Configuring keepalive, Enhancing scalability of per-user configurations – Cisco 10000 User Manual
Page 77
2-17
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 2 Scalability and Performance
Configuring the Cisco 10000 Series Router for High Scalability
Configuring keepalive
The keepalive command sets the keepalive timer for a specific interface. To ensure proper scaling and
to minimize CPU utilization, set the timer for 30 seconds or longer (
). The default value
is 10 seconds.
Example 2-14 Configuring keepalive for a Virtual Template Interface
interface Virtual-Template1
ip unnumbered Loopback1
keepalive 30
no peer default ip address
ppp authentication pap
Enhancing Scalability of Per-User Configurations
To enhance scalability of per-user configurations without changing the router configuration, use the
ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor specific attributes (VSAs)
are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs apply to virtual access
subinterfaces and are processed during PPP authorization.
In releases earlier than Cisco IOS Release 12.2(16)BX1, the lcp:interface-config RADIUS attribute is
used to map sessions to VRFs. This per-user VSA applies to any type of interface configuration,
including virtual access interfaces. Valid values of this VSA are essentially any valid Cisco IOS interface
command; however, not all Cisco IOS commands are supported on virtual access subinterfaces. To
accommodate the requirements of the lcp:interface-config VSA, the per-user authorization process
forces the Cisco 10000 series router to create full virtual access interfaces, which consume more
memory and are less scalable.
In Cisco IOS Release 12.2(16)BX1 and later releases, the ip:vrf-id attribute is used to map sessions to
VRFs. Any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP
configurations on the virtual access interface that is to be created. PPP that is used on a virtual access
interface to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol
(IPCP) session is not established if IP is not configured on the interface. You must configure either the
ip address command or the ip unnumbered command on the interface so that these configurations are
present on the virtual access interface that is to be created. However, specifying the ip address and ip
unnumbered commands on a virtual template interface is not required because any pre-existing IP
configurations are removed when the ip:ip-vrf VSA is installed on the virtual access interface.
Therefore, any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install
IP configurations on the virtual access interface that is to be created.
These per-user VSAs can be applied to virtual access subinterfaces; therefore, the per-user authorization
process does not require the creation of full virtual access interfaces, which improves scalability.