Specifying a Destruct Timeout for L2TP Tunnels and Sessions

You can specify the maximum time period, in the range 10–3600 seconds
(1 hour), for which the router attempts to maintain dynamic destinations, tunnels, and sessions after they have been destroyed. The router uses a timeout of 600 seconds by default.

This command facilitates debugging and other analysis by saving underlying memory structures after the destination, tunnel, or session is terminated.

Any specific dynamic destination, tunnel, or session may not be maintained for this entire time period if the resources must be reclaimed early to allow new tunnels to be established.

When a subscriber is terminated, the server port that hosted the subscriber session is released after the dynamic interface destruct timeout is exceeded. The server port that is released is available for a new incoming-call request (ICRQ) packet that the LAC sends to the LNS. Until the time any server port is available to be used for a new incoming call, new ICRQ packets are denied because of a lack of system resources.

Tip: If you use the l2tp destination lockout timeout command to configure an optional lockout timeout, always configure the destruct timeout to be longer than the lockout timeout. The destruct timeout overrides the lockout timeout—when the destruct timeout expires, all information about the locked out destination is deleted, including the lockout timeout and lockout test settings. See Managing the L2TP Destination Lockout Process.

Related Documentation