Citrix SD-WAN

PPPoE Sessions

Point-to-Point Protocol over Ethernet (PPPoE) connects multiple computer users on an Ethernet LAN to a remote site through common customer premises appliances, for example; Citrix SD-WAN. PPPoE allows users to share a common Digital Subscriber Line (DSL), cable modem, or wireless connection to the Internet. PPPoE combines the Point-to-Point Protocol (PPP), commonly used in dialup connections, with the Ethernet protocol, which supports multiple users in a LAN. The PPP protocol information is encapsulated within an Ethernet frame.

Citrix SD-WAN appliances use PPPoE to provide support Internet service provider (ISP) to have ongoing and continuous DSL and cable modem connections unlike dialup connections. PPPoE provides each user-remote site session to learn each other’s network addresses through an initial exchange called “discovery”. After a session is established between an individual user and the remote site, for example, an ISP provider, the session can be monitored. Corporations use shared Internet access over DSL lines using Ethernet and PPPoE.

Citrix SD-WAN acts as a PPPoE client. It authenticates with the PPPoE server and obtains dynamic IP address, or uses static IP address to establish PPPoE connections.

The following are required to establish successful PPPoE sessions:

  • Configure virtual network interface (VNI).
  • Unique credentials for creating PPPoE session.
  • Configure WAN link. Each VNI can have only one WAN link configured.
  • Configure Virtual IP address. Each session obtains a unique IP address, dynamic, or static based on the provided configuration.
  • Deploy appliance in bridge mode to use PPPoE with static IP address and configure the interface as “trusted.”
  • Static IP is preferred to have a configuration to force the server proposed IP; if different from the configured static IP, otherwise an error can occur.
  • Deploy appliance as an Edge device to use PPPoE with dynamic IP and configure the interface as “untrusted.”
  • Authentication protocols supported are, PAP, CHAP, EAP-MD5, EAP-SRP.
  • Maximum number of multiple sessions depends on the number of VNIs configured.
  • Create multiple VNIs to support Multiple PPPoE sessions per interface group.

    Note:

    Multiple VNIs are allowed to create with same 802.1Q >VLAN tag.

Limitations for PPPoE configuration:

  • 802.1q VLAN tagging is not supported.
  • EAP-TLS authentication is not supported.
  • Address/Control compression.
  • Deflate Compression.
  • Protocol field compression negotiation.
  • Compression Control Protocol.
  • BSD Compress Compression.
  • IPX protocols.
  • PPP Multi Link.
  • Van Jacobson style TCP/IP header compression.
  • Connection-ID compression option in Van Jacobson style TCP/IP header compression.
  • PPPoE is not supported on LTE interfaces

From Citrix SD-WAN 11.3.1 release, an extra 8 bytes PPPoE header is considered for adjusting TCP Maximum Segment Size (MSS). The extra 8 bytes PPPoE header adjusts the MSS in the synchronize packets based on the MTU.

For information on how to configure PPPoE through Citrix SD-WAN Orchestrator service, see Interfaces.

Monitor PPPoE sessions

You can monitor PPPoE sessions by navigating to the Monitoring > PPPoE page in the SD-WAN GUI.

The PPPoE page provides status information of the configured VNIs with the PPPoE static or dynamic client mode. It allows you to manually start and stop the sessions for troubleshooting purposes from Citrix SD-WAN Orchestrator service.

  • If the VNI is up and ready, the IP and Gateway IP columns shows the current values in the session. It indicates that these are recently received values.
  • If the VNI is stopped or is in failed state, the values are last received values.

    Monitor PPPoE

The State column displays the status of the PPPoE session using three color codes; green, red, yellow, and values. The following table describes the states and descriptions. You can hover over the states to obtain descriptions.

PPPoE session type Color Description
Configured Yellow A VNI is configured with PPPoE. This is an initial state.
Dialing Yellow After a VNI is configured, the PPPoE session state moves to dialing state by starting the PPPoE discovery. Packet information is captured.
Session Yellow VNI is moved from Discovery state to Session state. waiting to receive IP, if dynamic or waiting for acknowledgment from server for the advertised IP, if static.
Ready green IP packets are received and VNI and associated WAN link is ready for use.
Failed red PPP/PPPoE session is terminated. The reason for the failure can be due to Invalid Configuration or fatal error. The session attempts to reconnect after 30 seconds.
Stopped yellow PPP/PPPoE session is manually stopped.
Terminating yellow An intermediate state terminating due to a reason. This state automatically starts after certain duration (5 seconds for normal error or 30 secs for a fatal error).
Disabled yellow The SD-WAN service is disabled.

Troubleshooting PPPoE session failures

On the Monitoring page, when there is a problem in establishing a PPPoE session:

  • Hovering mouse over the Failed status shows the reason for the recent failure.
  • To establish a fresh session or for troubleshooting an active PPPoE session, use the monitoring->PPPoE page and restart the session.
  • If a PPPoE session is stopped manually, it cannot be started until either it is manually started and a configuration change is activated, or service is restarted.

A PPPoE session might fail due to the following reasons:

  • When SD-WAN fails to authenticate itself to the peer due to incorrect username/password in the configuration.

  • PPP negotiation fails - negotiation does not reach the point where at least one network protocol is running.

  • System memory or system resource issue.

  • Invalid/bad configuration (wrong AC name or service name).

  • Failed to open serial port due to operating system error.

  • No response received for the echo packets (link is bad or server is not responding).

  • There were several continuous unsuccessful dialing sessions with in a minute.

After 10 consecutive failures, the reason for the failure is observed.

  • If the failure is normal, it restarts immediately.
  • If the failure is an error then restart reverts for 10 seconds.
  • If the failure is fatal the restart reverts for 30 seconds before restarting.

LCP Echo request packets are generated from SD-WAN for every 60 seconds and failure to receive 5 echo responses is considered as link failure and it re-establishes the session.

PPPoE log file

The SDWAN_ip_learned.log file contains logs related to PPPoE.

To view or download the SDWAN_ip_learned.log file from the SD-WAN GUI, navigate to Appliance Settings > Logging/Monitoring > Log Options. View or download the SDWAN_ip_learned.log file.

PPPoE log

PPPoE Sessions