L2TP Client cannot Get the Contents in Local FTP Server after Dialing into R2621 (LNS)

Publication Date:  2012-07-27 Views:  6 Downloads:  0
Issue Description
Networking map: PC―public network-- R2621 (LNS)-- 2403H―FTP server


Alarm Information

1. L2TP client could FTP to local server after dialing into R2621, but the server does not respond and the client is rejected after a while.
2. R2621 Version: VRP1.74-0012.

Handling Process
1) Enter the relevant interface to fragment packets;
 TCP MSS 1200 (it is adjustable on demand)
2) Undo the fast-forwarding of router interface
 undo ip fast-forwarding
Note: Huawei’s routers at lower version do not support the two commands above. It is suggested to upgrade to 1.74-0012 and above.
Root Cause

For troubleshooting, see the following:
1. The switch is attached with PC FTP server directly and no problem occurs, indicating that FTP server runs well;
2. The user that dials into R2621 router successfully could PING through to the address of FTP server, indicating that the connectivity is normal. However, we find that some packets are discarded when pinging -c 2000 and the server. The solution is to split the big packet into small packet. Enter the relevant interface mode (including internal network interface, Virtual-Template1 ): tcp mss 1200. Ping the packet of 2000 and 5000, and no problem occurs. It seems that the problem has been solved, but configuring TCP MSS command means the same for L2TP client to get FTP service. What causes the problem?
3. In case the connectivity is normal, we should consider the stream forwarding of the router. By default, the router enables fast-forwarding which refers to that relevant switching information will generate in high-speed cache when the first packet of data stream is forwarded via query to route table, and the succeeding packets will be forwarded by lookup in high speed cache directly. This greatly reduces the queue process of IP packets and the time for route lookup, improving the throughput of IP packet forwarding. Since the FIB in high-speed cache has been optimized, the speed for lookup has been improved. Additionally, FTP stream is featured by real time when it transmits a file. We usually use a 5-element to describe a data stream, including source IP address, source port number, destination IP address, destination port number, protocol number. All these elements require much more on real-time. Is it the fast forwarding that influences the forwarding of FTP stream? Enter the inbound and outbound direction of interface Virtual-Template1, and execute undo ip fast-forwarding command. The problem is fixed.
4. Commands Required Understanding:
1.【Command】tcp mss value
【View】Interface view
【Parameter】value: specify the maximum value for fragments of TCP packet, with a range of 128~2048.
tcp mss command helps configure the length of maximum fragment of TCP packet, and undo tcp mss command helps undo fragment for TCP packet.
MTU of the interface is defaulted to 1500-byte, so it is required that the sum of encrypted packet header +link layer cost +IP header +TCP packet is less than 1500-byte; that is, it is better to set the fragment of TCP to 1200.
By default, TCP packet is not fragmented.
# Set the maximum number of fragments of TCP packet to 300.
[Quidway-Ethernet0/0/0] tcp mss 300
2, 4.1.20  ip fast-forwarding
【Command】undo ip fast-forwarding
【View】Interface view
ip fast-forwarding command helps enable fast-forwarding at the outbound direction of interface, and undo ip fast-forwarding functions to cancel fast-forwarding. By default, the interface enables fast forwarding at both inbound and outbound directions, fast-forwarding the packets received at the interface. Fast-forwarding is available for high-rate link interface (Ethernet, frame relay, etc.); since the transmission rate of low-rate link is very low, fast-forwarding cannot come into full play.
# Undo fast-forwarding at an interface.
[Quidway-Ethernet0] undo ip fast-forwarding
# Enable fast-forwarding at the inbound direction of the interface.
[Quidway-Ethernet0] ip fast-forwarding inbound
Note: For more details, see VRP1.74 or 3.4 Operation Manual and Command Manual, and also TCP/IP.