – can anyone help with an example LNS config for Superloop 
Connect NBN perhaps? Have been provisioned in the last few days and trying to 
get a test service online today so that we are OK to get services online next 
week.

Been waiting to hear back from the network team most of the day but I think at 
this point I’m not likely to hear back till Monday, so if anyone has anything 
handy so I might be able to try and get things online over the weekend it’d be 
appreciated. We’re on AAPT NWB at the moment and I’ve done basically the same 
config.

Unfortunately though I have BGP sessions up and can ping the LACs from the 
designated loopbacks, I’m not seeing any dial-in attempts to establish a tunnel 
from any of the LACs, or anything in my L2TP debugs. I do have a CPE connected 
to a test service. I am hoping it’s my end and not theirs!

Thanks all.

Rhys Hanrahan | Chief Information Officer
e: r...@nexusone.com.au<mailto:r...@nexusone.com.au>

[www.nexusone.com.au]<http://www.nexusone.com.au/>   [signature_1759790540] 
<http://www.fusiontech.com.au/>

NEXUS ONE | FUSION TECHNOLOGY SOLUTIONS
p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 
Elizabeth Street, Sydney NSW 2000
www.nexusone.com.au<http://www.nexusone.com.au/> | 
www.fusiontech.com.au<http://www.fusiontech.com.au/>

The information in this email and any accompanying attachments may contain; a. 
Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty 
Ltd or third parties; b. Legally privileged information of Fusion Technology 
Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright 
material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third 
parties. If you have received this email in error, please notify the sender 
immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus 
One Pty Ltd does not accept any responsibility for loss or damage arising from 
the use or distribution of this email.

Please consider the environment before printing this email.

_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net<mailto:AusNOG@lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog